On Thu, 2005-02-24 at 16:22 -0500, Louis Garcia wrote: > On Thu, 2005-02-24 at 11:02 -0500, Ian P. Thomas wrote: > > On Wed, 2005-02-23 at 20:35 -0500, Louis Garcia wrote: > > > I was trying to fix a printing problem and found out I can't print from > > > a fc3 workstation to a fc3 server using cups and ipp if the server is > > > firewalled. The server is using the default rh iptables script and a > > > quick cat through the file shows port 631 open. I would like to keep the > > > server firewalled and still have remote printing. I believe a simple > > > tweak of the iptables script will do the trick. Any suggestions? > > > > > > -Louis > > > > Try to do the following: > > > > Connect to the print server using a web browser by using the IP address > > of the print server followed by :631. This should give you the CUPS > > Admin Page. > > > > Print a test page while running Ethereal on the network interface of the > > server. This will give you information as to what exactly the firewall > > is blocking. This solved a print server problem I was having. > > > > If you are trying to print using UNIX legacy commands, then you need to > > open port 515 on the server as well. > > > > If you still have not solved the issue, post your iptables script. > > > > > > Ian > > This is my /etc/sysconfig/iptables script: > > # Firewall configuration written by system-config-securitylevel > # Manual customization of this file is not recommended. > *filter > :INPUT ACCEPT [0:0] > :FORWARD ACCEPT [0:0] > :OUTPUT ACCEPT [0:0] > :RH-Firewall-1-INPUT - [0:0] > -A INPUT -j RH-Firewall-1-INPUT > -A FORWARD -j RH-Firewall-1-INPUT > -A RH-Firewall-1-INPUT -i lo -j ACCEPT > -A RH-Firewall-1-INPUT -p icmp --icmp-type any -j ACCEPT > -A RH-Firewall-1-INPUT -p 50 -j ACCEPT > -A RH-Firewall-1-INPUT -p 51 -j ACCEPT > -A RH-Firewall-1-INPUT -p udp --dport 5353 -d 224.0.0.251 -j ACCEPT > -A RH-Firewall-1-INPUT -p udp -m udp --dport 631 -j ACCEPT This is for udp only. Try adding this line: -A RH-Firewall-1-INPUT -p tcp --dport 631 -j ACCEPT This may be removed by the graphical tool, 'Security Level'. I've written my own script by hand using the excellent book Red Hat Linux Firewalls by Bill McCarty. I can't stress how good this book is. If you have some extra cash, buy it. <snip> > I can't print nor can I get to the cups admin page while the firewall is running. > This is the default script fedora uses. Port 631 is there but does not let anything > in. With the addition of that line, that should change. > > Trying to install ethereal but net-snmp is a dependency. net-snmp is dependent of > libnetsnmp.so.5 which I can't find. Which package is this? > rpm -q --whatprovides libnetsnmp.so.5 Or to find out what all the dependencies are rpm -q -R ethereal-gnome | xargs rpm -q --whatprovides | sort --unique all on one line. The rpm command is worth learning. Check out this http://www.rpm.org/max-rpm/ I installed ethereal, along with its graphical front end using System Setting-> Add/Remove Application Look under the 'System' category under 'System Tools'. Another way is to do up2date --install ethereal-gnome Good luck, and let us know how it turns out. Ian
