Page 1 of 2 12 LastLast
Results 1 to 10 of 14

Thread: Firewall and network printer services

  1. #1
    Join Date
    Jan 2009
    Location
    Always on the road !
    Posts
    129

    Default Firewall and network printer services

    Hi,
    I have an network of 7 comps loaded with Open SuSE 12.2 x64 or Open SuSE 11.4 x32 . They share common printers. The printers are managed by one comp with openSuse 12.2 x64 which act as a servers for printing services. I have noticed that over time the firewall of all comps close down the 631 port, which had been opened to all machine in order to allow them to print. Shutting down and switching on again the firewalls of the server comp and client comp reopens the port and the printing is available again. Is there a configuration of firewall that will prevent of closing of a port if it is not in use for a while ?
    Thanks
    ----
    OpenSuSE 12.2 x64, NVidia 304.xx , KDE 4.10 x64 , Gnome 3.6 x64 and so on.

  2. #2
    Join Date
    Jun 2008
    Location
    Netherlands
    Posts
    24,851

    Default Re: Firewall and network printer services

    Do you mean that the firewall "spontaniously" (from your point of view) closes port 631?
    It seems that you are thinking that this happens when such a port is not connected to for some amount of time. This is not the case. We have to search in another direction to findd a cause for this phenomenon.

    BTW it is: openSUSE. You can stop bothering yourself in trying to spell it in as many different ways as you can imagine.
    Henk van Velden

  3. #3
    Join Date
    Feb 2009
    Location
    Spain
    Posts
    25,547

    Default Re: Firewall and network printer services

    On 03/02/2013 11:26 AM, hcvv wrote:
    >
    > Do you mean that the firewall "spontaniously" (from your point of view)
    > closes port 631?
    > It seems that you are thinking that this happens when such a port is
    > not connected to for some amount of time. This is not the case. We have
    > to search in another direction to findd a cause for this phenomenon.


    An open connection is tracked, but this can not be the case... :-?

    Maybe the port is not splicitly opened in the firewall.

    --
    Cheers/Saludos
    Carlos E. R. (12.3 Dartmouth test at Minas-Anor)

  4. #4
    Join Date
    Jan 2009
    Location
    Always on the road !
    Posts
    129

    Default Re: Firewall and network printer services

    I have opened the 631 port on all of the comps in the network using system setting section of Yast2 - Network- Firewall - SuSEfirewall2 - FW_SERVICES_EXT_TCP and same for UDP. Then in Yast2 - Firewall section the port appeared in the summary as opened.

  5. #5
    Join Date
    Jun 2008
    Location
    San Diego, Ca, USA
    Posts
    10,917
    Blog Entries
    2

    Default Re: Firewall and network printer services

    If I were to guess, the FW isn't closing the port, the service (printing service) behind the port has gone unresponsive.

    More than likely the machine has gone to sleep due to inactivity.

    Recommend
    Disable ACPI
    Modify power settings in the Desktop to disable all power saving settings.

    TSU

  6. #6
    Join Date
    Jan 2009
    Location
    Always on the road !
    Posts
    129

    Default Re: Firewall and network printer services

    Quote Originally Posted by tsu2 View Post
    If I were to guess, the FW isn't closing the port, the service (printing service) behind the port has gone unresponsive.

    More than likely the machine has gone to sleep due to inactivity.

    Recommend
    Disable ACPI
    Modify power settings in the Desktop to disable all power saving settings.

    TSU
    I did as you suggested but with no success. The client computer needs closing down and starting up its firewall in order to send a query for printing. Is there a way make the cup daemon not to going sleep over time ?

  7. #7
    Join Date
    Jun 2008
    Location
    Groningen, Netherlands
    Posts
    19,644
    Blog Entries
    14

    Default Re: Firewall and network printer services

    Quote Originally Posted by olegue View Post
    I did as you suggested but with no success. The client computer needs closing down and starting up its firewall in order to send a query for printing. Is there a way make the cup daemon not to going sleep over time ?
    Are you saying both 11.4 and 12.2 clients are closing their own firewall ports? That would be a serious bug IMHO, but me too thinks this is not the case. Please post output of
    Code:
    su -c 'cat /var/log/firewall | grep 631'
    lpstat -t
    ° Appreciate my reply? Click the star and let me know why.

    ° Perfection is not gonna happen. No way.

    https://en.opensuse.org/openSUSE:Board#Members
    http://en.opensuse.org/User:Knurpht
    http://nl.opensuse.org/Gebruiker:Knurpht

  8. #8
    Join Date
    Jan 2009
    Location
    Always on the road !
    Posts
    129

    Default Re: Firewall and network printer services

    Quote Originally Posted by Knurpht View Post
    Are you saying both 11.4 and 12.2 clients are closing their own firewall ports? That would be a serious bug IMHO, but me too thinks this is not the case. Please post output of
    Code:
    su -c 'cat /var/log/firewall | grep 631'
    lpstat -t
    Here is the asked output :
    Code:
    4 ID=30969 DF PROTO=TCP SPT=56897 DPT=631 WINDOW=14600 RES=0x00 SYN URGP=0 OPT (020405B40402080A00612EE70000000001030307) 
    Mar  8 17:56:44 black kernel: [12073.181744] SFW2-INext-ACC-TCP IN=eth0 OUT= MAC=28:45:a7:f3:18:00:00:22:15:67:6a:25:08:00 SRC=192.168.0.101 DST=192.168.0.100 LEN=60 TOS=0x00 PREC=0x00 TTL=64 ID=32689 DF PROTO=TCP SPT=56980 DPT=631 WINDOW=14600 RES=0x00 SYN URGP=0 OPT (020405B40402080A006253E40000000001030307) 
    Mar  8 18:01:44 black kernel: [12373.213607] SFW2-INext-ACC-TCP IN=eth0 OUT= MAC=28:45:a7:f3:18:00:00:22:15:67:6a:25:08:00 SRC=192.168.0.101 DST=192.168.0.100 LEN=60 TOS=0x00 PREC=0x00 TTL=64 ID=31625 DF PROTO=TCP SPT=57073 DPT=631 WINDOW=14600 RES=0x00 SYN URGP=0 OPT (020405B40402080A006378E00000000001030307) 
    Mar  8 18:06:44 black kernel: [12673.244483] SFW2-INext-ACC-TCP IN=eth0 OUT= MAC=28:45:a7:f3:18:00:00:22:15:67:6a:25:08:00 SRC=192.168.0.101 DST=192.168.0.100 LEN=60 TOS=0x00 PREC=0x00 TTL=64 ID=6635 DF PROTO=TCP SPT=57150 DPT=631 WINDOW=14600 RES=0x00 SYN URGP=0 OPT (020405B40402080A00649DDB0000000001030307) 
    Mar  8 18:11:44 black kernel: [12973.275987] SFW2-INext-ACC-TCP IN=eth0 OUT= MAC=28:45:a7:f3:18:00:00:22:15:67:6a:25:08:00 SRC=192.168.0.101 DST=192.168.0.100 LEN=60 TOS=0x00 PREC=0x00 TTL=64 ID=34020 DF PROTO=TCP SPT=57237 DPT=631 WINDOW=14600 RES=0x00 SYN URGP=0 OPT (020405B40402080A0065C2D60000000001030307) 
    Mar  8 18:16:44 black kernel: [13273.302096] SFW2-INext-ACC-TCP IN=eth0 OUT= MAC=28:45:a7:f3:18:00:00:22:15:67:6a:25:08:00 SRC=192.168.0.101 DST=192.168.0.100 LEN=60 TOS=0x00 PREC=0x00 TTL=64 ID=40609 DF PROTO=TCP SPT=57310 DPT=631 WINDOW=14600 RES=0x00 SYN URGP=0 OPT (020405B40402080A0066E7D00000000001030307) 
    Mar  8 18:21:44 black kernel: [13573.332567] SFW2-INext-ACC-TCP IN=eth0 OUT= MAC=28:45:a7:f3:18:00:00:22:15:67:6a:25:08:00 SRC=192.168.0.101 DST=192.168.0.100 LEN=60 TOS=0x00 PREC=0x00 TTL=64 ID=42584 DF PROTO=TCP SPT=57388 DPT=631 WINDOW=14600 RES=0x00 SYN URGP=0 OPT (020405B40402080A00680CCB0000000001030307) 
    Mar  8 18:26:44 black kernel: [13873.362647] SFW2-INext-ACC-TCP IN=eth0 OUT= MAC=28:45:a7:f3:18:00:00:22:15:67:6a:25:08:00 SRC=192.168.0.101 DST=192.168.0.100 LEN=60 TOS=0x00 PREC=0x00 TTL=64 ID=38636 DF PROTO=TCP SPT=57462 DPT=631 WINDOW=14600 RES=0x00 SYN URGP=0 OPT (020405B40402080A006931C60000000001030307) 
    Mar  8 18:31:44 black kernel: [14173.393285] SFW2-INext-ACC-TCP IN=eth0 OUT= MAC=28:45:a7:f3:18:00:00:22:15:67:6a:25:08:00 SRC=192.168.0.101 DST=192.168.0.100 LEN=60 TOS=0x00 PREC=0x00 TTL=64 ID=60060 DF PROTO=TCP SPT=57548 DPT=631 WINDOW=14600 RES=0x00 SYN URGP=0 OPT (020405B40402080A006A56C10000000001030307) 
    Mar  8 18:36:44 black kernel: [14473.424415] SFW2-INext-ACC-TCP IN=eth0 OUT= MAC=28:45:a7:f3:18:00:00:22:15:67:6a:25:08:00 SRC=192.168.0.101 DST=192.168.0.100 LEN=60 TOS=0x00 PREC=0x00 TTL=64 ID=63948 DF PROTO=TCP SPT=57621 DPT=631 WINDOW=14600 RES=0x00 SYN URGP=0 OPT (020405B40402080A006B7BBC0000000001030307) 
    Mar  8 18:41:44 black kernel: [14773.455596] SFW2-INext-ACC-TCP IN=eth0 OUT= MAC=28:45:a7:f3:18:00:00:22:15:67:6a:25:08:00 SRC=192.168.0.101 DST=192.168.0.100 LEN=60 TOS=0x00 PREC=0x00 TTL=64 ID=44790 DF PROTO=TCP SPT=57703 DPT=631 WINDOW=14600 RES=0x00 SYN URGP=0 OPT (020405B40402080A006CA0B70000000001030307) 
    Mar  8 18:45:45 black kernel: [15015.066313] SFW2-INext-DROP-DEFLT IN=eth0 OUT= MAC=28:45:a7:f3:18:00:00:22:b0:85:a7:14:08:00 SRC=114.26.16.185 DST=192.168.0.100 LEN=293 TOS=0x00 PREC=0x00 TTL=114 ID=28227 PROTO=UDP SPT=11442 DPT=7881 LEN=273 
    Mar  8 18:46:44 black kernel: [15073.489937] SFW2-INext-ACC-TCP IN=eth0 OUT= MAC=28:45:a7:f3:18:00:00:22:15:67:6a:25:08:00 SRC=192.168.0.101 DST=192.168.0.100 LEN=60 TOS=0x00 PREC=0x00 TTL=64 ID=46902 DF PROTO=TCP SPT=57789 DPT=631 WINDOW=14600 RES=0x00 SYN URGP=0 OPT (020405B40402080A006DC5B30000000001030307) 
    Mar  8 18:51:44 black kernel: [15373.522546] SFW2-INext-ACC-TCP IN=eth0 OUT= MAC=28:45:a7:f3:18:00:00:22:15:67:6a:25:08:00 SRC=192.168.0.101 DST=192.168.0.100 LEN=60 TOS=0x00 PREC=0x00 TTL=64 ID=23164 DF PROTO=TCP SPT=57873 DPT=631 WINDOW=14600 RES=0x00 SYN URGP=0 OPT (020405B40402080A006EEAAF0000000001030307) 
    Mar  8 18:56:44 black kernel: [15673.554263] SFW2-INext-ACC-TCP IN=eth0 OUT= MAC=28:45:a7:f3:18:00:00:22:15:67:6a:25:08:00 SRC=192.168.0.101 DST=192.168.0.100 LEN=60 TOS=0x00 PREC=0x00 TTL=64 ID=29805 DF PROTO=TCP SPT=57956 DPT=631 WINDOW=14600 RES=0x00 SYN URGP=0 OPT (020405B40402080A00700FAA0000000001030307) 
    Mar  8 19:01:44 black kernel: [15973.585664] SFW2-INext-ACC-TCP IN=eth0 OUT= MAC=28:45:a7:f3:18:00:00:22:15:67:6a:25:08:00 SRC=192.168.0.101 DST=192.168.0.100 LEN=60 TOS=0x00 PREC=0x00 TTL=64 ID=6681 DF PROTO=TCP SPT=58051 DPT=631 WINDOW=14600 RES=0x00 SYN URGP=0 OPT (020405B40402080A007134A50000000001030307) 
    Mar  8 19:06:44 black kernel: [16273.616394] SFW2-INext-ACC-TCP IN=eth0 OUT= MAC=28:45:a7:f3:18:00:00:22:15:67:6a:25:08:00 SRC=192.168.0.101 DST=192.168.0.100 LEN=60 TOS=0x00 PREC=0x00 TTL=64 ID=15112 DF PROTO=TCP SPT=58132 DPT=631 WINDOW=14600 RES=0x00 SYN URGP=0 OPT (020405B40402080A007259A10000000001030307) 
    Mar  8 19:11:44 black kernel: [16573.647952] SFW2-INext-ACC-TCP IN=eth0 OUT= MAC=28:45:a7:f3:18:00:00:22:15:67:6a:25:08:00 SRC=192.168.0.101 DST=192.168.0.100 LEN=60 TOS=0x00 PREC=0x00 TTL=64 ID=24422 DF PROTO=TCP SPT=58210 DPT=631 WINDOW=14600 RES=0x00 SYN URGP=0 OPT (020405B40402080A00737E9C0000000001030307) 
    Mar  8 19:16:44 black kernel: [16873.680055] SFW2-INext-ACC-TCP IN=eth0 OUT= MAC=28:45:a7:f3:18:00:00:22:15:67:6a:25:08:00 SRC=192.168.0.101 DST=192.168.0.100 LEN=60 TOS=0x00 PREC=0x00 TTL=64 ID=48946 DF PROTO=TCP SPT=58292 DPT=631 WINDOW=14600 RES=0x00 SYN URGP=0 OPT (020405B40402080A0074A3970000000001030307) 
    Mar  8 19:21:44 black kernel: [17173.706806] SFW2-INext-ACC-TCP IN=eth0 OUT= MAC=28:45:a7:f3:18:00:00:22:15:67:6a:25:08:00 SRC=192.168.0.101 DST=192.168.0.100 LEN=60 TOS=0x00 PREC=0x00 TTL=64 ID=27357 DF PROTO=TCP SPT=58376 DPT=631 WINDOW=14600 RES=0x00 SYN URGP=0 OPT (020405B40402080A0075C8910000000001030307) 
    Mar  8 19:26:44 black kernel: [17473.738386] SFW2-INext-ACC-TCP IN=eth0 OUT= MAC=28:45:a7:f3:18:00:00:22:15:67:6a:25:08:00 SRC=192.168.0.101 DST=192.168.0.100 LEN=60 TOS=0x00 PREC=0x00 TTL=64 ID=17251 DF PROTO=TCP SPT=58458 DPT=631 WINDOW=14600 RES=0x00 SYN URGP=0 OPT (020405B40402080A0076ED8D0000000001030307) 
    Mar  8 19:31:44 black kernel: [17773.770798] SFW2-INext-ACC-TCP IN=eth0 OUT= MAC=28:45:a7:f3:18:00:00:22:15:67:6a:25:08:00 SRC=192.168.0.101 DST=192.168.0.100 LEN=60 TOS=0x00 PREC=0x00 TTL=64 ID=5136 DF PROTO=TCP SPT=58541 DPT=631 WINDOW=14600 RES=0x00 SYN URGP=0 OPT (020405B40402080A007812880000000001030307) 
    Mar  8 19:36:44 black kernel: [18073.801737] SFW2-INext-ACC-TCP IN=eth0 OUT= MAC=28:45:a7:f3:18:00:00:22:15:67:6a:25:08:00 SRC=192.168.0.101 DST=192.168.0.100 LEN=60 TOS=0x00 PREC=0x00 TTL=64 ID=23918 DF PROTO=TCP SPT=58625 DPT=631 WINDOW=14600 RES=0x00 SYN URGP=0 OPT (020405B40402080A007937830000000001030307) 
    Mar  8 19:41:44 black kernel: [18373.832268] SFW2-INext-ACC-TCP IN=eth0 OUT= MAC=28:45:a7:f3:18:00:00:22:15:67:6a:25:08:00 SRC=192.168.0.101 DST=192.168.0.100 LEN=60 TOS=0x00 PREC=0x00 TTL=64 ID=1902 DF PROTO=TCP SPT=58706 DPT=631 WINDOW=14600 RES=0x00 SYN URGP=0 OPT (020405B40402080A007A5C7E0000000001030307) 
    Mar  8 19:46:44 black kernel: [18673.864309] SFW2-INext-ACC-TCP IN=eth0 OUT= MAC=28:45:a7:f3:18:00:00:22:15:67:6a:25:08:00 SRC=192.168.0.101 DST=192.168.0.100 LEN=60 TOS=0x00 PREC=0x00 TTL=64 ID=53979 DF PROTO=TCP SPT=58787 DPT=631 WINDOW=14600 RES=0x00 SYN URGP=0 OPT (020405B40402080A007B817A0000000001030307) 
    Mar  8 19:51:44 black kernel: [18973.896229] SFW2-INext-ACC-TCP IN=eth0 OUT= MAC=28:45:a7:f3:18:00:00:22:15:67:6a:25:08:00 SRC=192.168.0.101 DST=192.168.0.100 LEN=60 TOS=0x00 PREC=0x00 TTL=64 ID=46428 DF PROTO=TCP SPT=58878 DPT=631 WINDOW=14600 RES=0x00 SYN URGP=0 OPT (020405B40402080A007CA6750000000001030307) 
    Mar  8 19:56:44 black kernel: [19273.930604] SFW2-INext-ACC-TCP IN=eth0 OUT= MAC=28:45:a7:f3:18:00:00:22:15:67:6a:25:08:00 SRC=192.168.0.101 DST=192.168.0.100 LEN=60 TOS=0x00 PREC=0x00 TTL=64 ID=39594 DF PROTO=TCP SPT=58952 DPT=631 WINDOW=14600 RES=0x00 SYN URGP=0 OPT (020405B40402080A007DCB710000000001030307) 
    Mar  8 20:01:44 black kernel: [19573.961877] SFW2-INext-ACC-TCP IN=eth0 OUT= MAC=28:45:a7:f3:18:00:00:22:15:67:6a:25:08:00 SRC=192.168.0.101 DST=192.168.0.100 LEN=60 TOS=0x00 PREC=0x00 TTL=64 ID=33830 DF PROTO=TCP SPT=59047 DPT=631 WINDOW=14600 RES=0x00 SYN URGP=0 OPT (020405B40402080A007EF06C0000000001030307) 
    Mar  8 20:06:44 black kernel: [19873.993001] SFW2-INext-ACC-TCP IN=eth0 OUT= MAC=28:45:a7:f3:18:00:00:22:15:67:6a:25:08:00 SRC=192.168.0.101 DST=192.168.0.100 LEN=60 TOS=0x00 PREC=0x00 TTL=64 ID=44208 DF PROTO=TCP SPT=59128 DPT=631 WINDOW=14600 RES=0x00 SYN URGP=0 OPT (020405B40402080A008015670000000001030307) 
    Mar  8 20:11:44 black kernel: [20174.021214] SFW2-INext-ACC-TCP IN=eth0 OUT= MAC=28:45:a7:f3:18:00:00:22:15:67:6a:25:08:00 SRC=192.168.0.101 DST=192.168.0.100 LEN=60 TOS=0x00 PREC=0x00 TTL=64 ID=21243 DF PROTO=TCP SPT=59199 DPT=631 WINDOW=14600 RES=0x00 SYN URGP=0 OPT (020405B40402080A00813A620000000001030307) 
    Mar  8 20:16:44 black kernel: [20474.050964] SFW2-INext-ACC-TCP IN=eth0 OUT= MAC=28:45:a7:f3:18:00:00:22:15:67:6a:25:08:00 SRC=192.168.0.101 DST=192.168.0.100 LEN=60 TOS=0x00 PREC=0x00 TTL=64 ID=6429 DF PROTO=TCP SPT=59282 DPT=631 WINDOW=14600 RES=0x00 SYN URGP=0 OPT (020405B40402080A00825F5D0000000001030307)
    Last edited by oldcpu; 10-Mar-2013 at 09:07. Reason: added [ code ] and [ /code ] tags on web side to improve readibility

  9. #9
    Join Date
    Jun 2008
    Location
    Netherlands
    Posts
    24,851

    Default Re: Firewall and network printer services

    Hello olegue,

    What about using CODE tags around such output, to make it readable? (The # button in the toolbar above the post editor).
    Henk van Velden

  10. #10
    Join Date
    Feb 2009
    Location
    Spain
    Posts
    25,547

    Default Re: Firewall and network printer services

    On 2013-03-09 15:26, olegue wrote:
    > Here is the asked output :


    Unreadable. You did not use code tags.

    --
    Cheers / Saludos,

    Carlos E. R.
    (from 11.4, with Evergreen, x86_64 "Celadon" (Minas Tirith))

Page 1 of 2 12 LastLast

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •