Firewalled print server
Ian P. Thomas
ipt at scraemon.org
Thu Feb 24 22:09:36 UTC 2005
On Thu, 2005-02-24 at 16:22 -0500, Louis Garcia wrote:
> On Thu, 2005-02-24 at 11:02 -0500, Ian P. Thomas wrote:
> > On Wed, 2005-02-23 at 20:35 -0500, Louis Garcia wrote:
> > > I was trying to fix a printing problem and found out I can't print from
> > > a fc3 workstation to a fc3 server using cups and ipp if the server is
> > > firewalled. The server is using the default rh iptables script and a
> > > quick cat through the file shows port 631 open. I would like to keep the
> > > server firewalled and still have remote printing. I believe a simple
> > > tweak of the iptables script will do the trick. Any suggestions?
> > >
> > > -Louis
> >
> > Try to do the following:
> >
> > Connect to the print server using a web browser by using the IP address
> > of the print server followed by :631. This should give you the CUPS
> > Admin Page.
> >
> > Print a test page while running Ethereal on the network interface of the
> > server. This will give you information as to what exactly the firewall
> > is blocking. This solved a print server problem I was having.
> >
> > If you are trying to print using UNIX legacy commands, then you need to
> > open port 515 on the server as well.
> >
> > If you still have not solved the issue, post your iptables script.
> >
> >
> > Ian
>
> This is my /etc/sysconfig/iptables script:
>
> # Firewall configuration written by system-config-securitylevel
> # Manual customization of this file is not recommended.
> *filter
> :INPUT ACCEPT [0:0]
> :FORWARD ACCEPT [0:0]
> :OUTPUT ACCEPT [0:0]
> :RH-Firewall-1-INPUT - [0:0]
> -A INPUT -j RH-Firewall-1-INPUT
> -A FORWARD -j RH-Firewall-1-INPUT
> -A RH-Firewall-1-INPUT -i lo -j ACCEPT
> -A RH-Firewall-1-INPUT -p icmp --icmp-type any -j ACCEPT
> -A RH-Firewall-1-INPUT -p 50 -j ACCEPT
> -A RH-Firewall-1-INPUT -p 51 -j ACCEPT
> -A RH-Firewall-1-INPUT -p udp --dport 5353 -d 224.0.0.251 -j ACCEPT
> -A RH-Firewall-1-INPUT -p udp -m udp --dport 631 -j ACCEPT
This is for udp only. Try adding this line:
-A RH-Firewall-1-INPUT -p tcp --dport 631 -j ACCEPT
This may be removed by the graphical tool, 'Security Level'. I've
written my own script by hand using the excellent book Red Hat Linux
Firewalls by Bill McCarty. I can't stress how good this book is. If
you have some extra cash, buy it.
<snip>
> I can't print nor can I get to the cups admin page while the firewall is running.
> This is the default script fedora uses. Port 631 is there but does not let anything
> in.
With the addition of that line, that should change.
>
> Trying to install ethereal but net-snmp is a dependency. net-snmp is dependent of
> libnetsnmp.so.5 which I can't find. Which package is this?
>
rpm -q --whatprovides libnetsnmp.so.5
Or to find out what all the dependencies are
rpm -q -R ethereal-gnome | xargs rpm -q --whatprovides |
sort --unique
all on one line. The rpm command is worth learning. Check out this
http://www.rpm.org/max-rpm/
I installed ethereal, along with its graphical front end using
System Setting-> Add/Remove Application
Look under the 'System' category under 'System Tools'.
Another way is to do
up2date --install ethereal-gnome
Good luck, and let us know how it turns out.
Ian
More information about the fedora-list
mailing list