Hello, On Dec 22 18:18 Carlos E. R. wrote (shortened):
On Tuesday, 2009-12-22 at 14:56 +0100, Johannes Meixner wrote: ...
Trusted networks should have well separated network interfaces so that those network interfaces can be assigned to the INT zone to have the trusted network well separated from the rest, ... Or, when the internal network is connected to internet via a not very good router (like those given by the ISP) I consider the internal network to be external, to be a bit on the paranoid side.
Thus, if I need to share a printer, I have to open the firewall, at least, for a range of IPs.
Otherwise, I would need two eths on each computer, or set up a good firewall to internet. All those solutions cost money.
Choose what you prefer: Pay money to get the internal network separated by hardware or pay your time to maintain a sophisticated firewall setup. If internal network traffic uses the same network hardware as the untrusted Internet-related traffic, you cannot be 100% sure that something may get somehow mixed up. For example depending on your internal IPs and what exactly your ISP does, it might be possible that someone from outside could send you packages with a source IP within the range of your internal IPs. In contrast when you use different network interface cards, it is simple and reliably to distinguish internal network traffic from untrusted Internet-related traffic.
At least, YaST cups setup tool can remind the user that perhaps the firewall needs to be opened at such port.
I implemented this in the current up-to-date yast2-printer for openSUSE 11.2, see "Up to date packages for openSUSE 11.2" at http://en.opensuse.org/YaST/Development/Printer_Enhancement The yast2-printer-2.19.2 RPM changelog reads: ----------------------------------------------------------------- * Wed Dec 09 2009 jsmeix@suse.de ... - Added BrowsePoll support for "Print via Network" (see Novell/Suse Bugzilla bnc#433047). ... * Fri Oct 30 2009 jsmeix@suse.de - Added a generic test if a firewall is used to Printerlib.ycp and if yes show popup info to the user regarding CUPS+firewall for the "Print via Network" and "Share Printers" dialogs (see Novell/Suse Bugzilla bnc#549065). ----------------------------------------------------------------- and to the "Print via Network" help text this was added regarding BrowsePoll support: ------------------------------------------------------------------------- If you can access remote CUPS servers for printing but those servers do not publish their printer information via network or when you cannot accept incomming information about published printers (e.g. because you must have firewall protection for the network zone in which printers are published), you can request printer information from CUPS servers (provided the CUPS servers allow your access). For each CUPS server which is requested, a cups-polld process is launched by the CUPS daemon process (cupsd) on your host. By default each cups-polld polls a remote CUPS server every 30 seconds for printer information. ------------------------------------------------------------------------- Kind Regards Johannes Meixner -- SUSE LINUX Products GmbH, Maxfeldstrasse 5, 90409 Nuernberg, Germany AG Nuernberg, HRB 16746, GF: Markus Rex -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org