Firewalled print server

Louis Garcia louisg00 at bellsouth.net
Thu Feb 24 21:22:50 UTC 2005 

On Thu, 2005-02-24 at 11:02 -0500, Ian P. Thomas wrote:
> On Wed, 2005-02-23 at 20:35 -0500, Louis Garcia wrote:
> > I was trying to fix a printing problem and found out I can't print from
> > a fc3 workstation to a fc3 server using cups and ipp if the server is
> > firewalled. The server is using the default rh iptables script and a
> > quick cat through the file shows port 631 open. I would like to keep the
> > server firewalled and still have remote printing. I believe a simple
> > tweak of the iptables script will do the trick. Any suggestions?
> > 
> > -Louis
> 
> Try to do the following:
> 
> Connect to the print server using a web browser by using the IP address
> of the print server followed by :631.  This should give you the CUPS
> Admin Page.  
> 
> Print a test page while running Ethereal on the network interface of the
> server.  This will give you information as to what exactly the firewall
> is blocking.  This solved a print server problem I was having.
> 
> If you are trying to print using UNIX legacy commands, then you need to
> open port 515 on the server as well.
> 
> If you still have not solved the issue, post your iptables script.
> 
> 
> Ian

This is my /etc/sysconfig/iptables script:

# Firewall configuration written by system-config-securitylevel
# Manual customization of this file is not recommended.
*filter
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
:RH-Firewall-1-INPUT - [0:0]
-A INPUT -j RH-Firewall-1-INPUT
-A FORWARD -j RH-Firewall-1-INPUT
-A RH-Firewall-1-INPUT -i lo -j ACCEPT
-A RH-Firewall-1-INPUT -p icmp --icmp-type any -j ACCEPT
-A RH-Firewall-1-INPUT -p 50 -j ACCEPT
-A RH-Firewall-1-INPUT -p 51 -j ACCEPT
-A RH-Firewall-1-INPUT -p udp --dport 5353 -d 224.0.0.251 -j ACCEPT
-A RH-Firewall-1-INPUT -p udp -m udp --dport 631 -j ACCEPT
-A RH-Firewall-1-INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
-A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 22 -j ACCEPT
-A RH-Firewall-1-INPUT -j REJECT --reject-with icmp-host-prohibited
COMMIT


I can't print nor can I get to the cups admin page while the firewall is running.
This is the default script fedora uses. Port 631 is there but does not let anything
in.

Trying to install ethereal but net-snmp is a dependency. net-snmp is dependent of
libnetsnmp.so.5 which I can't find. Which package is this?


-Louis

More information about the fedora-list mailing list