Results 1 to 10 of 10

Thread: some issue with cups and firewall

  1. #1

    Default some issue with cups and firewall

    As in object, I've some problem to configure cups in my desktop <opensuse 11.0>. The most big problem I think it is with firewall. I've noticed I can't see my server cups if firewall is on, also if I configure 'service ipp' in my external zone eth0.
    For say all, I don't trust to much firewall, due to strange behavior, from yast if it's running and I try to stop it, I can't... it is unable do it, I must deactivate it from boot and restart it... hmmh
    Now I've disable it, and my cups work fine in local and from client as well. But this is not of course the solution I want !

    thx for any advice you could give me...

  2. #2

    Default Re: some issue with cups and firewall

    -----BEGIN PGP SIGNED MESSAGE-----
    Hash: SHA1

    Assuming you have configured the required ports in the firewall to be open
    (631 I presume) and the service is listening on all IP addresses (and not
    just localhost, which I believe is the default) I do not know why you
    would have problems otherwise. Stopping the firewall is fairly reliable
    using Yast but if not the following has always worked for me:

    rcSuSEfirewall2 stop

    Good luck.





    nevegsuse wrote:
    > As in object, I've some problem to configure cups in my desktop
    > <opensuse 11.0>. The most big problem I think it is with firewall. I've
    > noticed I can't see my server cups if firewall is on, also if I
    > configure 'service ipp' in my external zone eth0.
    > For say all, I don't trust to much firewall, due to strange behavior,
    > from yast if it's running and I try to stop it, I can't... it is unable
    > do it, I must deactivate it from boot and restart it... hmmh
    > Now I've disable it, and my cups work fine in local and from client as
    > well. But this is not of course the solution I want !
    >
    > thx for any advice you could give me...
    >
    >

    -----BEGIN PGP SIGNATURE-----
    Version: GnuPG v2.0.9 (GNU/Linux)
    Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

    iQIcBAEBAgAGBQJKm9/ZAAoJEF+XTK08PnB5CgAP/15vjuVggpEmviq6/isj7IcM
    WjcCgcj4huiYKqzJuNwPTLVVxRlx9+i13ameJ9gVQ668+nCm5/Pf29uaeA7RSlHm
    82/E1nIcjAoNzl5jQMqlZSbaqjtiRsgd+9olan5nbIhxLVcM+94zlNBJB5/aWrH1
    KTN9PyDUBUj5iezsdd84IMefBleAk1MLXecjd+RjYF/kUsFM+9IjrOHdDU2HWhQk
    OZwLt5IlnHbVFlrgXp2ly+IZO+LwXyHzjF3gbvqxhz6nHSQp3EKsYpTSrm9sPqR8
    ocG4vC/AdmhUrB/o5R8cPN0AH0iVUf41+2HGU9OcJPedy4rufSP5EjTwn201FQ61
    lzJ0Qpxpk5HBMp2/cyFXR5fEZgxK9WW0cgy7yuUdhx3IEgjb7Gob7vZfOk/ti8iH
    uUv7Y4TnAmZWCK/aa3ufDvptius/q4hXgWIdUHlMH6jHqQGtsJLaXWmnttJLYCjw
    64/8uJbPAH3nCHNKuRTiGrJNTLzzjCjpMPi/g887V/LnYJrXhaPMF4eiRMDF3jDI
    fY/qcSRcR51x9CLFCmu7GxiXlz/swhZwDNiWeo+sGZAblfLhqv+EuxIRPfIiXJu8
    vIjwEA80OIBAIJJTtgu7fR0XRhUk+JP8El8tWjbPmnbIx3M+wVoe/l7eKrAM8cKJ
    crG3QOskSWNl99MX1LPZ
    =8xdT
    -----END PGP SIGNATURE-----

  3. #3
    Join Date
    Jan 2009
    Location
    Switzerland
    Posts
    1,556

    Default Re: some issue with cups and firewall

    Can you tell us a little bit more about your setup?

    My print server (which is part of the LAN and has a printer attached) uses the following firewall rule:

    FW_SERVICES_EXT_TCP="515 631 domain ipp smtp ssh"

    This works for me. Likely there is something wrong with your firewall configuration. You should be able to start and stop it with the following commands (as root):

    Code:
    rcSuSEfirewall2 stop
    rcSuSEfirewall2 start
    If that doesn't work something is terribly wrong. You may want to show the output of:

    Code:
    cat /etc/sysconfig/SuSEfirewall2 | sed -e "/^#/d" -e "/^$/d"

  4. #4

    Default Re: some issue with cups and firewall

    hi ab

    thx for your answer... yes you are on the way

    it seem probably more a problem of firewall then yast...

    after boot if I check status of firewall with command "SuSEfirewall status" I don't see port 613 enabled, notice service cups is in the list yast>firewall

    ...and if I type SuSEfirewall stop I get this output:
    ---
    pulsarx:/home/myhome # SuSEfirewall2 stop
    SuSEfirewall2: /var/lock/SuSEfirewall2.booting exists which means system boot in progress, exit.
    ---

    googling, this has remaind me to this link [Bug 387075] New: rcSuSEfirewall2 stop silently fails (/var/lock/ SuSEfi
    as u advice me if I type "rcSuSEfirewall2 start" everything go fine... it seem firewall doesn't boot fine for some reason.


    So now If I restart firewall from command line after boot I get firewall on and cups server "visible" from client I can print ! :-) ...so ok, "firewall boot" is another problem I need check...

    But I don't understand why from a client I'm unable to see printers with browser http://192.168.52.57:631/printers/ ?!?

    it gives me "Access denied"

    but I think I must access it with this /etc/cups/cupsd.conf
    Code:
    LogLevel info
    SystemGroup sys root
    # Allow remote access
    #Port 631
    Listen localhost:631
    Listen 192.168.52.57:631
    Listen /var/run/cups/cups.sock
    # Enable printer sharing and shared printers.
    Browsing On
    BrowseOrder allow,deny
    BrowseAllow @LOCAL
    BrowseAddress @LOCAL
    <Location />
    AuthType None
    Allow From all
      # Allow shared printing and remote administration...
    Order Allow,Deny
    Allow From all
    </Location>
    <Location /admin>
    Allow From all
      # Allow remote administration...
    Order allow,deny
    Allow From all
    </Location>
    <Location /admin/conf>
    Allow From all
      # Allow remote access to the configuration files...
    Order allow,deny
    Allow From all
    </Location>
    <Policy default>
    <Limit Send-Document Send-URI Hold-Job Release-Job Restart-Job Purge-Jobs Set-Job-Attributes Create-Job-Subscription Renew-Subscription Cancel-Subscription Get-Notifications Reprocess-Job Cancel-Current-Job Suspend-Current-Job Resume-Job CUPS-Move-Job>
    Require user @OWNER @SYSTEM
    Order deny,allow
    </Limit> 
    <Limit CUPS-Add-Modify-Printer CUPS-Delete-Printer CUPS-Add-Modify-Class CUPS-Delete-Class CUPS-Set-Default>
    AuthType Default
    Require user @SYSTEM
    Order deny,allow
    </Limit> 
    <Limit Pause-Printer Resume-Printer Enable-Printer Disable-Printer Pause-Printer-After-Current-Job Hold-New-Jobs Release-Held-New-Jobs Deactivate-Printer Activate-Printer Restart-Printer Shutdown-Printer Startup-Printer Promote-Job Schedule-Job-After CUPS-Accept-Jobs CUPS-Reject-Jobs>
    AuthType Default
    Require user @SYSTEM
    Order deny,allow
    </Limit> 
    <Limit CUPS-Authenticate-Job>
    Require user @OWNER @SYSTEM
    Order deny,allow
    </Limit> 
    <Limit All>
    Order deny,allow
    </Limit> 
    </Policy> 
    BrowseAddress @LOCAL
    <Location /classes>
    Allow From all
    Order Allow,Deny
    </Location>
    <Location /printers>
    Allow From all
    Order Allow,Deny
    </Location>
    thx in advance :-)

  5. #5

    Default Re: some issue with cups and firewall

    thx vodoo

    here the output:
    Code:
    pulsarx:/home/myhome# cat /etc/sysconfig/SuSEfirewall2 | sed -e "/^#/d" -e "/^$/d"
    FW_DEV_EXT="eth0"
    FW_DEV_INT=""
    FW_DEV_DMZ=""
    FW_ROUTE="no"
    FW_MASQUERADE="no"
    FW_MASQ_DEV="zone:ext"
    FW_MASQ_NETS="0/0"
    FW_NOMASQ_NETS=""
    FW_PROTECT_FROM_INT="no"
    FW_SERVICES_EXT_TCP=""
    FW_SERVICES_EXT_UDP="631"
    FW_SERVICES_EXT_IP=""
    FW_SERVICES_EXT_RPC=""
    FW_CONFIGURATIONS_EXT="cups"
    FW_SERVICES_DMZ_TCP=""
    FW_SERVICES_DMZ_UDP=""
    FW_SERVICES_DMZ_IP=""
    FW_SERVICES_DMZ_RPC=""
    FW_CONFIGURATIONS_DMZ=""
    FW_SERVICES_INT_TCP=""
    FW_SERVICES_INT_UDP=""
    FW_SERVICES_INT_IP=""
    FW_SERVICES_INT_RPC=""
    FW_CONFIGURATIONS_INT=""
    FW_SERVICES_DROP_EXT=""
    FW_SERVICES_DROP_DMZ=""
    FW_SERVICES_DROP_INT=""
    FW_SERVICES_REJECT_EXT=""
    FW_SERVICES_REJECT_DMZ=""
    FW_SERVICES_REJECT_INT=""
    FW_SERVICES_ACCEPT_EXT=""
    FW_SERVICES_ACCEPT_DMZ=""
    FW_SERVICES_ACCEPT_INT=""
    FW_SERVICES_ACCEPT_RELATED_EXT=""
    FW_SERVICES_ACCEPT_RELATED_DMZ=""
    FW_SERVICES_ACCEPT_RELATED_INT=""
    FW_TRUSTED_NETS=""
    FW_ALLOW_INCOMING_HIGHPORTS_TCP=""
    FW_ALLOW_INCOMING_HIGHPORTS_UDP=""
    FW_FORWARD=""
    FW_FORWARD_REJECT=""
    FW_FORWARD_DROP=""
    FW_FORWARD_MASQ=""
    FW_REDIRECT=""
    FW_LOG_DROP_CRIT="yes"
    FW_LOG_DROP_ALL="no"
    FW_LOG_ACCEPT_CRIT="yes"
    FW_LOG_ACCEPT_ALL="no"
    FW_LOG_LIMIT=""
    FW_LOG=""
    FW_KERNEL_SECURITY="yes"
    FW_STOP_KEEP_ROUTING_STATE="no"
    FW_ALLOW_PING_FW="yes"
    FW_ALLOW_PING_DMZ="no"
    FW_ALLOW_PING_EXT="no"
    FW_ALLOW_FW_SOURCEQUENCH=""
    FW_ALLOW_FW_BROADCAST_EXT=""
    FW_ALLOW_FW_BROADCAST_INT=""
    FW_ALLOW_FW_BROADCAST_DMZ=""
    FW_IGNORE_FW_BROADCAST_EXT="yes"
    FW_IGNORE_FW_BROADCAST_INT="no"
    FW_IGNORE_FW_BROADCAST_DMZ="no"
    FW_ALLOW_CLASS_ROUTING=""
    FW_CUSTOMRULES=""
    FW_REJECT=""
    FW_REJECT_INT="yes"
    FW_HTB_TUNE_DEV=""
    FW_IPv6=""
    FW_IPv6_REJECT_OUTGOING=""
    FW_IPSEC_TRUST="no"
    FW_ZONES=""
    FW_USE_IPTABLES_BATCH=""
    FW_LOAD_MODULES="nf_conntrack_netbios_ns"
    FW_FORWARD_ALWAYS_INOUT_DEV=""
    FW_FORWARD_ALLOW_BRIDGING=""
    btw I can confirm this status:
    1) I boot... and my server cups is not visible from client.. if I check with "SuSEfirewall2 status" I get this output <notice no port 631 is open (but in yast service cups is allowed) > :
    Code:
    pulsarx:/home/myhome# SuSEfirewall2 status
    ### iptables filter ###
    Chain INPUT (policy DROP 99 packets, 11473 bytes)
     pkts bytes target     prot opt in     out     source               destination         
       28  2122 ACCEPT     all  --  lo     *       0.0.0.0/0            0.0.0.0/0           
      188 50194 ACCEPT     all  --  *      *       0.0.0.0/0            0.0.0.0/0           state ESTABLISHED 
        0     0 ACCEPT     icmp --  *      *       0.0.0.0/0            0.0.0.0/0           state RELATED 
    
    Chain FORWARD (policy DROP 0 packets, 0 bytes)
     pkts bytes target     prot opt in     out     source               destination         
    
    Chain OUTPUT (policy ACCEPT 279 packets, 54985 bytes)
     pkts bytes target     prot opt in     out     source               destination         
       28  2122 ACCEPT     all  --  *      lo      0.0.0.0/0            0.0.0.0/0           
    
    Chain reject_func (0 references)
     pkts bytes target     prot opt in     out     source               destination         
        0     0 REJECT     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0           reject-with tcp-reset 
        0     0 REJECT     udp  --  *      *       0.0.0.0/0            0.0.0.0/0           reject-with icmp-port-unreachable 
        0     0 REJECT     all  --  *      *       0.0.0.0/0            0.0.0.0/0           reject-with icmp-proto-unreachable 
    
    ### iptables mangle ###
    Chain PREROUTING (policy ACCEPT 318 packets, 64682 bytes)
     pkts bytes target     prot opt in     out     source               destination         
    
    Chain INPUT (policy ACCEPT 315 packets, 63789 bytes)
     pkts bytes target     prot opt in     out     source               destination         
    
    Chain FORWARD (policy ACCEPT 0 packets, 0 bytes)
     pkts bytes target     prot opt in     out     source               destination         
    
    Chain OUTPUT (policy ACCEPT 307 packets, 57107 bytes)
     pkts bytes target     prot opt in     out     source               destination         
    
    Chain POSTROUTING (policy ACCEPT 355 packets, 63047 bytes)
     pkts bytes target     prot opt in     out     source               destination         
    
    ### iptables nat ###
    Chain PREROUTING (policy ACCEPT 53 packets, 5909 bytes)
     pkts bytes target     prot opt in     out     source               destination         
    
    Chain POSTROUTING (policy ACCEPT 101 packets, 20889 bytes)
     pkts bytes target     prot opt in     out     source               destination         
    
    Chain OUTPUT (policy ACCEPT 101 packets, 20889 bytes)
     pkts bytes target     prot opt in     out     source               destination
    So if after this check I type :
    ----
    pulsarx:/home/myhome# rcSuSEfirewall2 force-reload
    Starting Firewall Initialization (phase 2 of 2) SuSEfirewall2: Warning: no default firewall zone defined, assuming 'ext'
    pulsarx:/home/myhome#
    ----

    And now if I check the firewall status It seem port 631 be open... or better client see server cups, here the output after:
    Code:
    pulsarx:/home/myhome# SuSEfirewall2 status
    ### iptables filter ###
    Chain INPUT (policy DROP 0 packets, 0 bytes)
     pkts bytes target     prot opt in     out     source               destination         
     1880  915K ACCEPT     all  --  lo     *       0.0.0.0/0            0.0.0.0/0           
     1162  868K ACCEPT     all  --  *      *       0.0.0.0/0            0.0.0.0/0           state ESTABLISHED 
        0     0 ACCEPT     icmp --  *      *       0.0.0.0/0            0.0.0.0/0           state RELATED 
      493 57069 input_ext  all  --  eth0   *       0.0.0.0/0            0.0.0.0/0           
        0     0 input_ext  all  --  vboxnet0 *       0.0.0.0/0            0.0.0.0/0           
        0     0 input_ext  all  --  *      *       0.0.0.0/0            0.0.0.0/0           
        0     0 LOG        all  --  *      *       0.0.0.0/0            0.0.0.0/0           limit: avg 3/min burst 5 LOG flags 6 level 4 prefix `SFW2-IN-ILL-TARGET ' 
        0     0 DROP       all  --  *      *       0.0.0.0/0            0.0.0.0/0           
    
    Chain FORWARD (policy DROP 0 packets, 0 bytes)
     pkts bytes target     prot opt in     out     source               destination         
        0     0 LOG        all  --  *      *       0.0.0.0/0            0.0.0.0/0           limit: avg 3/min burst 5 LOG flags 6 level 4 prefix `SFW2-FWD-ILL-ROUTING ' 
    
    Chain OUTPUT (policy ACCEPT 0 packets, 0 bytes)
     pkts bytes target     prot opt in     out     source               destination         
     1880  915K ACCEPT     all  --  *      lo      0.0.0.0/0            0.0.0.0/0           
     1237  182K ACCEPT     all  --  *      *       0.0.0.0/0            0.0.0.0/0           state NEW,RELATED,ESTABLISHED 
        0     0 LOG        all  --  *      *       0.0.0.0/0            0.0.0.0/0           limit: avg 3/min burst 5 LOG flags 6 level 4 prefix `SFW2-OUT-ERROR ' 
    
    Chain forward_ext (0 references)
     pkts bytes target     prot opt in     out     source               destination         
    
    Chain input_ext (3 references)
     pkts bytes target     prot opt in     out     source               destination         
      460 55041 DROP       all  --  *      *       0.0.0.0/0            0.0.0.0/0           PKTTYPE = broadcast 
        0     0 ACCEPT     icmp --  *      *       0.0.0.0/0            0.0.0.0/0           icmp type 4 
        2   120 ACCEPT     icmp --  *      *       0.0.0.0/0            0.0.0.0/0           icmp type 8 
        1    60 LOG        tcp  --  *      *       0.0.0.0/0            0.0.0.0/0           limit: avg 3/min burst 5 tcp dpt:631 flags:0x17/0x02 LOG flags 6 level 4 prefix `SFW2-INext-ACC-TCP ' 
        1    60 ACCEPT     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0           tcp dpt:631 
        0     0 ACCEPT     udp  --  *      *       0.0.0.0/0            0.0.0.0/0           udp dpt:631 
        0     0 ACCEPT     udp  --  *      *       0.0.0.0/0            0.0.0.0/0           udp dpt:631 
        4   264 LOG        all  --  *      *       0.0.0.0/0            0.0.0.0/0           limit: avg 3/min burst 5 PKTTYPE = multicast LOG flags 6 level 4 prefix `SFW2-INext-DROP-DEFLT ' 
        4   264 DROP       all  --  *      *       0.0.0.0/0            0.0.0.0/0           PKTTYPE = multicast 
       15   720 LOG        tcp  --  *      *       0.0.0.0/0            0.0.0.0/0           limit: avg 3/min burst 5 tcp flags:0x17/0x02 LOG flags 6 level 4 prefix `SFW2-INext-DROP-DEFLT ' 
        0     0 LOG        icmp --  *      *       0.0.0.0/0            0.0.0.0/0           limit: avg 3/min burst 5 LOG flags 6 level 4 prefix `SFW2-INext-DROP-DEFLT ' 
        6   540 LOG        udp  --  *      *       0.0.0.0/0            0.0.0.0/0           limit: avg 3/min burst 5 LOG flags 6 level 4 prefix `SFW2-INext-DROP-DEFLT ' 
        0     0 LOG        all  --  *      *       0.0.0.0/0            0.0.0.0/0           limit: avg 3/min burst 5 state INVALID LOG flags 6 level 4 prefix `SFW2-INext-DROP-DEFLT-INV ' 
       26  1584 DROP       all  --  *      *       0.0.0.0/0            0.0.0.0/0           
    
    Chain reject_func (0 references)
     pkts bytes target     prot opt in     out     source               destination         
        0     0 REJECT     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0           reject-with tcp-reset 
        0     0 REJECT     udp  --  *      *       0.0.0.0/0            0.0.0.0/0           reject-with icmp-port-unreachable 
        0     0 REJECT     all  --  *      *       0.0.0.0/0            0.0.0.0/0           reject-with icmp-proto-unreachable 
    
    ### iptables mangle ###
    Chain PREROUTING (policy ACCEPT 3946 packets, 1914K bytes)
     pkts bytes target     prot opt in     out     source               destination         
    
    Chain INPUT (policy ACCEPT 3937 packets, 1912K bytes)
     pkts bytes target     prot opt in     out     source               destination         
    
    Chain FORWARD (policy ACCEPT 0 packets, 0 bytes)
     pkts bytes target     prot opt in     out     source               destination         
    
    Chain OUTPUT (policy ACCEPT 3429 packets, 1154K bytes)
     pkts bytes target     prot opt in     out     source               destination         
    
    Chain POSTROUTING (policy ACCEPT 3504 packets, 1164K bytes)
     pkts bytes target     prot opt in     out     source               destination         
    
    ### iptables nat ###
    Chain PREROUTING (policy ACCEPT 609 packets, 67683 bytes)
     pkts bytes target     prot opt in     out     source               destination         
    
    Chain POSTROUTING (policy ACCEPT 191 packets, 30177 bytes)
     pkts bytes target     prot opt in     out     source               destination         
    
    Chain OUTPUT (policy ACCEPT 191 packets, 30177 bytes)
     pkts bytes target     prot opt in     out     source               destination

    mah ?!?

    thx

  6. #6
    Join Date
    Jan 2009
    Location
    Switzerland
    Posts
    1,556

    Default Re: some issue with cups and firewall

    Hi nevegsuse

    In the firewall configuration script ipp=631, they are equivalent. Use one or the other. Open that port for both, TCP and UDP. FW_CONFIGURATIONS_EXT="cups" should do the same, so it's double.

    They changed the syntax for FW_DEV_EXT between some of the releases, but I don't know when. On some systems it's: FW_DEV_EXT="any eth-id-00:30:1b:b9:4b:8c". Please check the comments in /etc/sysconfig/SuSEfirewall2. It could be: FW_DEV_EXT="any eth0". You must be able to cleanly start and stop your firewall.

    As for cups.conf: probably to have to check it again. But here I now almost nothing, sorry.

  7. #7

    Default Re: some issue with cups and firewall

    Hi vodoo, here I'm again... :-)

    ...
    In the firewall configuration script ipp=631, they are equivalent. Use one or the other. Open that port for both, TCP and UDP. FW_CONFIGURATIONS_EXT="cups" should do the same, so it's double.
    ...yes I think so, I've noticed btw, if I select the checkbox "open port firewall" in yast>hardware>printers it inserts in the firewall services allowed list "SERVER IPP" and not "cups" ... little bit funny ?!? btw I think it doesn't matter, probably "SERVER IPP" and "cups" are double voice in the list ?! or we need insert both ?!?

    They changed the syntax for FW_DEV_EXT between some of the releases, but I don't know when. On some systems it's: FW_DEV_EXT="any eth-id-00:30:1b:b9:4b:8c". Please check the comments in /etc/sysconfig/SuSEfirewall2. It could be: FW_DEV_EXT="any eth0". You must be able to cleanly start and stop your firewall.
    So I insert the string "any eth0" but firewall behaviour is the same... Just booted my server cups is not visible and checkin' its status no port 631 are visible and from client.
    If I type "SuSEfirewall2 status" I get this... and no port 631 are visible...
    Code:
    ### iptables filter ###
    Chain INPUT (policy DROP 739 packets, 110K bytes)
     pkts bytes target     prot opt in     out     source               destination         
     8243 3297K ACCEPT     all  --  lo     *       0.0.0.0/0            0.0.0.0/0           
    17018   11M ACCEPT     all  --  *      *       0.0.0.0/0            0.0.0.0/0           state ESTABLISHED 
        0     0 ACCEPT     icmp --  *      *       0.0.0.0/0            0.0.0.0/0           state RELATED 
    
    Chain FORWARD (policy DROP 0 packets, 0 bytes)
     pkts bytes target     prot opt in     out     source               destination         
    
    Chain OUTPUT (policy ACCEPT 8301 packets, 811K bytes)
     pkts bytes target     prot opt in     out     source               destination         
     8243 3297K ACCEPT     all  --  *      lo      0.0.0.0/0            0.0.0.0/0           
    
    Chain reject_func (0 references)
     pkts bytes target     prot opt in     out     source               destination         
        0     0 REJECT     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0           reject-with tcp-reset 
        0     0 REJECT     udp  --  *      *       0.0.0.0/0            0.0.0.0/0           reject-with icmp-port-unreachable 
        0     0 REJECT     all  --  *      *       0.0.0.0/0            0.0.0.0/0           reject-with icmp-proto-unreachable 
    
    ### iptables mangle ###
    Chain PREROUTING (policy ACCEPT 26002 packets, 15M bytes)
     pkts bytes target     prot opt in     out     source               destination         
    
    Chain INPUT (policy ACCEPT 26000 packets, 15M bytes)
     pkts bytes target     prot opt in     out     source               destination         
    
    Chain FORWARD (policy ACCEPT 0 packets, 0 bytes)
     pkts bytes target     prot opt in     out     source               destination         
    
    Chain OUTPUT (policy ACCEPT 16544 packets, 4107K bytes)
     pkts bytes target     prot opt in     out     source               destination         
    
    Chain POSTROUTING (policy ACCEPT 16626 packets, 4119K bytes)
     pkts bytes target     prot opt in     out     source               destination         
    
    ### iptables nat ###
    Chain PREROUTING (policy ACCEPT 651 packets, 95273 bytes)
     pkts bytes target     prot opt in     out     source               destination         
    
    Chain POSTROUTING (policy ACCEPT 236 packets, 33158 bytes)
     pkts bytes target     prot opt in     out     source               destination         
    
    Chain OUTPUT (policy ACCEPT 236 packets, 33158 bytes)
     pkts bytes target     prot opt in     out     source               destination
    note also (I booted about 20 min. ago) if I type "cat /var/log/messages | grep firewall | tail -10" I get
    Code:
    Sep  2 09:11:33 pulsarx SuSEfirewall2: /var/lock/SuSEfirewall2.booting exists which means system boot in progress, exit.
    Sep  2 09:11:33 pulsarx SuSEfirewall2: /var/lock/SuSEfirewall2.booting exists which means system boot in progress, exit.
    Sep  2 09:12:11 pulsarx SuSEfirewall2: /var/lock/SuSEfirewall2.booting exists which means system boot in progress, exit.
    Sep  2 09:12:24 pulsarx SuSEfirewall2: Setting up rules from /etc/sysconfig/SuSEfirewall2 ...
    Sep  2 09:12:25 pulsarx SuSEfirewall2: using default zone 'ext' for interface vboxnet0
    Sep  2 09:12:25 pulsarx SuSEfirewall2: batch committing...
    Sep  2 09:12:25 pulsarx SuSEfirewall2: Firewall rules successfully set
    Sep  2 09:33:42 pulsarx SuSEfirewall2: batch committing...
    Sep  2 09:33:43 pulsarx SuSEfirewall2: Firewall rules set to CLOSE.
    Sep  2 09:33:52 pulsarx SuSEfirewall2: /var/lock/SuSEfirewall2.booting exists which means system boot in progress, exit.
    I note the last line (after boot), it seems something keep in hang firewall...

    If after I type rcSuSEfirewall2 force-reload o start... I can force and load "fine" firewall and now I get port 631 visible and client are able to catch my server cups...

    bah really strange behaviour...

    As for cups.conf: probably to have to check it again. But here I now almost nothing, sorry.
    I think my cups.conf is somewhat fine... 'cause if I disable firewall or restart it, cups service are ok...


    thx

  8. #8
    Join Date
    Jan 2009
    Location
    Switzerland
    Posts
    1,556

    Default Re: some issue with cups and firewall

    I suggest that you start a new thread in the networking forum regarding this firewall issue. And: please check if this stale lockfile /var/lock/SuSEfirewall2.booting is still present. Delete it and see what happens.

  9. #9

    Default Re: some issue with cups and firewall

    Quote Originally Posted by vodoo View Post
    I suggest that you start a new thread in the networking forum regarding this firewall issue. And: please check if this stale lockfile /var/lock/SuSEfirewall2.booting is still present. Delete it and see what happens.
    Yes.. I do, thx again for your support

  10. #10
    gerstrong NNTP User

    Default Re: some issue with cups and firewall

    I also had problems with firewall + CUPS, but CUPS itself must be configured to get it working for outside connections.

    You can do that at the server using http://localhost:631 or by changing cups.conf like described above.

    Than it should work. It least it solved my problem.

Tags for this Thread

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •