NNTPS pointers / NNSP
Julien ÉLIE
julien at trigofacile.com
Thu Oct 28 10:34:42 UTC 2021
Hi Grant,
>> It's worth adding that information in our FAQ if you're OK with that.
>
> Agreed. Yes, I'm okay with it.
>
> Though I might suggest holding off for a little while longer. I have
> managed to use iproute2 policy based routing and stunnel (no iptables
> required) to get INN to act as a client to a TLS enabled NNSP (NNTPS)
> server.
Oh, that's great.
With that setup, is it possible to run only 1 instance of innd,
accepting both unencrypted connections on port 119 and implicit TLS
connections on port 433?
Do you disallow readers? (I am unsure an nnrpd spawned by innd behind
iproute2/stunnel will see that the connection is already encrypted; it
may advertise STARTTLS whereas I think it should not.)
> I'd like to spend some more time working on things, or discuss what I've
> done with someone else interested in reproducing what I've done. Use
> that effort to make the directions consistent.
You could also discuss that in news.software.nntp; maybe other people
are willing to experiment too.
> E.g. is iptables connection marking required or not? -- iptables or
> fancier iproute2 PBR rules achieve the same goal. Also, compare and
> contrast stunnel with socat. The latter of the two sets are how I did
> the client portion.
Well, I'm not a network expert but I am interested in making TLS work
too for article feeding.
>> I can reference the iptables commands you found out. Any other
>> configuration to mention?
>
> Ya. More details on the client and unifying of the server (previous
> message) and client (yet to be fully described) methods.
Also, do you have a working TLS configuration for outgoing feeds
(innfeed, innxmit)?
Can TLS support be similarly added to programs like rnews, inews,
pullnews, nntpsend, etc. with iproute2/stunnel or like?
> But, yes, the spirit is sharing this so that others can utilize it if
> they so choose.
Greatly appreciated!
--
Julien ÉLIE
« Il y a deux sortes de justice : vous avez l'avocat qui connaît bien la
loi, et l'avocat qui connaît bien le juge ! » (Coluche)
More information about the inn-workers
mailing list