| View previous topic :: View next topic |
| Author |
Message |
rajl
Apprentice
Joined: 25 Sep 2002
Posts: 287
|
 Posted: Wed Mar 26, 2003 4:44 am Post subject: allowing cups through the firewall |
 |
|
ok, I just installed cups, but found it won't print nor can I access the web interface with the following iptables rules:
| Code: |
GNU nano 1.0.9 File: /etc/init.d/firewall.rules
/sbin/iptables -F
/sbin/iptables -P INPUT DROP
/sbin/iptables -P FORWARD DROP
/sbin/iptables -A INPUT -i eth0 -m state --state ESTABLISHED,RELATED -j ACCEPT
/sbin/iptables -A INPUT -i eth0 -p tcp --dport ssh -j ACCEPT
|
My question is how can I do the following:
1) allow access to the cups web-based administrative interface from the localhost through the firewall
2) print documents from the local host to my printer through the firewall
3) allow other computers to print to my printer from anywhere through the firewall
Thank you for any help you can give.
_________________
-Rajl
-----------------------------------------------------------
It's easy to be brave once you consider the alternatives. |
|
| Back to top |
|
 |
rajl
Apprentice
Joined: 25 Sep 2002
Posts: 287
|
| Posted: Wed Mar 26, 2003 9:37 pm Post subject: |
|
|
surely someone can help me out with this issue
_________________
-Rajl
-----------------------------------------------------------
It's easy to be brave once you consider the alternatives. |
|
| Back to top |
|
|
darktux
Veteran
Joined: 16 Nov 2002
Posts: 1086
Location: Coimbra, Portugal
|
| Posted: Wed Mar 26, 2003 10:54 pm Post subject: |
|
|
Try adding
iptables -I INPUT -i eth0 -p tcp --dport 631 -j ACCEPT
that oughta do the trick, if it doesn't, try to be more specific about your firewall configuration, and what you can already do with Cups.
_________________
Lego my ego, and I'll lego your knowledge
www.tuxslare.org - My reborn website  |
|
| Back to top |
|
|
rajl
Apprentice
Joined: 25 Sep 2002
Posts: 287
|
| Posted: Thu Mar 27, 2003 5:43 am Post subject: |
|
|
I added the line
| Code: |
iptables -A INPUT -i eth0 -p tcp --dport 631 -j ACCEPT
|
to my firewall rules. didn't work.
Be more specific about my firewall configuration? I cut and pasted the entire thing I had before. Those 5 rules are it. That's as specific as it gets. When I say that nothing works with cups when that firewall is up. I mean nothing. Nada. Zilch.
_________________
-Rajl
-----------------------------------------------------------
It's easy to be brave once you consider the alternatives. |
|
| Back to top |
|
|
neilhwatson
l33t
Joined: 06 Feb 2003
Posts: 719
Location: Canada
|
| Posted: Thu Mar 27, 2003 5:40 pm Post subject: |
|
|
I'm a little confused by your use of localhost and firewall (I can't understand what box(es) are involved). Can you describe your topology a little better please.
_________________
The true guru is a teacher.
Neil Watson |
|
| Back to top |
|
|
darktux
Veteran
Joined: 16 Nov 2002
Posts: 1086
Location: Coimbra, Portugal
|
| Posted: Thu Mar 27, 2003 6:28 pm Post subject: |
|
|
| neilhwatson wrote: | | I'm a little confused by your use of localhost and firewall (I can't understand what box(es) are involved). Can you describe your topology a little better please. |
that's what I meant..
_________________
Lego my ego, and I'll lego your knowledge
www.tuxslare.org - My reborn website |
|
| Back to top |
|
|
rajl
Apprentice
Joined: 25 Sep 2002
Posts: 287
|
| Posted: Thu Mar 27, 2003 10:59 pm Post subject: |
|
|
ok...I see....I misunderstood what you were asking.
my layout is really simple. I have one desktop running linux connected directly to the internet. localhost is that box. there's no firewall box between the net and my desktop, so I had the above firewall in place on that desktop. When my current ruleset is in place, I can not connect to the administrative page for cups (even with the new rule proposed by darktux). Nor can I print anything through cups, with either ruleset in place.
_________________
-Rajl
-----------------------------------------------------------
It's easy to be brave once you consider the alternatives. |
|
| Back to top |
|
|
Praxxus
Apprentice
Joined: 26 Nov 2002
Posts: 193
Location: Indiana, US
|
| Posted: Fri Mar 28, 2003 8:40 am Post subject: Oook! |
|
|
Right below your rule for your FORWARD chain, before the two INPUT rules, add:
| Code: | iptables -A INPUT -i lo -j ACCEPT
iptables -A OUTPUT -o lo -j ACCEPT |
You'll then need to make sure you're only connecting to CUPS via localhost. In /etc/cups/cupsd.conf:
| Code: | | Listen localhost:631 |
in the appropriate place.
Restart iptables, restart CUPS.
And then when you are connecting to the management interface, use:
| Code: | | http://localhost:631 |
_________________
My glaucoma just got worse! |
|
| Back to top |
|
|
rajl
Apprentice
Joined: 25 Sep 2002
Posts: 287
|
| Posted: Sat Mar 29, 2003 4:18 am Post subject: |
|
|
cool...you're advice worked perfectly for printing from my own machine. Thank you so much.
_________________
-Rajl
-----------------------------------------------------------
It's easy to be brave once you consider the alternatives. |
|
| Back to top |
|
|
|
Networking & Security
