[gentoo-user] Firewalling and Sambra printer.

[gentoo-user] Firewalling and Sambra printer.

[Pupeno]

[-- Attachment #1: Type: text/plain, Size: 1797 bytes --]

Hello,
I have two computers (that are involved in this problem), phoenix is my Gentoo 
workstation and desktop-1 is someone else's Windows box. Someone else happens 
to have a printer and I don't, so, from time to time I use his printer. The 
printer is shared, obviously, thru SMB (it's a windows box). I configured 
CUPS to connect to it (I just used the KDE Kcontrol to configure it).
My problem is that when I bring up my firewall (a firewall using iptables on 
phoenix, just protecting phoenix) printing stops working. In fact, all access 
to desxtop-1 thru smb stops working.
The firewall is very simple, a simple stateful all-incomming-closed firewall:

# iptables -vL
Chain INPUT (policy DROP 35510 packets, 16M bytes)
 pkts bytes target     prot opt in     out     source               
destination
 329K  558M ACCEPT     all  --  lo     any     anywhere             anywhere
  36M   54G ACCEPT     all  --  any    any     anywhere             anywhere            
state RELATED,ESTABLISHED
    3   228 ACCEPT     icmp --  any    any     anywhere             anywhere            
icmp echo-request limit: avg 30/min burst 5
  120  7057 ACCEPT     icmp --  any    any     anywhere             anywhere
    1    60 ACCEPT     tcp  --  any    any     anywhere             anywhere            
tcp dpt:ssh

Chain FORWARD (policy DROP 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source               
destination

Chain OUTPUT (policy ACCEPT 21M packets, 3426M bytes)
 pkts bytes target     prot opt in     out     source               
destination
phoenix ~ #

Do you know why after bringing up this firewall I can't use the printer 
anymore and/or how to solve it ?

Thank you.
-- 
Pupeno <pupeno@pupeno.com> (http://pupeno.com)

[-- Attachment #2: Type: application/pgp-signature, Size: 198 bytes --]

Re: [gentoo-user] Firewalling and Sambra printer.

[Dale]

Pupeno wrote:
> Hello,
> I have two computers (that are involved in this problem), phoenix is my Gentoo 
> workstation and desktop-1 is someone else's Windows box. Someone else happens 
> to have a printer and I don't, so, from time to time I use his printer. The 
> printer is shared, obviously, thru SMB (it's a windows box). I configured 
> CUPS to connect to it (I just used the KDE Kcontrol to configure it).
> My problem is that when I bring up my firewall (a firewall using iptables on 
> phoenix, just protecting phoenix) printing stops working. In fact, all access 
> to desxtop-1 thru smb stops working.
> The firewall is very simple, a simple stateful all-incomming-closed firewall:
> 
> # iptables -vL
> Chain INPUT (policy DROP 35510 packets, 16M bytes)
>  pkts bytes target     prot opt in     out     source               
> destination
>  329K  558M ACCEPT     all  --  lo     any     anywhere             anywhere
>   36M   54G ACCEPT     all  --  any    any     anywhere             anywhere            
> state RELATED,ESTABLISHED
>     3   228 ACCEPT     icmp --  any    any     anywhere             anywhere            
> icmp echo-request limit: avg 30/min burst 5
>   120  7057 ACCEPT     icmp --  any    any     anywhere             anywhere
>     1    60 ACCEPT     tcp  --  any    any     anywhere             anywhere            
> tcp dpt:ssh
> 
> Chain FORWARD (policy DROP 0 packets, 0 bytes)
>  pkts bytes target     prot opt in     out     source               
> destination
> 
> Chain OUTPUT (policy ACCEPT 21M packets, 3426M bytes)
>  pkts bytes target     prot opt in     out     source               
> destination
> phoenix ~ #
> 
> Do you know why after bringing up this firewall I can't use the printer 
> anymore and/or how to solve it ?
> 
> Thank you.


Well I had a similiar issue a while back.  This is what I did and it worked:


> iptables -I INPUT 2 -p udp --dport 445 --source 192.168.0.0/24 -j ACCEPT
> iptables -I INPUT 2 -p tcp --dport 445 --source 192.168.0.0/24 -j ACCEPT
> iptables -I INPUT 2 -p udp --dport 138 --source 192.168.0.0/24 -j ACCEPT
> iptables -I INPUT 2 -p tcp --dport 138 --source 192.168.0.0/24 -j ACCEPT
> iptables -I INPUT 2 -p udp --dport 139 --source 192.168.0.0/24 -j ACCEPT
> iptables -I INPUT 2 -p tcp --dport 139 --source 192.168.0.0/24 -j ACCEPT
> iptables -I INPUT 2 -p tcp --dport 137 --source 192.168.100.0/24 -j ACCEPT
> iptables -I INPUT 2 -p udp --dport 137 --source 192.168.100.0/24 -j ACCEPT

I got that help from here:

http://forums.gentoo.org/viewtopic-p-3371796.html#3371796

Maybe that will help you some.  Oh, may need to change the ip numbers
where needed.

Dale

:-)  :-)  :-)
-- 
gentoo-user@gentoo.org mailing list

Re: [gentoo-user] Firewalling and Sambra printer.

[Pupeno]

[-- Attachment #1: Type: text/plain, Size: 3741 bytes --]

On Sunday 22 October 2006 22:58, Dale wrote:
> Well I had a similiar issue a while back.  This is what I did and it worked:
> > iptables -I INPUT 2 -p udp --dport 445 --source 192.168.0.0/24 -j ACCEPT
> > iptables -I INPUT 2 -p tcp --dport 445 --source 192.168.0.0/24 -j ACCEPT
> > iptables -I INPUT 2 -p udp --dport 138 --source 192.168.0.0/24 -j ACCEPT
> > iptables -I INPUT 2 -p tcp --dport 138 --source 192.168.0.0/24 -j ACCEPT
> > iptables -I INPUT 2 -p udp --dport 139 --source 192.168.0.0/24 -j ACCEPT
> > iptables -I INPUT 2 -p tcp --dport 139 --source 192.168.0.0/24 -j ACCEPT
> > iptables -I INPUT 2 -p tcp --dport 137 --source 192.168.100.0/24 -j
> > ACCEPT iptables -I INPUT 2 -p udp --dport 137 --source 192.168.100.0/24
> > -j ACCEPT
>
> I got that help from here:
>
> http://forums.gentoo.org/viewtopic-p-3371796.html#3371796
>
> Maybe that will help you some.  Oh, may need to change the ip numbers
> where needed.

Here it didn't, my iptables are now 

# iptables -vL
Chain INPUT (policy DROP 35548 packets, 16M bytes)
 pkts bytes target     prot opt in     out     source               
destination
 343K  561M ACCEPT     all  --  lo     any     anywhere             anywhere
  36M   54G ACCEPT     all  --  any    any     anywhere             anywhere            
state RELATED,ESTABLISHED
    3   228 ACCEPT     icmp --  any    any     anywhere             anywhere            
icmp echo-request limit: avg 30/min burst 5
  120  7057 ACCEPT     icmp --  any    any     anywhere             anywhere
    1    60 ACCEPT     tcp  --  any    any     anywhere             anywhere            
tcp dpt:ssh
    0     0 ACCEPT     udp  --  any    any     192.168.0.0/24       anywhere            
udp dpt:microsoft-ds
    0     0 ACCEPT     tcp  --  any    any     192.168.0.0/24       anywhere            
tcp dpt:microsoft-ds
    2   467 ACCEPT     udp  --  any    any     192.168.0.0/24       anywhere            
udp dpt:netbios-dgm
    0     0 ACCEPT     tcp  --  any    any     192.168.0.0/24       anywhere            
tcp dpt:netbios-dgm
    0     0 ACCEPT     udp  --  any    any     192.168.0.0/24       anywhere            
udp dpt:netbios-ssn
    0     0 ACCEPT     tcp  --  any    any     192.168.0.0/24       anywhere            
tcp dpt:netbios-ssn
    0     0 ACCEPT     tcp  --  any    any     192.168.0.0/24       anywhere            
tcp dpt:netbios-ns
   37  2886 ACCEPT     udp  --  any    any     192.168.0.0/24       anywhere            
udp dpt:netbios-ns

Chain FORWARD (policy DROP 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source               
destination

Chain OUTPUT (policy ACCEPT 21M packets, 3429M bytes)
 pkts bytes target     prot opt in     out     source               
destination

and I still can't print. I send the print job and the printer gets into a kind 
of broken state.
Well, those ports are not open on my workstation[1], so, allowing connections 
to them won't change anything (unless something runs sporadically opening 
those ports).
Thank you.
-- 
Pupeno <pupeno@pupeno.com> (http://pupeno.com)

[1] # netstat -tlun
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address           Foreign Address         State
tcp        0      0 0.0.0.0:8010            0.0.0.0:*               LISTEN
tcp        0      0 0.0.0.0:22              0.0.0.0:*               LISTEN
tcp        0      0 127.0.0.1:631           0.0.0.0:*               LISTEN
udp        0      0 0.0.0.0:47552           0.0.0.0:*
udp        0      0 0.0.0.0:68              0.0.0.0:*
udp        0      0 0.0.0.0:8010            0.0.0.0:*
udp        0      0 0.0.0.0:631             0.0.0.0:*

[-- Attachment #2: Type: application/pgp-signature, Size: 198 bytes --]

Re: [gentoo-user] Firewalling and Sambra printer.

[Jason Booth]

On Sunday 22 October 2006 19:01, Pupeno wrote:
> and I still can't print. I send the print job and the printer gets into a
> kind of broken state.

if it is a firewall issue, keep it simple..
iptables -I INPUT -s his_ip_address -j ACCEPT

-Jason

-- 
 gpg public key: http://lazybird.hyperintelligent.net/~jbooth/jbooth_key.asc
-- 
gentoo-user@gentoo.org mailing list

Re: [gentoo-user] Firewalling and Sambra printer.

[Jason Booth]

On Sunday 22 October 2006 16:58, Dale wrote:
> > # iptables -vL
> > Chain INPUT (policy DROP 35510 packets, 16M bytes)
> >  pkts bytes target     prot opt in     out     source              
> > destination
> >  329K  558M ACCEPT     all  --  lo     any     anywhere            
> > anywhere 36M   54G ACCEPT     all  --  any    any     anywhere          
> >   anywhere state RELATED,ESTABLISHED
> >     3   228 ACCEPT     icmp --  any    any     anywhere            
> > anywhere             icmp echo-request limit: avg 30/min burst 5
also, if you are trying to block pings over limit, put in:

iptables -I INPUT 4 -p icmp --icmp-type echo-request -j DROP
(change the 4  to whatever the number rule will be from top if you have 
changed it)..

> >   120  7057 ACCEPT     icmp --  any    any     anywhere            
> > anywhere 1    60 ACCEPT     tcp  --  any    any     anywhere            
> > anywhere tcp dpt:ssh

-Jason
-- 
 gpg public key: http://lazybird.hyperintelligent.net/~jbooth/jbooth_key.asc

-- 
gentoo-user@gentoo.org mailing list