ports/protocol through firewall
Bill Tangren
bjt at aa.usno.navy.mil
Mon Apr 25 17:51:02 UTC 2005
Russ Allbery wrote:
> Bill Tangren <bjt at aa.usno.navy.mil> writes:
>
>
>>I run an nntp server (inn-2.4.1 compiled from source), on a RHEL ES4
>>machine, behind a firewall (that I don't control). I have configured the
>>server to accept secure (SSL) connections on port 563. Access to this
>>server on this port behind the firewall works fine. I asked the firewall
>>admin to open port 563 for nntps traffic. He opened port 563 for tcp
>>traffic only. From outside the firewall, I cannot get access to the news
>>server.
>
>
>>Does anyone know if it is necessary to allow udp traffic as well for inn
>>to work over SSL?
>
>
> No, it's not. Are you sure that your client is connecting directly to
> port 563 and not trying to connect to 119?
>
This is what is in my readers.conf:
auth outside {
require_ssl: true
auth: "ckpasswd -s"
}
access ALL {
newsgroups: *,!junk,!control,!control.*,!usno.aa.test
}
This is how I invoke the server in xinetd:
service nntps
{
socket_type = stream
protocol = tcp
wait = no
user = news
disable = no
server = /news/bin/nnrpd
server_args = -S
}
I could try closing the local 119 port and see if that stops secure
connections, but other than that, I don't know how to check.
Bill Tangren
More information about the inn-workers
mailing list