An RMI Server opens a socket on a particular port, let's say 1099 (which is used in most cases). Then it listens on that port for incoming requests. If a request comes in, the server handles the requests, opens another socket on a different port and sends back the response using the newly created socket. With this behaviour you cannot configure your firewall to work properly with RMI.
There are two possibilities:
1. You can tunnel RMI with HTTP
2. You control the assignment of the ports to the sockets
The first possibility is described in sun's online training, and the alternative approach is described in an article of javacoding.net.