[opensuse] firewall settings for printer browsing
Hello listmates, Just wondering if anybody knows off the top of their head which services I need to allow in my firewall in order to allow my OpenSuSE 11.1 system to find printers on the local network. I tried Zeroconf but no luck thus far. Thanks. Boris. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
Boris Epstein wrote:
Hello listmates,
Just wondering if anybody knows off the top of their head which services I need to allow in my firewall in order to allow my OpenSuSE 11.1 system to find printers on the local network. I tried Zeroconf but no luck thus far.
Cups uses udp on port 631. /Per -- Per Jessen, Zürich (26.1°C) -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
On Wed, Jul 1, 2009 at 2:07 PM, Per Jessen
Boris Epstein wrote:
Hello listmates,
Just wondering if anybody knows off the top of their head which services I need to allow in my firewall in order to allow my OpenSuSE 11.1 system to find printers on the local network. I tried Zeroconf but no luck thus far.
Cups uses udp on port 631.
/Per
-- Per Jessen, Zürich (26.1°C)
-- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
Thanks, Per! Opening incoming connections to UDP 631 as well as from UDP 631 does not seem to help... So I am guessing it must be something else involved here. Boris. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
Boris Epstein wrote:
On Wed, Jul 1, 2009 at 2:07 PM, Per Jessen
wrote: Boris Epstein wrote:
Hello listmates,
Just wondering if anybody knows off the top of their head which services I need to allow in my firewall in order to allow my OpenSuSE 11.1 system to find printers on the local network. I tried Zeroconf but no luck thus far.
Cups uses udp on port 631.
Thanks, Per!
Opening incoming connections to UDP 631 as well as from UDP 631 does not seem to help... So I am guessing it must be something else involved here.
Boris, mheck that your cups-server is setup to broadcast the printers - there is a checkbox under the Management tab. /Per -- Per Jessen, Zürich (23.9°C) -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
On Wed, Jul 1, 2009 at 2:55 PM, Per Jessen
Boris Epstein wrote:
On Wed, Jul 1, 2009 at 2:07 PM, Per Jessen
wrote: Boris Epstein wrote:
Hello listmates,
Just wondering if anybody knows off the top of their head which services I need to allow in my firewall in order to allow my OpenSuSE 11.1 system to find printers on the local network. I tried Zeroconf but no luck thus far.
Cups uses udp on port 631.
Thanks, Per!
Opening incoming connections to UDP 631 as well as from UDP 631 does not seem to help... So I am guessing it must be something else involved here.
Boris, mheck that your cups-server is setup to broadcast the printers - there is a checkbox under the Management tab.
/Per
-- Per Jessen, Zürich (23.9°C)
-- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
Why should it matter if I am broadcasting my printers? I am trying to find other printers on the network, not share mine (I got none attached to this machine anyhow, hence I've got nothing to share). Boris. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
Boris Epstein wrote:
On Wed, Jul 1, 2009 at 2:55 PM, Per Jessen
wrote: Why should it matter if I am broadcasting my printers? I am trying to find other printers on the network, not share mine (I got none attached to this machine anyhow, hence I've got nothing to share).
Sorry, I misunderstood - I thought you were sharing printers via cups, and somehow couldn't find them with your client. /Per -- Per Jessen, Zürich (23.6°C) -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Wednesday, 2009-07-01 at 14:47 -0400, Boris Epstein wrote:
Cups uses udp on port 631.
Thanks, Per!
Opening incoming connections to UDP 631 as well as from UDP 631 does not seem to help... So I am guessing it must be something else involved here.
For discovery to work, I think you might need to allow broadcast in to 631. # Note that if you allow specifc ports here it just means that broadcast # packets for that port are not dropped. You still need to set # FW_SERVICES_*_UDP to actually allow regular unicast packets to # reach the applications. # # Format: either # - "yes" or "no" # - list of udp destination ports # # Examples: - "631 137" allow broadcast packets on port 631 and 137 # to enter the machine but drop any other broadcasts # - "yes" do not install any extra drop rules for # broadcast packets. They'll be treated just as unicast # packets in this case. # - "no" drop all broadcast packets before other filtering # rules # # defaults to "no" if not set Like: FW_ALLOW_FW_BROADCAST_INT="ipp netbios-ns netbios-dgm" - -- Cheers, Carlos E. R. -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.9 (GNU/Linux) iEYEARECAAYFAkpLsukACgkQtTMYHG2NR9WKIQCdEAWFZ93WSeoTAmBICbPZRAWa 9yUAnAn/h7yTWGmTpzLRRt/23fEMk6Um =NIzG -----END PGP SIGNATURE----- -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
On Wed, Jul 1, 2009 at 3:02 PM, Carlos E. R.
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
On Wednesday, 2009-07-01 at 14:47 -0400, Boris Epstein wrote:
Cups uses udp on port 631.
Thanks, Per!
Opening incoming connections to UDP 631 as well as from UDP 631 does not seem to help... So I am guessing it must be something else involved here.
For discovery to work, I think you might need to allow broadcast in to 631.
# Note that if you allow specifc ports here it just means that broadcast # packets for that port are not dropped. You still need to set # FW_SERVICES_*_UDP to actually allow regular unicast packets to # reach the applications. # # Format: either # - "yes" or "no" # - list of udp destination ports # # Examples: - "631 137" allow broadcast packets on port 631 and 137 # to enter the machine but drop any other broadcasts # - "yes" do not install any extra drop rules for # broadcast packets. They'll be treated just as unicast # packets in this case. # - "no" drop all broadcast packets before other filtering # rules # # defaults to "no" if not set
Like:
FW_ALLOW_FW_BROADCAST_INT="ipp netbios-ns netbios-dgm"
- -- Cheers, Carlos E. R.
-----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.9 (GNU/Linux)
iEYEARECAAYFAkpLsukACgkQtTMYHG2NR9WKIQCdEAWFZ93WSeoTAmBICbPZRAWa 9yUAnAn/h7yTWGmTpzLRRt/23fEMk6Um =NIzG -----END PGP SIGNATURE----- -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
Thanks Carlos! I just allowed broadcast replys from all UDP ports - and still all I got is one printer (as opposed to 30+ I get when I stop the firewall completely). There's something that is still in the way... Boris. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
Boris Epstein wrote:
I just allowed broadcast replys from all UDP ports - and still all I got is one printer (as opposed to 30+ I get when I stop the firewall completely). There's something that is still in the way...
Can't you check what the firewall is blocking? I don't use the suse firewall setup, but my own firewall script writes a log record for everything that is not let through. /Per -- Per Jessen, Zürich (21.9°C) -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
* Per Jessen
Can't you check what the firewall is blocking? I don't use the suse firewall setup, but my own firewall script writes a log record for everything that is not let through.
/var/log/firewall -- Patrick Shanahan Plainfield, Indiana, USA HOG # US1244711 http://wahoo.no-ip.org Photo Album: http://wahoo.no-ip.org/gallery2 Registered Linux User #207535 @ http://counter.li.org -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
On Wed, Jul 1, 2009 at 4:29 PM, Patrick Shanahan
* Per Jessen
[07-01-09 16:20]: Can't you check what the firewall is blocking? I don't use the suse firewall setup, but my own firewall script writes a log record for everything that is not let through.
/var/log/firewall -- Patrick Shanahan Plainfield, Indiana, USA HOG # US1244711 http://wahoo.no-ip.org Photo Album: http://wahoo.no-ip.org/gallery2 Registered Linux User #207535 @ http://counter.li.org -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
Thanks, Patrick! Looked there - all that was blocked were some IGMP packets. Now as for where the problem lies, it appears that it is avahi-daemon (MDNS) that does the bulk of the sniffing work. I am trying to see what it needs and how to allow it to find those printers... Boris. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
Hello, On Jul 1 13:45 Boris Epstein wrote (shortened):
Just wondering if anybody knows off the top of their head which services I need to allow in my firewall in order to allow my OpenSuSE 11.1 system to find printers on the local network.
See http://bugzilla.novell.com/show_bug.cgi?id=498429 For some background information regarding Firewall settings with YaST see also https://bugzilla.novell.com/show_bug.cgi?id=468426 For basic information regarding CUPS and printing in the network see http://en.opensuse.org/SDB:CUPS_in_a_Nutshell Kind Regards Johannes Meixner -- SUSE LINUX Products GmbH, Maxfeldstrasse 5, 90409 Nuernberg, Germany AG Nuernberg, HRB 16746, GF: Markus Rex -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
participants (5)
-
Boris Epstein
-
Carlos E. R.
-
Johannes Meixner
-
Patrick Shanahan
-
Per Jessen