PROBLEM: No access to NNTP news servers (or E-mail send/receive - I'll
research E-mail later) and am at the end of my sanity.

I am using GroupWise v6.0-SP3 as E-mail & newsgroup reader.
I've tried EVERYTHING except the right solution!
H-E-L-P!!!

I just added a BM (multi-lingual) v3.7 server to my test network. (CD
from the Novell Software Evaluation Library)
I have applied the latest patches to BM (BM37SP2 & BM37FP3D).
I am using Craig's PROXY.CFG unaltered.
News Proxy is unchecked in NWADMIN.

With IPFLT unloaded I can access Novell's support forums (newsgroups)
and receive/send E-mail.
When I reload IPFLT, I cannot access newsgroups or send/receive
E-mail.
My browser (IE) works AOK with IPFLT loaded as long as I configure IE
to use Proxy server @ BM Private NIC = 192.x.x.4

Here is my environment...

SRVR#4: BM v3.7 on NW6-SP3
....Private NIC = 192.x.x.4
....Public NIC=207.x.x.139 (DSL connected)
....Secondary IP Address=207.x.x.140 (MX record points to here)
....NAT = Static & Dynamic: Static route is from 207.x.x.140
(secondary IP) to 192.x.x.2 (SRVR2: GW)

SRVR#2: GroupWise v6.0-SP3 on NW6-SP3
.... Private NIC = 192.x.x.2
....TCPIP Protocol Configuration:
...LAN Static Routing = Enabled
...Route Table: Destination: Default 0, Next Hop = 192.x.x.4 (BM
SRVR4)
....NAT = Disabled
....I am Using GW to access newsgroups & E-mail

FILTCFG NOTES on SRVR#4 - BM v3.7:
[1] Originally, there was only one NIC listed under Packet Forwarding
Filters => Filters (List of Denied Packets) = Public NIC. I could
NOT access newsgroups.
[2] So I added the Private NIC filter to [#1] and defined an exception
fo that NIC. This caused more confusion (to me, anyway).
[3] If I delete this Private NIC filter, (in an effort to start over),
it comes back when I reboot the server!
[4a] So I configured a filter exception for this Private NIC filter
....Source Interface=Private NIC
....Destination Interfaces=All Interfaces
....Packet Type=Any
....Src Address Type=Any
....Dest Address Type=Any
[4b] I also addes a filter exception for Source=All Interfaces, Type=ICMP, Destn=All Interfaces, so I can PING. Ping works.
[5] Unload the filters & stuff, then REINITIALIZE SERVER...
[6] I now have browser access to the entire Internet (am using HTTP
Prxy)
[7] I do NOT have NNTP access to any newsgroups or E-mail (E-mail
proxy is unchecked in NWADMIN). But right now, I am focusing on access to =newsgroups. Mail will come next.
[8] There are 2 NNTP-ST Filter Exceptions on the Public NIC that were
added by the BM installation (one for each IP address on the Piblic
NIC):
(8a)...
...Source Interface=Public NIC
...Destination Interface=Interface
...Packet Type=NNTP-ST
...Src Addr Type=Host
...Src IP Addr=207.x.x.139 (bound IP address)
...Dest Addr Type=Any Address
(8b)...
...Source Interface=Public NIC
...Destination Interface=Interface
...Packet Type=NNTP-ST
...Src Addr Type=Host
...Src IP Addr=207.x.x.140 (secondary IP address)
...Dest Addr Type=Any Address

AND FINALLY, my TCPIP.CFG File follows (let me know if you need my FILTERS.CFG file):

AutonomousSystem 0
Protocol rip on {
Interface {
Address 207.x.x.139
Port INTEL_EII_EII (NOTE1: This is the Public NIC. NOTE2:
the real NIC name is just INTEL_EII)
Status on
Cost 1
Poison off
SplitHorizon on
UpdateTime 30
GarbageTime 120
ExpireTime 180
OriginateDefault off
Version ripI
Mode normal
}
Interface {
Address 192.x.x.4
Port 3C90XC_2_EII (NOTE: This is the Private NIC. NOTE2:
the real NIC name is 3C90XC_2 )
Status on
Cost 1
Poison off
SplitHorizon on
UpdateTime 30
GarbageTime 120
ExpireTime 180
OriginateDefault off
Version ripI
Mode normal
}
}
Protocol egp off {
}
Protocol ospf off {
Interface {
Address 207.x.x.139
Port INTEL_EII_EII (NOTE1: This is the Public NIC. NOTE2:
the real NIC name is INTEL_EII)
Status on
Cost 1
AreaId 0.0.0.0
Priority 1
RetransmissionInterval 5
TransitDelay 1
HelloInterval 10
RouterDeadInterval 40
Nbma {
PollInterval 120
Neighbor {
}
}
}
Interface {
Address 192.x.x..4
Port 3C90XC_2_EII (NOTE: This is the Private NIC. NOTE2: the
real NIC name is 3C90XC_2 )
Status on
Cost 1
AreaId 0.0.0.0
Priority 1
RetransmissionInterval 5
TransitDelay 1
HelloInterval 10
RouterDeadInterval 40
Nbma {
PollInterval 120
Neighbor {
}
}
}
}
Interface {
Address 207.x.x.139
AddressMask 255.255.255.0
Port INTEL_EII_EII (NOTE1: This is the Public NIC. NOTE2: the
real NIC name is INTEL_EII)
Type lan
RouterDiscovery no
SolicitationAddress multicast
NATStatus Both
PubAddress 207.x.x.140
PrvAddress 192.x.x.2
PrvMask 255.255.255.0
TOSStatus Disabled
TOSValue 0
ARPTimerStatus Disabled
ARPCacheUpdateTimeout 300
ARPCacheStaleTimeout 300
GroupedInterface no
PrimaryInterface no
LBPolicy 0
Arpable yes
NetworkAddress 207.x.x.0
}
Interface {
Address 192.x.x.4
AddressMask 255.255.255.0
Port 3C90XC_2_EII (NOTE: This is the Private NIC. NOTE2: the
real NIC name is 3C90XC_2 )
Type lan
RouterDiscovery no
SolicitationAddress multicast
NATStatus Disabled
TOSStatus Disabled
TOSValue 0
ARPTimerStatus Disabled
ARPCacheUpdateTimeout 300
ARPCacheStaleTimeout 300
GroupedInterface no
PrimaryInterface no
LBPolicy 0
Arpable yes
NetworkAddress 192.x.x.0
}
ForwardIPSourceRouting off
NATFiltering off
Deadgatewaydetection off {
}
LoadBalancing off {
LBInterval 30
}
FaultTolerance off {
FTInterval 2
FTMinError 20
}

=========================
========
Thanks much for the assist.

Regards.