On 09/23/2010 08:20 PM, Kevin J. Cummings wrote: > On 09/23/2010 10:34 PM, JD wrote: >> The firewall is belching these messages: >> >> Sep 23 19:22:39 vger kernel: Dropped by firewall: IN=wlan0 OUT= MAC= >> SRC=192.168.0.8 DST=192.168.0.255 LEN=223 TOS=0x00 PREC=0x00 TTL=64 ID=0 >> DF PROTO=UDP SPT=631 DPT=631 LEN=203 >> >> Thing is, 192.168.0.8 is my wlan0 ip address. >> >> Since port 631 is the internet printing protocol, the packet must be >> getting sent by the cups daemon >> because I configured to print on a network wireless printer. > 192.168.0.255 looks like a BROADCAST address. The packet in question is > being sent to every machine on the 192.168.0/24 network. > > Port 631 is indeed the CUPS port. It looks like CUPS to CUPS communication. > > CUPS is probably looking to "discover" other printers on your network. > >> What should an OUTPUT rule look like to allow these packets to be sent? >> Or is it a problem with my INPUT filters? > Probably a problem with your INPUT filters. I have this input rule: -A INPUT -m state --state NEW -m tcp -p tcp --dport 631 -s 192.168.0.0/24 -j ACCEPT -A INPUT -m state --state NEW -m udp -p udp --dport 631 -s 192.168.0.0/24 -j ACCEPT > Is there any information in > /var/log/secure? Nop! Nothing at all > Something in your firewall rules is not allowing the > packet to be accepted by vger. > > Is cupsd running on vger? Yes! > Did you open up port 631 in your firewall on > vger? (ISTR that it is closed by default.) > Do the above INPUT filters open it up for my lan? If not, then how? -- users mailing list users@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe or change subscription options: https://admin.fedoraproject.org/mailman/listinfo/users Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines
