ports/protocol through firewall
bjt at aa.usno.navy.mil
Mon Apr 25 17:46:30 UTC 2005
Kristian Koehntopp wrote:
> Am Montag 25 April 2005 19:10 schrieb Bill Tangren:
>>Does anyone know if it is necessary to allow udp traffic as well for inn
>>to work over SSL?
> nntp and nntps work over TCP and to not use UDP.
> You can test access to your server with
> $ openssl s_client -connect white.intern.koehntopp.de:563
> You should see a certificate exchange, resulting in - among other things - a
> SSL handshake and a NNRP or NNTP server banner like so:
> SSL handshake has read 1485 bytes and written 340 bytes
> New, TLSv1/SSLv3, Cipher is DHE-RSA-AES256-SHA
> Server public key is 1024 bit
> 200 white.koehntopp.de InterNetNews NNRP server INN 2.4.1 ready (posting ok).
> Now try a few commands like "list active" or "quit":
Thanks for the reply. This is what I get (amongst other things) from
behind the firewall:
SSL handshake has read 1637 bytes and written 340 bytes
New, TLSv1/SSLv3, Cipher is DHE-RSA-AES256-SHA
Server public key is 1024 bit
Protocol : TLSv1
Cipher : DHE-RSA-AES256-SHA
Key-Arg : None
Krb5 Principal: None
Start Time: 1114450569
Timeout : 300 (sec)
Verify return code: 18 (self signed certificate)
200 aa.usno.navy.mil InterNetNews NNRP server INN 2.4.1 ready (posting ok).
480 Authentication required for command
I don't see anything that indicated (to my eyes, anyway) that this is
I have a local firewall, called firestarter on another machine. I notice
that when I tell it to open a port for nntps, this is what shows up in
ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:563
ACCEPT udp -- 0.0.0.0/0 0.0.0.0/0 udp dpt:563
Firestarter opens port 563 for tcp and udp. That doesn't mean that inn
uses udp, only that there must be some newsgroup servers that do (or
firestarter is configured badly).
Any ideas why I cannot connect through the firewall?
More information about the inn-workers