makes perfect sense if you read the line
"netsh interface portproxy add v4tov6 listenport=1119 connectaddress=mynewsserver.ipv6.address.com
proxies port 1119 to 119, basically pushes all the traffic out from 1119 down a 4to6 tunnel and vice versa, appearing as port 119 in IPV6 land (the correct port for NNTP)
I was using Grabbit (excellent workhorse, highly reccomend), but didnt work (cos of the firewall) then tried Altbinz (when discovered the firewall problem, now Grabbit works fine with the firewall off)
You are correct about the port 3491 changing on each connect, but I tried adding the executable to the exclusions, with the scope set to "Any computer on the Internet" (keep in mind I am using the plain old M$ firewall.
When u say "Any" I entered the rule using netsh
netsh firewall add portopening ALL 119 AltBinz-119 ENABLE ALL
but if I used something like (probly not correct, just Illustrating a point)
netsh firewall add portopening ALL ALL AltBinz-119 ENABLE ALL
then there would be no point in having a firewall ??
My thought was that the traffic is actually being sent/recieved via the process that is running the IPV6 "Tunnel", which I had assumed was wininet.dll (or svchost.exe, as I saw that in the list of connections with "netstat" on the ports in question) and as that isnt in the list of exclusions then traffic was being dropped flow. But as it is a system dll I assumed that it would be allowed access.
Some people may ask "Why bother", IPV6 tunnels etc, well one simple reason, free (yes free, and fast) binary Usenet access. I am not blessed with huge amounts of cash, so anything that can help is a great help.