Results 1 to 2 of 2

Thread: [SOLVED] IPTABLES (firestarter) Printing Problem

  1. #1
    Join Date
    Feb 2006
    Location
    Cape Coral, Florida USA
    Beans
    29
    Distro
    Ubuntu 8.04 Hardy Heron

    Angry [SOLVED] IPTABLES (firestarter) Printing Problem

    I have a cups server (7.04) which works perfectly with both of my Ubuntu 8.04 Desktops. One of the desktops (mine) does not see the printers as long as the firewall is on.

    Server IP 192.168.1.107 (hostname:hp)
    My workstation IP 192.168.1.109

    I've enabled connections to port 631 from anywhere
    I've turned off ICMP filtering
    I've allowed ANY connections from 192.168.1.107

    As long as the firewall is up I cannot see my printers. If I turn it off - there they be!

    Here is the output of iptables -L, does anyone have any suggestions?
    Code:
    root@s170:~# iptables -L
    Chain INPUT (policy DROP)
    target     prot opt source               destination         
    ACCEPT     tcp  --  hummingbird          anywhere            tcp flags:!FIN,SYN,RST,ACK/SYN 
    ACCEPT     udp  --  hummingbird          anywhere            
    ACCEPT     all  --  anywhere             anywhere            
    ACCEPT     icmp --  anywhere             anywhere            limit: avg 10/sec burst 5 
    DROP       all  --  anywhere             255.255.255.255     
    DROP       all  --  anywhere             192.168.1.255       
    DROP       all  --  BASE-ADDRESS.MCAST.NET/8  anywhere            
    DROP       all  --  anywhere             BASE-ADDRESS.MCAST.NET/8 
    DROP       all  --  255.255.255.255      anywhere            
    DROP       all  --  anywhere             0.0.0.0             
    DROP       all  --  anywhere             anywhere            state INVALID 
    LSI        all  -f  anywhere             anywhere            limit: avg 10/min burst 5 
    INBOUND    all  --  anywhere             anywhere            
    LOG_FILTER  all  --  anywhere             anywhere            
    LOG        all  --  anywhere             anywhere            LOG level info prefix `Unknown Input' 
    
    Chain FORWARD (policy DROP)
    target     prot opt source               destination         
    ACCEPT     icmp --  anywhere             anywhere            limit: avg 10/sec burst 5 
    LOG_FILTER  all  --  anywhere             anywhere            
    LOG        all  --  anywhere             anywhere            LOG level info prefix `Unknown Forward' 
    
    Chain OUTPUT (policy DROP)
    target     prot opt source               destination         
    ACCEPT     tcp  --  s170                 hummingbird         tcp dpt:domain 
    ACCEPT     udp  --  s170                 hummingbird         udp dpt:domain 
    ACCEPT     all  --  anywhere             anywhere            
    DROP       all  --  BASE-ADDRESS.MCAST.NET/8  anywhere            
    DROP       all  --  anywhere             BASE-ADDRESS.MCAST.NET/8 
    DROP       all  --  255.255.255.255      anywhere            
    DROP       all  --  anywhere             0.0.0.0             
    DROP       all  --  anywhere             anywhere            state INVALID 
    OUTBOUND   all  --  anywhere             anywhere            
    LOG_FILTER  all  --  anywhere             anywhere            
    LOG        all  --  anywhere             anywhere            LOG level info prefix `Unknown Output' 
    
    Chain INBOUND (1 references)
    target     prot opt source               destination         
    ACCEPT     tcp  --  anywhere             anywhere            state RELATED,ESTABLISHED 
    ACCEPT     udp  --  anywhere             anywhere            state RELATED,ESTABLISHED 
    ACCEPT     all  --  hp                   anywhere            
    ACCEPT     tcp  --  anywhere             anywhere            tcp dpt:ssh 
    ACCEPT     udp  --  anywhere             anywhere            udp dpt:ssh 
    ACCEPT     tcp  --  anywhere             anywhere            tcp dpt:49152 
    ACCEPT     udp  --  anywhere             anywhere            udp dpt:49152 
    ACCEPT     tcp  --  hp                   anywhere            tcp dpt:ipp 
    ACCEPT     udp  --  hp                   anywhere            udp dpt:ipp 
    LSI        all  --  anywhere             anywhere            
    
    Chain LOG_FILTER (5 references)
    target     prot opt source               destination         
    
    Chain LSI (2 references)
    target     prot opt source               destination         
    LOG_FILTER  all  --  anywhere             anywhere            
    LOG        tcp  --  anywhere             anywhere            tcp flags:FIN,SYN,RST,ACK/SYN limit: avg 1/sec burst 5 LOG level info prefix `Inbound ' 
    DROP       tcp  --  anywhere             anywhere            tcp flags:FIN,SYN,RST,ACK/SYN 
    LOG        tcp  --  anywhere             anywhere            tcp flags:FIN,SYN,RST,ACK/RST limit: avg 1/sec burst 5 LOG level info prefix `Inbound ' 
    DROP       tcp  --  anywhere             anywhere            tcp flags:FIN,SYN,RST,ACK/RST 
    LOG        icmp --  anywhere             anywhere            icmp echo-request limit: avg 1/sec burst 5 LOG level info prefix `Inbound ' 
    DROP       icmp --  anywhere             anywhere            icmp echo-request 
    LOG        all  --  anywhere             anywhere            limit: avg 5/sec burst 5 LOG level info prefix `Inbound ' 
    DROP       all  --  anywhere             anywhere            
    
    Chain LSO (0 references)
    target     prot opt source               destination         
    LOG_FILTER  all  --  anywhere             anywhere            
    LOG        all  --  anywhere             anywhere            limit: avg 5/sec burst 5 LOG level info prefix `Outbound ' 
    REJECT     all  --  anywhere             anywhere            reject-with icmp-port-unreachable 
    
    Chain OUTBOUND (1 references)
    target     prot opt source               destination         
    ACCEPT     icmp --  anywhere             anywhere            
    ACCEPT     tcp  --  anywhere             anywhere            state RELATED,ESTABLISHED 
    ACCEPT     udp  --  anywhere             anywhere            state RELATED,ESTABLISHED 
    ACCEPT     all  --  anywhere             anywhere            
    root@s170:~#
    Please let me know if you need more output. Needless to say, since the server works fine without the firewall active on 192.168.1.109, it is configured properly.

    Any ideas? Thanks in advance.

    - Frank

  2. #2
    Join Date
    Feb 2006
    Location
    Cape Coral, Florida USA
    Beans
    29
    Distro
    Ubuntu 8.04 Hardy Heron

    Re: IPTABLES (firestarter) Printing Problem

    Just after posting this problem I discovered the solution. Apparently Firestarter was configured to block broadcasts from the external network. I unchecked this box and it solved the issue.



    Doh!

    Quote Originally Posted by concord View Post
    I have a cups server (7.04) which works perfectly with both of my Ubuntu 8.04 Desktops. One of the desktops (mine) does not see the printers as long as the firewall is on.

    Server IP 192.168.1.107 (hostname:hp)
    My workstation IP 192.168.1.109

    I've enabled connections to port 631 from anywhere
    I've turned off ICMP filtering
    I've allowed ANY connections from 192.168.1.107

    As long as the firewall is up I cannot see my printers. If I turn it off - there they be!


    Please let me know if you need more output. Needless to say, since the server works fine without the firewall active on 192.168.1.109, it is configured properly.

    Any ideas? Thanks in advance.

    - Frank

Tags for this Thread

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •