ZA 5 and local NNTP server (cannot receive body of messages)

Archived from groups: comp.security.firewalls (More info?)

Hi !

I'm seeing a weird issue here.

I'm running a local NNTP (IIS newsserver) newsserver.
It's runs on port 1119 (ISP won't allow the default port 119 ;- )

Have ZA 5 Suite installed.

I can get access to my newsserver (can get grouplist / can collect headers).

But.. I cannot receive the body of the message.

I'm quite lost, because being able to get the headers, but not the body...
sounds very strange.

Disabling the ZA 5 suite solves the issue (but that's not why I installed ZA
... ;- )

Any idea?

If any additional info is needed, just let me know.

Thanks in advance!
3 answers Last reply
More about local nntp server cannot receive body messages
  1. Archived from groups: comp.security.firewalls (More info?)

    "Ronald" <new@reply.only> wrote in
    news:c94co7$3e$1@news3.tilbu1.nb.home.nl:

    > Hi !
    >
    > I'm seeing a weird issue here.
    >
    > I'm running a local NNTP (IIS newsserver) newsserver.
    > It's runs on port 1119 (ISP won't allow the default port 119 ;- )
    >
    > Have ZA 5 Suite installed.
    >
    > I can get access to my newsserver (can get grouplist / can collect
    > headers).
    >
    > But.. I cannot receive the body of the message.
    >
    > I'm quite lost, because being able to get the headers, but not the
    > body... sounds very strange.
    >
    > Disabling the ZA 5 suite solves the issue (but that's not why I
    > installed ZA .. ;- )
    >
    > Any idea?
    >
    > If any additional info is needed, just let me know.
    >

    Do you have a machine with IIS running with a direct connect to the
    Internet or is the machine part of a LAN situation behind something?

    Duane :)
  2. Archived from groups: comp.security.firewalls (More info?)

    "Ronald" <leen@snoekonline.com> wrote in
    news:c97adr$49o$1@news4.tilbu1.nb.home.nl:

    > Hi Duane,
    >
    > My cable connection is connected to a router and I have set NAT to
    > direct incoming request to port 1119 to the local machine.
    > That local machine (that's running IIS/NNTP) is connected to a switch
    > that is connected to the router.
    >
    > Given the fact that I can connect to the newsserver, this seems to be
    > ok (and it was when having this running using ZA 4 Free edition
    > before).
    >
    > Any idea now?
    >
    http://www.petri.co.il/block_ping_traffic_with_ipsec.htm
    http://www.microsoft.com/technet/itsolutions/network/security/ipsecld.msp
    x
    http://www.analogx.com/contents/articles/ipsec.htm
    http://www.uksecurityonline.com/index5.php

    A PFW solution has no business on a machine running IIS.

    Duane :)
  3. Archived from groups: comp.security.firewalls (More info?)

    "Ronald" <new@reply.only> wrote in
    news:c987df$qh0$1@news1.tilbu1.nb.home.nl:

    > Thanks, but that doesn't bring to a solution to my problem.
    >
    > Any1 else?
    >
    > Have a nice day/weekend!
    >
    I think that if you took the time to look at IPsec you'll find that it
    far out classes ZA in many areas when implemented behind a NAT router.

    One thing that IPsec does is run transparent to any application and will
    not interfere as you have indicated ZA is interfering with NNTP and
    headers.

    I think it would be a simple thing to implement the AnalogX Secpol setup
    on the machine and go to the NNTP Server Permit rule and change the port
    from 119 to 1119. and have IPsec provide better protection than a PFW
    solution will ever do in the area of protecting IIS.

    The protection starts with the O/S and its integrated solutions and not
    some 3rd party non-integrated PFW solution trying to protect IIS and the
    O/S.

    Duane :)
Ask a new question

Read More

Firewalls Internet Service Providers Servers Networking