I don't think it will work easily.
I tried to get some Windows pcs to join an NT4.0 domain through a masquerading firewall (running Devil Linux).
You might look at "How to write an Lmhosts file for domain validation and other name resolution issues":
http://support.microsoft.com/kb/180094/EN-US/ for Win2000
and
http://support.microsoft.com/kb/314108/EN-US/ for WinXP
...though I couldn't get this to work.
I think it had something to do with (NETBIOS over TCP/IP??) broadcast packets being unable to be routed through the firewall to the machine. Bah! I just gave up, and cached the domain account on the workstation - luckily only needing one user per machine.