On Wed, Jul 1, 2009 at 2:07 PM, Per Jessen wrote:

Boris Epstein wrote:

...

Hello listmates,

Just wondering if anybody knows off the top of their head which services I need to allow in my firewall in order to allow my OpenSuSE 11.1 system to find printers on the local network. I tried Zeroconf but no luck thus far.

Cups uses udp on port 631.

/Per

-- Per Jessen, Zürich (26.1°C)

-- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org

Thanks, Per! Opening incoming connections to UDP 631 as well as from UDP 631 does not seem to help... So I am guessing it must be something else involved here. Boris. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org

On Wed, Jul 1, 2009 at 2:55 PM, Per Jessen wrote:

Boris Epstein wrote:

...

On Wed, Jul 1, 2009 at 2:07 PM, Per Jessen wrote:

...

Boris Epstein wrote:

...

Hello listmates,

Just wondering if anybody knows off the top of their head which services I need to allow in my firewall in order to allow my OpenSuSE 11.1 system to find printers on the local network. I tried Zeroconf but no luck thus far.

Cups uses udp on port 631.

Thanks, Per!

Opening incoming connections to UDP 631 as well as from UDP 631 does not seem to help... So I am guessing it must be something else involved here.

Boris, mheck that your cups-server is setup to broadcast the printers - there is a checkbox under the Management tab.

/Per

-- Per Jessen, Zürich (23.9°C)

-- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org

Why should it matter if I am broadcasting my printers? I am trying to find other printers on the network, not share mine (I got none attached to this machine anyhow, hence I've got nothing to share). Boris. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Wednesday, 2009-07-01 at 14:47 -0400, Boris Epstein wrote:

...

Cups uses udp on port 631.

Thanks, Per!

Opening incoming connections to UDP 631 as well as from UDP 631 does not seem to help... So I am guessing it must be something else involved here.

For discovery to work, I think you might need to allow broadcast in to 631. # Note that if you allow specifc ports here it just means that broadcast # packets for that port are not dropped. You still need to set # FW_SERVICES_*_UDP to actually allow regular unicast packets to # reach the applications. # # Format: either # - "yes" or "no" # - list of udp destination ports # # Examples: - "631 137" allow broadcast packets on port 631 and 137 # to enter the machine but drop any other broadcasts # - "yes" do not install any extra drop rules for # broadcast packets. They'll be treated just as unicast # packets in this case. # - "no" drop all broadcast packets before other filtering # rules # # defaults to "no" if not set Like: FW_ALLOW_FW_BROADCAST_INT="ipp netbios-ns netbios-dgm" - -- Cheers, Carlos E. R. -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.9 (GNU/Linux) iEYEARECAAYFAkpLsukACgkQtTMYHG2NR9WKIQCdEAWFZ93WSeoTAmBICbPZRAWa 9yUAnAn/h7yTWGmTpzLRRt/23fEMk6Um =NIzG -----END PGP SIGNATURE----- -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org

Boris Epstein wrote:

I just allowed broadcast replys from all UDP ports - and still all I got is one printer (as opposed to 30+ I get when I stop the firewall completely). There's something that is still in the way...

Can't you check what the firewall is blocking? I don't use the suse firewall setup, but my own firewall script writes a log record for everything that is not let through. /Per -- Per Jessen, Zürich (21.9°C) -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org

On Wed, Jul 1, 2009 at 4:29 PM, Patrick Shanahan wrote:

* Per Jessen [07-01-09 16:20]:

...

Can't you check what the firewall is blocking?  I don't use the suse firewall setup, but my own firewall script writes a log record for everything that is not let through.

/var/log/firewall -- Patrick Shanahan         Plainfield, Indiana, USA        HOG # US1244711 http://wahoo.no-ip.org     Photo Album:  http://wahoo.no-ip.org/gallery2 Registered Linux User #207535                    @ http://counter.li.org -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org

Thanks, Patrick! Looked there - all that was blocked were some IGMP packets. Now as for where the problem lies, it appears that it is avahi-daemon (MDNS) that does the bulk of the sniffing work. I am trying to see what it needs and how to allow it to find those printers... Boris. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org