On 6 Feb 2005, at 18:54, Robert L Cochran wrote:
I'm trying to allow my print server on 192.168.1.160 to communicate with my machine. Otherwise, I don't seem able to print to my Laserjet. It seems to be doing that by sending TCP packets to port 1023. So I added this rule to my firewall:
-A RH-Firewall-1-INPUT -p tcp -m state --state NEW -m tcp --dport 1023 -j ACCEPT
But the packets still get rejected:
Feb 6 12:26:04 bobcp4 kernel: Packet dropped..IN=eth1 OUT= MAC=00:11:09:61:11:6b:00:c0:02:55:52:55:08:00 SRC=192.168.1.160 DST=192.168.1.14 LEN=44 TOS=0x00 PREC=0x00 TTL=30 ID=34854 PROTO=TCP SPT=515 DPT=1023 WINDOW=1024 RES=0x00 ACK PSH SYN URGP=0
I also had 2 other rules:
# -A RH-Firewall-1-INPUT -s 192.168.1.160 -p tcp -m state --state NEW,ESTABLISHED,RELATED -j ACCEPT
# -A RH-Firewall-1-INPUT -s 192.168.1.160 -p udp -m state --state NEW,ESTABLISHED,RELATED -j ACCEPT
They are shown commented out, but when I uncommented them the effect was the same as above: again the packets were rejected and nothing printed. Any idea of what I am doing wrong? Port 631 is open.
Where did you insert your rule? Make sure there is no DENY ALL rule before the one you added. It's very common in firewall rulesets to end the set with a DENY ALL rule. Thus, any rule you append will be useless.
