1. '''Callbacks'''. OPC Server uses callback mechanism for client subscription. This means that OPC Client should behave as server including all security matters. If client not appropriately configured this will lead to the following situation: the connection to the server established successfully, but subscribed items are not updated. 

2. '''Firewall Issues'''. The DCOM behavior differs from other standard servers. It would not send respond to the IP of the client, but would re-resolve its SMB name (without domain). Therefore, the simple SNAT/DNAT firewalls are not enough to establish connection from the NATed computer.

The way how it could be organized:
    a) SNAT/DNAT firewall for request going from specific IP:
{{{
        iptables -t nat -N dcom
        iptables -t nat -A dcom -m state --state ESTABLISHED -j RETURN
        iptables -t nat -A dcom -m state --state RELATED -j RETURN
        iptables -t nat -A dcom -p tcp --tcp-flags SYN,ACK SYN,ACK -j RETURN
        iptables -t nat -A dcom -j DNAT --to-destination 192.168.25.6
        iptables -t nat -A PREROUTING -p tcp -s 141.52.64.38 -j dcom
}}}
    b) The VM PC name should be aliased in samba configuration at the main host:
{{{
        netbios aliases = ZeusVM
}}}
    c) The VM PC should not register in WINS and DHCP, because the server
    would get the dummy IP of the client out of there in that case.


3. '''Allowing Remote Access'''
 * Firewall issues. The initial connection is made on 135 port, but afterwards dynamic ports are used by both sides... There are document describing appropriate firewall configuration.
 * On WinXP the remote access should be allowed to the computer. In order to allow it, simply try to share single folder.
 * Main tool is dcomcnfg. The access and execution should be allowed to appropriate users. Some times limits should be set for ANONYMOUS LOGON as well (to be checked if it is not necessary). Besides that DCOM services could be configured to run under different credentials (Current User, Interactive User, System Service, Specified User)... This users should have access to client computer for establishing callback connection...
 * If domains are not used. The Windows authorization may be achieved by creating on the both PC's identical users with the same username and the same password.