CUPS problem

user · October 4, 2010, 2:29am

I am trying to make my printer visible to my other machines on my
local (home) net. Suse 11.1 Kde 3.5 CUPS 1.2.12 ETC., What files
of configuration information do i need to provire to get help with
this?

–
Say what ?

ah7013 · October 4, 2010, 3:18am

You can browse to


http://localhost:631

on your machine with the printer connected. Click on administration then click on ‘Share printers connected to this system’. And if I remember correctly you also have to go into the printer settings under Manage Printers and allow sharing through there as well

didencool · October 4, 2010, 12:46pm

in adition you should setup remote clients with yast to use remote CUPS as it own
http://lh3.ggpht.com/_EGHByq6hIgo/TKmv4d_YZdI/AAAAAAAAAio/3jZxcvlvXME/s800/Print_via_Network-YaST.png

and ports for cups should be openned on both in firewall (if any)

user · October 7, 2010, 2:59am

On Mon, 04 Oct 2010 01:36:02 GMT, ah7013
<ah7013@no-mx.forums.opensuse.org> wrote:

>
>You can browse to
>
>Code:
>--------------------
>
> http://localhost:631
>
>--------------------
>
>on your machine with the printer connected. Click on administration
>then click on ‘Share printers connected to this system’. And if I
>remember correctly you also have to go into the printer settings under
>Manage Printers and allow sharing through there as well

Yes, it is bookmarked. On the other machine i can see it advertising
using wireshark.

user · October 7, 2010, 3:25am

On Mon, 04 Oct 2010 11:06:07 GMT, didencool
<didencool@no-mx.forums.opensuse.org> wrote:

>
>in adition you should setup remote clients with yast to use remote CUPS
>as it own
>[image:
>http://lh3.ggpht.com/_EGHByq6hIgo/TKmv4d_YZdI/AAAAAAAAAio/3jZxcvlvXME/s800/Print_via_Network-YaST.png]
>
>and ports for cups should be openned on both in firewall (if any)

Though the example is 11.3 i saw the relevant settings for my 11.1.
Even though i can ping the machine it said the server did not exist.
I then tried looking for any server on the local net, and Yast reported it
as brother ql500 (one currently attached via usb) with a different model
printer driver than the printer model (Epson R1800 instead of R200). Very
weird. Cups on the print serving machine does not show any print job
arriving today (neither local or remote).

Since this is on a home net, firewalls should be automatically updated by
Yast. The router is a different matter, the computers will see the 8-port
switch first.

user · October 7, 2010, 6:18am

On 2010-10-07 03:25, josephkk wrote:
> On Mon, 04 Oct 2010 11:06:07 GMT, didencool <> wrote:

> Since this is on a home net, firewalls should be automatically updated by
> Yast.

No, they are not. Specially if you configured the local network as external, as I do.
We had a discussion with the maintainer about this.

–
Cheers / Saludos,

Carlos E. R.
(from 11.2 x86_64 “Emerald” at Telcontar)

please_try_again · October 7, 2010, 6:56am

To list available printers, you can try:
lpstat -p
To show the default printer:
lpstat -d

Also make sure that the cups daemon is running.

user · October 9, 2010, 12:24pm

On Thu, 07 Oct 2010 04:18:51 GMT, “Carlos E. R.” <robin.listas@localhost>
wrote:

>On 2010-10-07 03:25, josephkk wrote:
>> On Mon, 04 Oct 2010 11:06:07 GMT, didencool <> wrote:
>
>> Since this is on a home net, firewalls should be automatically updatedby
>> Yast.
>
>No, they are not. Specially if you configured the local network as external, as I do.
>We had a discussion with the maintainer about this.

Must have missed that conversation. I have configured my firewall on my
machines and they behave much more as expected now. Still can’t print to
the other local box. Since i have a good hardware router i chose to go
with my interfaces in the demilitarized zone.

What configuration information from my suse 11.1 systems do you want for
troubleshooting?

user · October 10, 2010, 3:43am

On 2010-10-09 12:24, josephkk wrote:
> On Thu, 07 Oct 2010 04:18:51 GMT, “Carlos E. R.” <robin.listas@localhost>
> wrote:
>
>> On 2010-10-07 03:25, josephkk wrote:
>>> On Mon, 04 Oct 2010 11:06:07 GMT, didencool <> wrote:
>>
>>> Since this is on a home net, firewalls should be automatically updated by
>>> Yast.
>>
>> No, they are not. Specially if you configured the local network as external, as I do.
>> We had a discussion with the maintainer about this.
>
> Must have missed that conversation.

<http://lists.opensuse.org/opensuse/2010-07/msg01456.html>

> I have configured my firewall on my
> machines and they behave much more as expected now. Still can’t print to
> the other local box. Since i have a good hardware router i chose to go
> with my interfaces in the demilitarized zone.
>
> What configuration information from my suse 11.1 systems do you want for
> troubleshooting?

Well, the trick is to look at the suse firewall log at the moment you try a print operation, and see
what is rejected.

You normally need to open port “ipp” (631) on both machines.

FW_SERVICES_*_TCP=“ipp”.

And perhaps udp too (not sure).

Time ago, when you configured printing in yast you could say to open the firewall for you. This
feature was removed (11.3?)

A safer option, is to restrict which IPs can use printing services:

FW_TRUSTED_NETS=“172.16.168.129,tcp,ipp 172.16.168.129,udp,ipp”

Some more info:

<http://lists.opensuse.org/opensuse/2009-07/msg00068.html>

–
Cheers / Saludos,

Carlos E. R.
(from 11.2 x86_64 “Emerald” at Telcontar)

user · October 13, 2010, 7:23am

On Sun, 10 Oct 2010 01:43:15 GMT, “Carlos E. R.” <robin.listas@localhost>
wrote:

>On 2010-10-09 12:24, josephkk wrote:
>> On Thu, 07 Oct 2010 04:18:51 GMT, “Carlos E. R.” <robin.listas@localhost>
>> wrote:
>>
>>> On 2010-10-07 03:25, josephkk wrote:
>>>> On Mon, 04 Oct 2010 11:06:07 GMT, didencool <> wrote:
>>>
>>>> Since this is on a home net, firewalls should be automatically updated by
>>>> Yast.
>>>
>>> No, they are not. Specially if you configured the local network as external, as I do.
>>> We had a discussion with the maintainer about this.
>>
>> Must have missed that conversation.
>
><http://lists.opensuse.org/opensuse/2010-07/msg01456.html>
>
>> I have configured my firewall on my
>> machines and they behave much more as expected now. Still can’t printto
>> the other local box. Since i have a good hardware router i chose to go
>> with my interfaces in the demilitarized zone.
>>
>> What configuration information from my suse 11.1 systems do you want for
>> troubleshooting?
>
>Well, the trick is to look at the suse firewall log at the moment you try a print operation, and see
>what is rejected.
>
>You normally need to open port “ipp” (631) on both machines.
>
>FW_SERVICES_*_TCP=“ipp”.
>
>And perhaps udp too (not sure).
>
>Time ago, when you configured printing in yast you could say to open thefirewall for you. This
>feature was removed (11.3?)
>
>
>A safer option, is to restrict which IPs can use printing services:
>
>FW_TRUSTED_NETS=“172.16.168.129,tcp,ipp 172.16.168.129,udp,ipp”
>
>
>Some more info:
>
><http://lists.opensuse.org/opensuse/2009-07/msg00068.html>

Made plenty big openings in the firewall on both machines. Explicitly
opened port 631 to all DMZ, and added cups to allowed services for (all of
my) interfaces attached to DMZ . No help, no change.

Ok, where are the configuration files on 11.1? Yast refuses to do
anything useful with the cups configuration. The Yast firewall settings
are rather coarse and crude as well.

user · October 13, 2010, 1:51pm

On 2010-10-13 07:23, josephkk wrote:
> On Sun, 10 Oct 2010 01:43:15 GMT, “Carlos E. R.” <> wrote:

> Made plenty big openings in the firewall on both machines. Explicitly
> opened port 631 to all DMZ, and added cups to allowed services for (all of
> my) interfaces attached to DMZ . No help, no change.

Mmmm?

I doubt that being in the DMZ helps in this case, DMZ is quite special and protected. Not even
routed, perhaps.

> Ok, where are the configuration files on 11.1? Yast refuses to do
> anything useful with the cups configuration.

Simply use a browser pointing to “http://localhost:631/”. The files are where all configuration
files are, under /etc - that would be a file of the same name as the program involved, or a
directory of that name or the name with a .d. In this case, that means “/etc/cups/”.

> The Yast firewall settings
> are rather coarse and crude as well.

Look in the file “/etc/sysconfig/SuSEfirewall2”.

–
Cheers / Saludos,

Carlos E. R.
(from 11.2 x86_64 “Emerald” at Telcontar)

user · October 15, 2010, 9:00am

On Wed, 13 Oct 2010 11:51:26 GMT, “Carlos E. R.”
<robin.listas@localhost> wrote:

>On 2010-10-13 07:23, josephkk wrote:
>> On Sun, 10 Oct 2010 01:43:15 GMT, “Carlos E. R.” <> wrote:
>
>> Made plenty big openings in the firewall on both machines. Explicitly
>> opened port 631 to all DMZ, and added cups to allowed services for (all of
>> my) interfaces attached to DMZ . No help, no change.
>
>Mmmm?
>
>I doubt that being in the DMZ helps in this case, DMZ is quite special and protected. Not even
>routed, perhaps.
>
I can bring up the remote (other) machines cups page just fine. Port
631 is open.

>> Ok, where are the configuration files on 11.1? Yast refuses to do
>> anything useful with the cups configuration.
>
>Simply use a browser pointing to “http://localhost:631/”. The files are where all configuration
>files are, under /etc - that would be a file of the same name as the program involved, or a
>directory of that name or the name with a .d. In this case, that means “/etc/cups/”.
>
>> The Yast firewall settings
>> are rather coarse and crude as well.
>
>Look in the file “/etc/sysconfig/SuSEfirewall2”.

Interesting reading, found two typos.

News; tried to send all printer output to particular machine and it
works. But this is wrong as there is a local label printer. Maybe i
can fix it later without bunging up the existing remote printer.

user · October 15, 2010, 12:42pm

On 2010-10-15 09:00, josephkk wrote:
> On Wed, 13 Oct 2010 11:51:26 GMT, “Carlos E. R.” <> wrote:

>> I doubt that being in the DMZ helps in this case, DMZ is quite special and protected. Not even
>> routed, perhaps.
>>
> I can bring up the remote (other) machines cups page just fine. Port
> 631 is open.

Typically, a machine in the DMZ can connect to the outside and viceversa, but not to inside the
local network, or the other way round. DMZ is designed to be isolated, that is not the place for a
print server.

Read the documentation on cups security issues, it is not a safe service.

–
Cheers / Saludos,

Carlos E. R.
(from 11.2 x86_64 “Emerald” at Telcontar)

user · October 19, 2010, 8:46am

On Fri, 15 Oct 2010 10:42:27 GMT, “Carlos E. R.”
<robin.listas@localhost> wrote:

>On 2010-10-15 09:00, josephkk wrote:
>> On Wed, 13 Oct 2010 11:51:26 GMT, “Carlos E. R.” <> wrote:
>
>
>>> I doubt that being in the DMZ helps in this case, DMZ is quite special and protected. Not even
>>> routed, perhaps.
>>>
>> I can bring up the remote (other) machines cups page just fine. Port
>> 631 is open.
>
>Typically, a machine in the DMZ can connect to the outside and viceversa, but not to inside the
>local network, or the other way round. DMZ is designed to be isolated, that is not the place for a
>print server.
>
>Read the documentation on cups security issues, it is not a safe service.

From what i have been reading thr suse firewall routing determines
what suse will route between internal interfaces and DMZ interfaces
and external interfaces (which should be on different NICs, otherwise
the routing property does not make sense). Since all of my real
routing is done by external hardware it should not make much
difference. Access to the external world is filtered differently by
different hardware.