Felipe Alfaro Solana wrote:
On 6 Feb 2005, at 18:54, Robert L Cochran wrote:
I'm trying to allow my print server on 192.168.1.160 to communicate
with my machine. Otherwise, I don't seem able to print to my
Laserjet. It seems to be doing that by sending TCP packets to port
1023. So I added this rule to my firewall:
-A RH-Firewall-1-INPUT -p tcp -m state --state NEW -m tcp --dport
1023 -j ACCEPT
But the packets still get rejected:
Feb 6 12:26:04 bobcp4 kernel: Packet dropped..IN=eth1 OUT=
MAC=00:11:09:61:11:6b:00:c0:02:55:52:55:08:00 SRC=192.168.1.160
DST=192.168.1.14 LEN=44 TOS=0x00 PREC=0x00 TTL=30 ID=34854 PROTO=TCP
SPT=515 DPT=1023 WINDOW=1024 RES=0x00 ACK PSH SYN URGP=0
I also had 2 other rules:
# -A RH-Firewall-1-INPUT -s 192.168.1.160 -p tcp -m state --state
NEW,ESTABLISHED,RELATED -j ACCEPT
# -A RH-Firewall-1-INPUT -s 192.168.1.160 -p udp -m state --state
NEW,ESTABLISHED,RELATED -j ACCEPT
They are shown commented out, but when I uncommented them the effect
was the same as above: again the packets were rejected and nothing
printed. Any idea of what I am doing wrong? Port 631 is open.
Where did you insert your rule? Make sure there is no DENY ALL rule
before the one you added. It's very common in firewall rulesets to end
the set with a DENY ALL rule. Thus, any rule you append will be useless.
There is indeed a global REJECT rule at the end of this chain. But I
added the rule near the start of the chain. There must be something I'm
missing here about the state of the packets.
Bob
