[opensuse] Printing problem : firewall ?
Hi, On the laptop of my daughter it's not possible to print to a CUPS-printer on a server without disabling the firewall of the laptop. First I had the wireless lan in the external zone, and defined exceptions for IPP in the advanced setup, both TCP and UDP. Did not work. Then I modified the WiFi interface to the internal zone, and checked the 'protect firewall from internal zone'. I also added exceptions for IPP on TCP and UDP. I also tried using the port number : 631. But nothing works. Only disabling the firewall completely enables me to print. What am I doing wrong ? Running Opensuse 12.3. Thanks for any pointers. BTW, I want to use "external zone" because the laptop can be used anywhere, not just at home behind a decent (I hope) firewall. Regards, Koenraad Lelong -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
On Tue, Jan 14, 2014 at 12:33:20PM +0100, Koenraad Lelong wrote:
Hi,
On the laptop of my daughter it's not possible to print to a CUPS-printer on a server without disabling the firewall of the laptop.
First I had the wireless lan in the external zone, and defined exceptions for IPP in the advanced setup, both TCP and UDP. Did not work. Then I modified the WiFi interface to the internal zone, and checked the 'protect firewall from internal zone'. I also added exceptions for IPP on TCP and UDP. I also tried using the port number : 631. But nothing works. Only disabling the firewall completely enables me to print. What am I doing wrong ?
Running Opensuse 12.3.
Thanks for any pointers.
BTW, I want to use "external zone" because the laptop can be used anywhere, not just at home behind a decent (I hope) firewall.
If you the zone just to internal it works? The proteect firewall from internal zone would likely cause the same thing as external zone. Can you sniff with tcpdump what packets/ports are trying to be connected? Port 631 or IPP should actually be it as far as I know :/ Ciao, Marcus -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
On Tue, 14 Jan 2014 16:30:01 +0100
Marcus Meissner
On Tue, Jan 14, 2014 at 12:33:20PM +0100, Koenraad Lelong wrote:
Hi,
On the laptop of my daughter it's not possible to print to a CUPS-printer on a server without disabling the firewall of the laptop.
First I had the wireless lan in the external zone, and defined exceptions for IPP in the advanced setup, both TCP and UDP. Did not work. Then I modified the WiFi interface to the internal zone, and checked the 'protect firewall from internal zone'. I also added exceptions for IPP on TCP and UDP. I also tried using the port number : 631. But nothing works. Only disabling the firewall completely enables me to print. What am I doing wrong ?
Running Opensuse 12.3.
Thanks for any pointers.
BTW, I want to use "external zone" because the laptop can be used anywhere, not just at home behind a decent (I hope) firewall.
If you the zone just to internal it works?
The proteect firewall from internal zone would likely cause the same thing as external zone.
Can you sniff with tcpdump what packets/ports are trying to be connected?
Port 631 or IPP should actually be it as far as I know :/
Ciao, Marcus
Konraad, What OS are you using and which version? Also which desktop is it? Further what brand and model of printer and how is it connected? Are you printing over your network or a USB connected to the laptop? Are both the CUPS server and the laptop set up for the correct port number in each firewall? (LPD/LPR is 515, 631 internet printing, 9100 HP JetDirect) Tom -- It is curious that physical courage should be so common in the world, and moral courage so rare. - Mark Twain ^^ --... ...-- / -.- --. --... -.-. ..-. -.-. ^^^^ Tom Taylor - retired penguin - KG7CFC AMD Phenom II x4 955 -- 4GB RAM -- 2x1.5TB sata2 openSUSE 13.1_RC2-x86_64 KDE 4.11.12, FF 24.0, claws-mail 3.9.2 registered linux user 263467 -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
On 1/14/2014 3:33 AM, Koenraad Lelong wrote:
On the laptop of my daughter it's not possible to print to a CUPS-printer on a server without disabling the firewall of the laptop.
First I had the wireless lan in the external zone, and defined exceptions for IPP in the advanced setup, both TCP and UDP. Did not work. Then I modified the WiFi interface to the internal zone, and checked the 'protect firewall from internal zone'
Wait, what?! If you can print by disabling the firewall on the LAPTOP, then why are you dicking around with your network structure? Clearly the problem is in the latptop. Maybe you should tell us a bit about the laptop OS and what ever OS is used for your Cups server? Its possible the laptop is going direct, via Jet-Direct (port 9100), and ignoring your cups server when you disable the firewall laptop. Its also possible your cups server is not serving your local net, but only itself. In any event, If the problem is solved by simply disabling the firewall on her laptop then the problem is not the structure of the network. -- _____________________________________ ---This space for rent--- -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
op 14-01-14 20:20, John Andersen schreef:
On 1/14/2014 3:33 AM, Koenraad Lelong wrote:
On the laptop of my daughter it's not possible to print to a CUPS-printer on a server without disabling the firewall of the laptop.
First I had the wireless lan in the external zone, and defined exceptions for IPP in the advanced setup, both TCP and UDP. Did not work. Then I modified the WiFi interface to the internal zone, and checked the 'protect firewall from internal zone'
Wait, what?!
If you can print by disabling the firewall on the LAPTOP, then why are you dicking around with your network structure?
Clearly the problem is in the latptop.
Maybe you should tell us a bit about the laptop OS and what ever OS is used for your Cups server?
Its possible the laptop is going direct, via Jet-Direct (port 9100), and ignoring your cups server when you disable the firewall laptop. Its also possible your cups server is not serving your local net, but only itself.
In any event, If the problem is solved by simply disabling the firewall on her laptop then the problem is not the structure of the network.
Hi, Who said anything about the structure of the network ? Like I said in my first mail, I'm trying to print to a CUPS-server. That means the printer is defined on the server. That server sends broadcast messages to announce its printers. The clients, in this case the laptop, pick up that announcement and give you a choice of the printers installed on the server. No need to install any drivers on the client. That's why I love CUPS. In my case somehow the firewall refuses to let those broadcasts through when told to (open port IPP=631). So there is definitely something wrong on the laptop, but everything points to the firewall. Now I'm writing this, my network is IPV6 enabled. Is Yast/Susefirewall opening the ports for IPV6 ? Maybe the server only announces on IPV6. I'll have to sniff. B.T.W. I have three laptops that behave like this, two running OS12.3 with KDE4, the third has LXDE I think, it's a netbook. But of those three I only investigated the one I reported about. FWIW, the CUPS-server is Ubuntu 10.04. And my own laptop does not have those problems, but I run shorewall for ipv4 and ipv6. Anyway, thanks for your response. Koenraad -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
On 1/15/2014 3:13 AM, Koenraad Lelong wrote:
First I had the wireless lan in the external zone, and defined exceptions for IPP in the advanced setup, both TCP and UDP. Did not work. Then I modified the WiFi interface to the internal zone, and checked the 'protect firewall from internal zone'
-- _____________________________________ ---This space for rent--- -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
op 15-01-14 19:42, John Andersen schreef:
On 1/15/2014 3:13 AM, Koenraad Lelong wrote:
First I had the wireless lan in the external zone, and defined exceptions for IPP in the advanced setup, both TCP and UDP. Did not work. Then I modified the WiFi interface to the internal zone, and checked the 'protect firewall from internal zone'
That has nothing to do with network structure. That's a configuration-option of the Suse-firewall. Regards, Koenraad. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
Printing from client is broken since last cups patches for recent opensuse versions. See: https://bugzilla.novell.com/show_bug.cgi?id=857372#c47 I suggest you fix it with these commands: systemctl stop cups.path systemctl stop cups.socket systemctl stop cups.service systemctl disable cups.path systemctl disable cups.socket systemctl start cups.service On 01/14/2014 12:33 PM, Koenraad Lelong wrote:
Hi,
On the laptop of my daughter it's not possible to print to a CUPS-printer on a server without disabling the firewall of the laptop.
First I had the wireless lan in the external zone, and defined exceptions for IPP in the advanced setup, both TCP and UDP. Did not work. Then I modified the WiFi interface to the internal zone, and checked the 'protect firewall from internal zone'. I also added exceptions for IPP on TCP and UDP. I also tried using the port number : 631. But nothing works. Only disabling the firewall completely enables me to print. What am I doing wrong ?
Running Opensuse 12.3.
Thanks for any pointers.
BTW, I want to use "external zone" because the laptop can be used anywhere, not just at home behind a decent (I hope) firewall.
Regards,
Koenraad Lelong
-- Florian Gleixner SV des Bibliotheksverbund Bayern, Verbundzentrale im Leibniz-Rechenzentrum Boltzmannstr. 1 85748 Garching Tel.: 089-35831-8824 Fax.: 089-35831-8624 e-mail: gleixner@bib-bvb.de e-mail: gleixner@lrz.de
participants (5)
-
Florian Gleixner
-
John Andersen
-
Koenraad Lelong
-
Marcus Meissner
-
Thomas Taylor