Hello, On Oct 27 10:27 Ludwig Nussel wrote (shortened):
On Monday, 2008-10-27 at 09:23 +0100, Ludwig Nussel wrote:
Birger Kollstrand wrote:
I noticed that the internal firewall blocks by default for CUPS printers in the network.
Is this by the design or is it a bug?
The external zone by default has no ports open. That's intentional of course.
Exactly. And it is intentional that the YaST printer module does not open ports in the external zone. And for the internal zone, all is open by default so that there is no need that the YaST printer module can open ports in the internal zone.
Opening the port in the external zone is not necessarily the correct thing to do anyways
In 99.99% of the cases it is plain worng to have open IPP ports in the external zone (nobody lets arbitraty external users access his printing system).
better set your LAN interface to internal (ie unprotected).
Exactly. Read http://en.opensuse.org/SDB:CUPS_in_a_Nutshell ----------------------------------------------------------------- Configuring CUPS in the Network ... Regarding firewall: In particular note that port 631 TCP and UDP must be allowed in firewall settings, see the above section "The Spooler". In the YaST firewall module there are predefined "services" for IPP so that it should be easiest to use the YaST firewall module. Check if a firewall is active for a network zone in which services should be used which require trusted users (nobody lets arbitraty users print on his printer). By default the Suse firewall allows any access via a network interface which belongs to the "internal zone" because this zone is trusted by default. If the CUPS server and the client systems are in an internal network and when you trust all what there is in your internal network, your network interface must be set to be in the "internal zone". It doesn't make sense to have a network setup in a trusted internal network with a network interface which belongs to the untrusted "external zone" (which is the default to be safe). In particular do not disable firewall protection for CUPS (i.e. for IPP which uses TCP port 631 and UDP port 631) for the untrusted "external zone". ----------------------------------------------------------------- Kind Regards Johannes Meixner -- SUSE LINUX Products GmbH, Maxfeldstrasse 5, 90409 Nuernberg, Germany AG Nuernberg, HRB 16746, GF: Markus Rex -- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-factory+help@opensuse.org