Can't remote admin CUPS even with Allow from ALL

["sean darcy" <seandarcy@xxxxxxxxxxx>]

I have a cups server on 10.10.8.252. It's set up as a raw printer, and 
works, mostly. I can telnet into the server.

But, when I try to remotely admin the server by browsing to 10.10.8.252:631 
I get:

I get 403 Forbidden.

I've tried all sorts of changes to <Location/admin> in cupsd.conf. Here's 
all the uncommented lines in cupsd.conf:

LogLevel error

MaxLogSize 0

MaxCopies 1

Printcap /etc/printcap

FilterLimit 200

<Location /jobs>
#
# You may wish to limit access to job operations, either with Allow
# and Deny lines, or by requiring a username and password.
#
Order Deny,Allow
Deny From All
Allow From 127.0.0.1
Allow From 10.10.8.*
</Location>

<Location /printers>
#
# You may wish to limit access to printers and classes, either with Allow
# and Deny lines, or by requiring a username and password.
#
Order Deny,Allow
Deny From All
Allow From 127.0.0.1
Allow From 10.10.8.*
</Location>

#<Location /printers/name>
#
# You may wish to limit access to printers and classes, either with Allow
# and Deny lines, or by requiring a username and password.
#

## Anonymous access (default)
#AuthType None

## Require a username and password (Basic authentication)
#AuthType Basic
#AuthClass User

## Require a username and password (Digest/MD5 authentication)
#AuthType Digest
#AuthClass User

## Restrict access to local domain
#Order Deny,Allow
#Deny From All
#Allow From .mydomain.com
#</Location>

<Location /admin>
#

AuthType Basic
AuthClass System

## Restrict access to local domain
# Order Deny,Allow
# Deny From All
# Allow From 127.0.0.1
# Allow From 10.10.*
#Encryption Required
</Location>

#
# End of "$Id: cupsd.conf.in,v 1.13 2003/04/10 20:14:04 mike Exp $".
#
# Lines below are automatically generated - DO NOT EDIT
<Location /printers/mfc8600>
Order Deny,Allow
Deny From All
Allow From 127.0.0.1
AuthType None
Allow from All
</Location>
<Location /printers/rawprinter>
Order Deny,Allow
Deny From All
Allow From 127.0.0.1
AuthType None
Allow from All
</Location>
<Location />
Order Deny,Allow
Deny From All
Allow From 127.0.0.1
</Location>
Browsing On
BrowseProtocols cups
BrowseOrder Deny,Allow
BrowseAllow from @LOCAL
BrowseAddress 255.255.255.255
Listen *:631

netstat shows all the sockets are CLOSE_WAIT:

netstat -anp | grep cups
tcp        0      0 0.0.0.0:631             0.0.0.0:*               LISTEN   
   2070/cupsd
tcp        1      0 10.10.8.252:631         10.10.8.1:60378         
CLOSE_WAIT  2070/cupsd
tcp        1      0 10.10.8.252:631         10.10.8.1:60379         
CLOSE_WAIT  2070/cupsd
tcp        0      0 10.10.8.252:631         10.10.8.1:60382         
ESTABLISHED 2070/cupsd
udp        0      0 0.0.0.0:631             0.0.0.0:*                        
   2070/cupsd
unix  3      [ ]         STREAM     CONNECTED     11590  2070/cupsd

I've flushed iptables.

Any help appreciated.

sean