ports/protocol through firewall

Bill Tangren bjt at aa.usno.navy.mil
Mon Apr 25 17:51:02 UTC 2005

Russ Allbery wrote:
> Bill Tangren <bjt at aa.usno.navy.mil> writes:
>>I run an nntp server (inn-2.4.1 compiled from source), on a RHEL ES4
>>machine, behind a firewall (that I don't control). I have configured the
>>server to accept secure (SSL) connections on port 563. Access to this
>>server on this port behind the firewall works fine. I asked the firewall
>>admin to open port 563 for nntps traffic. He opened port 563 for tcp
>>traffic only. From outside the firewall, I cannot get access to the news
>>Does anyone know if it is necessary to allow udp traffic as well for inn
>>to work over SSL?
> No, it's not.  Are you sure that your client is connecting directly to
> port 563 and not trying to connect to 119?

This is what is in my readers.conf:

auth outside {
         require_ssl: true
         auth: "ckpasswd -s"

access ALL {
         newsgroups: *,!junk,!control,!control.*,!usno.aa.test

This is how I invoke the server in xinetd:

service nntps
         socket_type     = stream
         protocol        = tcp
         wait            = no
         user            = news
         disable         = no
         server          = /news/bin/nnrpd
         server_args     = -S

I could try closing the local 119 port and see if that stops secure 
connections, but other than that, I don't know how to check.

Bill Tangren

More information about the inn-workers mailing list