XP SP2 Firewall and Newsreaders

[Guest]

Archived from groups: microsoft.public.windowsxp.security_admin (More info?)

Hello,

I have been trying to get the SP2 firewall to allow NNTP type transfers
without success. The only way I can get my newsreaders to work is by
turning off the firewall, something I don't really want to do.

I am currently using Thunderbird but have tried Xnews and Xana news.
Xnews simply times out while the other two eventually get the articles
but a snail's pace with the firewall on. Turn it off and the news just
zips down.

I have tried:

1) adding the NNTP port (119)
2) adding the secondary NNTP port (563) not sure what to call it
3) adding the service in the "Advanced" tab (should not be necessary?)

What gives?

All ideas are welcome.

Post the answers if you wish but please email to
timl@alcor.concordia.ca
as well.

Thanks!

 

[Malke]

Archived from groups: microsoft.public.windowsxp.security_admin (More info?)

Tim Lapin wrote:

> Hello,
>
> I have been trying to get the SP2 firewall to allow NNTP type
> transfers
> without success. The only way I can get my newsreaders to work is by
> turning off the firewall, something I don't really want to do.
>
> I am currently using Thunderbird but have tried Xnews and Xana news.
> Xnews simply times out while the other two eventually get the articles
> but a snail's pace with the firewall on. Turn it off and the news
> just zips down.
>
> I have tried:
>
> 1) adding the NNTP port (119)
> 2) adding the secondary NNTP port (563) not sure what to call it
> 3) adding the service in the "Advanced" tab (should not be
> necessary?)
>
> What gives?
>
Sorry, no free email support. You also shouldn't require an automatic
email answer to a newsgroup post; most people will simply not bother to
answer you. I'm carefully replying to your first post in this thread
because the second one you made makes sending an email to you
mandatory. No way am I sending my email address to some stranger on
Usenet. You seriously limit your answers that way. Also, posting your
real unmunged email address on Usenet and messageboards will get you
lots of spam. Here is a link explaining that:

http://www.mailmsg.com/SPAM_munging.htm

There is nothing in the XPSP2 firewall (or ZoneAlarm or Sygate) that
needs to be adjusted to allow regular newsgroup posting. I don't often
post with Windows, but I did all last week using Thunderbird on XPSP2
with no problems. If you are running your own NNTP server that is
something different of course, but that's not the impression I get from
your posts. Are you behind a corporate firewall or have some sort of
corporate filtering in place? Using an email proxy?

Malke
--
MS-MVP Windows User/Shell
Elephant Boy Computers
www.elephantboycomputers.com
"Don't Panic"

 

[galen]

Archived from groups: microsoft.public.windowsxp.security_admin (More info?)

In news:timl-9FCCC3.18015104072005@msnews.microsoft.com,
Tim Lapin <timl@alcor.concordia.ca> had this to say:

My reply is at the bottom of your sent message:

> Hello,
>
> I have been trying to get the SP2 firewall to allow NNTP type
> transfers without success. The only way I can get my newsreaders to
> work is by turning off the firewall, something I don't really want to
> do.
>
> I am currently using Thunderbird but have tried Xnews and Xana news.
> Xnews simply times out while the other two eventually get the articles
> but a snail's pace with the firewall on. Turn it off and the news
> just zips down.
>
> I have tried:
>
> 1) adding the NNTP port (119)
> 2) adding the secondary NNTP port (563) not sure what to call it
> 3) adding the service in the "Advanced" tab (should not be
> necessary?)
>
> What gives?
>
> All ideas are welcome.
>
> Post the answers if you wish but please email to
> timl@alcor.concordia.ca
> as well.
>
> Thanks!

Please remember this is JUST an idea. <g> But have you tried Outlook
Express? Where is this firewall? (In other words is it something embedded
with your router or what particular software firewall is this?

Galen
--

"But there are always some lunatics about. It would be a dull world
without them."

Sherlock Holmes

 

[Guest]

Archived from groups: microsoft.public.windowsxp.security_admin (More info?)

In article <eVWQOWQgFHA.1148@TK2MSFTNGP12.phx.gbl>,
"Galen" <galennews@gmail.com> wrote:

>
> Please remember this is JUST an idea. <g> But have you tried Outlook
> Express? Where is this firewall? (In other words is it something embedded
> with your router or what particular software firewall is this?
>
> Galen



Hi Galen,

Thanks for your answer.

The whole point of this is NOT to use Outlook Express. Thunderbird has so
much going for it that it deserves a thorough testing. The same cannot be
said of the others I mention but they are decent contenders nonetheless.

The firewall in question is the Windows XP SP2 built-in firewall. I will
junk this too if it proves incapable of allowing specific applications
and/or their requisite protocols to pass unhindered.

I will try to clarify the question (see my original post for the full
details):

What must I turn on, open up or otherwise alter inside the firewall so that
standard NNTP based newsreaders will work properly?

If the XP firewall is incapable of handling this, should I go back to Zone
Alarm (free version) that I used with Win 2K?

If this is a known problem with Thunderbird, can someone point me at the
relevant info and any workarounds people might have found?

All input is welcome.

--
Tim Lapin
timl@sympatico.ca

 

[Guest]

Archived from groups: microsoft.public.windowsxp.security_admin (More info?)

In article <Ojg7p9QgFHA.1248@TK2MSFTNGP12.phx.gbl>,
Malke <notreally@invalid.com> wrote:

Thanks for your answer.

> Sorry, no free email support. You also shouldn't require an automatic
> email answer to a newsgroup post; most people will simply not bother to
> answer you. I'm carefully replying to your first post in this thread
> because the second one you made makes sending an email to you
> mandatory. No way am I sending my email address to some stranger on
> Usenet. You seriously limit your answers that way. Also, posting your
> real unmunged email address on Usenet and messageboards will get you
> lots of spam. Here is a link explaining that:
>
> http://www.mailmsg.com/SPAM_munging.htm
>
I'm well aware of spam issues; I don't need a lecture on this topic. I
choose not to care owing to very aggressive spam filters coupled with the
realization that your address will eventually get out there.

I prefer emailed replies as I don't have time to check all the newsgroups I
use with regularity. I understand your concerns but I've used usenet for
going on 20 years and it has always been accepted protocol.

Back to the topic at hand.
> There is nothing in the XPSP2 firewall (or ZoneAlarm or Sygate) that
> needs to be adjusted to allow regular newsgroup posting. I don't often
> post with Windows, but I did all last week using Thunderbird on XPSP2
> with no problems. If you are running your own NNTP server that is
> something different of course, but that's not the impression I get from
> your posts. Are you behind a corporate firewall or have some sort of
> corporate filtering in place? Using an email proxy?
>
> Malke

This is our university's news server and I am using my work PC to access it.
I know that it uses the standard NNTP port (119) and other newsreaders on
various platforms work flawlessly. As an example, using my work or home mac
(OS X or OS 9), news always flows freely. Likewise, if I turn off the
firewall, news flows unimpeded. Turn it back on and it slows to a crawl.
Therefore, XP's firewall IS certainly involved, if not the cause.

So the question remains: What must I do to XP's firewall to make it work
right? If it can't do people recommend other free firewalls?

--
Tim Lapin
timl@sympatico.ca

 

[galen]

Archived from groups: microsoft.public.windowsxp.security_admin (More info?)

In news:timl-6EB514.23340904072005@nr-tor01.bellnexxia.net,
Tim Lapin <timl@sympatico.ca> had this to say:

My reply is at the bottom of your sent message:

> This is our university's news server and I am using my work PC to
> access it. I know that it uses the standard NNTP port (119) and other
> newsreaders on various platforms work flawlessly. As an example,
> using my work or home mac (OS X or OS 9), news always flows freely.
> Likewise, if I turn off the firewall, news flows unimpeded. Turn it
> back on and it slows to a crawl. Therefore, XP's firewall IS
> certainly involved, if not the cause.
>
> So the question remains: What must I do to XP's firewall to make it
> work right? If it can't do people recommend other free firewalls?

I am sorry to jump in on this side -- this one being Malke's -- but if it's
a UNIV PC then are you 100% certain (and I'd really consider checking) that
your IT department hasn't gotta application filtering firewall (often
hardware by the way) that's blocking you? You didn't mention that in my
section of the thread. <g> That's where I'd start... They probably have set
rules saying that this application (OE) can access NNTP on port 119 if it's
named <file name> and from <IP in this range> if the credentials of the user
<are this level or above> and that any other application which strives to do
so can not. Just because there's no firewall on YOUR machine other than that
of XP SP2 doesn't mean there isn't one on the network itself. I'd try there.

Galen
--

"But there are always some lunatics about. It would be a dull world
without them."

Sherlock Holmes

 

[timl]

Archived from groups: microsoft.public.windowsxp.security_admin (More info?)

Galen wrote:
> In news:timl-6EB514.23340904072005@nr-tor01.bellnexxia.net,
> Tim Lapin <timl@sympatico.ca> had this to say:
>
> My reply is at the bottom of your sent message:
>
> > This is our university's news server and I am using my work PC to
> > access it. I know that it uses the standard NNTP port (119) and other
> > newsreaders on various platforms work flawlessly. As an example,
> > using my work or home mac (OS X or OS 9), news always flows freely.
> > Likewise, if I turn off the firewall, news flows unimpeded. Turn it
> > back on and it slows to a crawl. Therefore, XP's firewall IS
> > certainly involved, if not the cause.
> >
> > So the question remains: What must I do to XP's firewall to make it
> > work right? If it can't do people recommend other free firewalls?
>
> I am sorry to jump in on this side -- this one being Malke's -- but if it's
> a UNIV PC then are you 100% certain (and I'd really consider checking) that
> your IT department hasn't gotta application filtering firewall (often
> hardware by the way) that's blocking you? You didn't mention that in my
> section of the thread. <g> That's where I'd start... They probably have set
> rules saying that this application (OE) can access NNTP on port 119 if it's
> named <file name> and from <IP in this range> if the credentials of the user
> <are this level or above> and that any other application which strives to do
> so can not. Just because there's no firewall on YOUR machine other than that
> of XP SP2 doesn't mean there isn't one on the network itself. I'd try there.
>
> Galen
> --

Hi Galen,

To answer your points:

No firewall separating our servers from the rest of the university.

I don't use OE, I use Thunderbird, although it would not make a
difference; we don't discriminate based on application type, only IP
range (see next paragraph).

I can access our newsserver from any address in our designated range,
which certainly includes my work computers. Yes there IS a firewall on
my machine; that is what this thread is all about. If I turn it off,
everything works, if I turn it back on, news slows to a crawl.

 

[Guest]

Archived from groups: microsoft.public.windowsxp.security_admin (More info?)

timl wrote:
> Galen wrote:
>
>>In news:timl-6EB514.23340904072005@nr-tor01.bellnexxia.net,
>>Tim Lapin <timl@sympatico.ca> had this to say:
>>
>> My reply is at the bottom of your sent message:
>>
>>
>>>This is our university's news server and I am using my work PC to
>>>access it. I know that it uses the standard NNTP port (119) and other
>>>newsreaders on various platforms work flawlessly. As an example,
>>>using my work or home mac (OS X or OS 9), news always flows freely.
>>>Likewise, if I turn off the firewall, news flows unimpeded. Turn it
>>>back on and it slows to a crawl. Therefore, XP's firewall IS
>>>certainly involved, if not the cause.
>>>
>>>So the question remains: What must I do to XP's firewall to make it
>>>work right? If it can't do people recommend other free firewalls?
>>
>>I am sorry to jump in on this side -- this one being Malke's -- but if it's
>>a UNIV PC then are you 100% certain (and I'd really consider checking) that
>>your IT department hasn't gotta application filtering firewall (often
>>hardware by the way) that's blocking you? You didn't mention that in my
>>section of the thread. <g> That's where I'd start... They probably have set
>>rules saying that this application (OE) can access NNTP on port 119 if it's
>>named <file name> and from <IP in this range> if the credentials of the user
>><are this level or above> and that any other application which strives to do
>>so can not. Just because there's no firewall on YOUR machine other than that
>>of XP SP2 doesn't mean there isn't one on the network itself. I'd try there.
>>
>>Galen
>>--
>
>
> Hi Galen,
>
> To answer your points:
>
> No firewall separating our servers from the rest of the university.
>
> I don't use OE, I use Thunderbird, although it would not make a
> difference; we don't discriminate based on application type, only IP
> range (see next paragraph).
>
> I can access our newsserver from any address in our designated range,
> which certainly includes my work computers. Yes there IS a firewall on
> my machine; that is what this thread is all about. If I turn it off,
> everything works, if I turn it back on, news slows to a crawl.
>

Well, I've solved my problem by using another firewall I knew well from
my Win 2K days: Zone Alarm. All my required traffic flows smoothly
now. It's really more of a workaround, when you think about it. I
tried Kerio and found that it also had problems. I did not try Sigate.

Sorry if I was a mite testy in my other posts. I was just getting
frustrated by a product which was not behaving in a rational way.

You might have noticed my identity flipping around. Since I did not
have a working newsreader, I had to post from different sources. Now I
can be more or less stable.

 

[Guest]

Archived from groups: microsoft.public.windowsxp.security_admin (More info?)

Tim wrote on Mon, 04 Jul 2005 18:01:51 -0400:

> Hello,
>
> I have been trying to get the SP2 firewall to allow NNTP type transfers
> without success. The only way I can get my newsreaders to work is by
> turning off the firewall, something I don't really want to do.
>
> I am currently using Thunderbird but have tried Xnews and Xana news.
> Xnews simply times out while the other two eventually get the articles
> but a snail's pace with the firewall on. Turn it off and the news just
> zips down.
>
> I have tried:
>
> 1) adding the NNTP port (119)
> 2) adding the secondary NNTP port (563) not sure what to call it
> 3) adding the service in the "Advanced" tab (should not be necessary?)

These are only need if you're running your own NNTP server. For reading news
from another server you do not need to open any of these.

It's possible that the news server you are using makes IDENT requests - if
so, you will need to open port 113 for incoming connections. From the sound
of the slow responses this is most likely the issue you are seeing -
dropping the port 113 connection will result in delays of around 30 seconds
at a time, whereas sending a RST (which is what will happen if there's
nothing running on port 113 on the machine) will immediately tell the server
that there is no response and it should continue straight away.

Dan

 

[Guest]

Archived from groups: microsoft.public.windowsxp.security_admin (More info?)

Daniel Crichton wrote:

> It's possible that the news server you are using makes IDENT requests - if
> so, you will need to open port 113 for incoming connections. From the sound
> of the slow responses this is most likely the issue you are seeing -
> dropping the port 113 connection will result in delays of around 30 seconds
> at a time, whereas sending a RST (which is what will happen if there's
> nothing running on port 113 on the machine) will immediately tell the server
> that there is no response and it should continue straight away.
>
> Dan
>
>
Yes! That's it! I opened 113 both as TCP and UDP for good measure and
it works.

Thanks!