LPR ephemeral port problem (below port 1024!)
Dr. Michael J. Chudobiak
mjc at avtechpulse.com
Mon Nov 29 15:00:44 UTC 2004
I just updated a server from FC1 to FC3 over the weekend. Everything
went fine, except that I can no longer communicate with my Netgear PS110
print servers, because the LPR protocol is being blocked. This is
happening because the firewall (iptables built by Guarddog) on my server
is set to block communications that do not use ports 1024-5999 as the
ephemeral ports. For some reason, ports below 1024 are being used when
attempting to print, as /var/log/messages shows:
Nov 29 09:50:39 server2 kernel: DROPPED IN=eth0 OUT=
MAC=00:c0:9f:11:12:da:00:c0:02:de:f7:0d:08:00 SRC=192.168.0.13
DST=192.168.0.3 LEN=44 TOS=0x00 PREC=0x00 TTL=30 ID=1018 PROTO=TCP
SPT=515 DPT=1002 SEQ=668236 ACK=3290477864 WINDOW=1514 RES=0x00 ACK PSH
SYN URGP=0 OPT (020405EA)
(Here, 192.168.0.3 = FC3, 192.168.0.13 = Netgear, 515 = LPR port, 1002 =
dynamic port below 1024!)
cat /proc/sys/net/ipv4/ip_local_port_range gives:
1024 5999
which seems OK.
So the question is - what is causing the use of ports below 1024 for
LPR? (Disabling the firewall makes the problems go away.)
Any help much appreciated!
- Mike
More information about the fedora-list
mailing list