Hello, On Dec 22 12:53 Carlos E. R. wrote (shortened):
... for setting a cups network server, you need also to reconfigure the server, which I think the web interface doesn't do,
The CUPS web interface has a few predefined settings to configure the cupsd.
... open the firewall, which, if I recall correctly, YaST does.
The YaST printer module does not open ports in the firewall because whenever you need it for printing in the network, you are in a problematic network environment (nobody lets arbitraty users print on his printer). Trusted networks should have well separated network interfaces so that those network interfaces can be assigned to the INT zone to have the trusted network well separated from the rest, see "Regarding firewall" at http://en.opensuse.org/SDB:CUPS_in_a_Nutshell Anything else is a problematic mix-up of trusted and non-trusted stuff in one same network environment. E.g. when both the internal network and the connection to the Internet happens via one same "router-box" device. In such a case this device is the crucial point (in particular the point of possible failure) regarding network security. Such kind of firewall setup to deal with such cases must be done via yast2-firewall which is THE tool for any more sophisticated firewall setup. By the way: An active firewall for the INT zone does not make sense because this makes the "INT" zone effectively "EXT". Just opening ports in the EXT zone also does not make much sense because allow any access from any host or network to particular ports does not provide any protection for this ports. As far as I see the only reason for a firewall setup which is only based upon ports is when certain services are listening but access should be allowed only to some of them (e.g. allow access to the HTTP server but do not allow access to whatever other running server). I instead of opening ports for arbitrary access one should first and foremost specify in the firewall setup which hosts and networks are trusted. Then the question which ports/services are allowed to be accessed from the trusted hosts and networks becomes of secondary importance. The easiest, simplest and safest way to do this is when trusted networks have well separated network interfaces so that those network interfaces can be assigned to the INT zone. Of course this means to have at least two network interface cards to have the trusted (internal) network well separated from the rest (i.e. from the network interface card which provides the connection to the Internet). Kind Regards Johannes Meixner -- SUSE LINUX Products GmbH, Maxfeldstrasse 5, 90409 Nuernberg, Germany AG Nuernberg, HRB 16746, GF: Markus Rex -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org