cups: no access with dyndns

Michael Sweet mike at easysw.com
Thu Aug 5 06:30:04 PDT 2004 

jba wrote:
> Dear List,
> 
> I have a box running debian woody and cups 1.1.14. Cups is running fine.
> Using http://localhost:631 I can reach it with my brwowser. The next
> step for me was to try access from the internet. My system has just one
> network connection (dsl, no LAN). Since I always get a dynamic ip from
> my provider, I have an symbolic adress at dyndns.or (e.g.
> lisa.dyndns.org). This address works fine (I testet it from different
> computers). I then opened port 631 in the firewall and tried
> http://lisa.dyndns.org:631 to access cups from my own system. This did
> not work with the default settings. It seems that cups handles this in
> the same way as an external access. Ok, I can then use this to test
> access from outside without a second system.
> 
> Next I changed the original section of cupsd.conf:
> 
> 	<Location />
> 	Order Deny,Allow
> 	Deny From All
> 	Allow From 127.0.0.1
> 	</Location>
> 
> and added my actual ip:
> 
> 	Allow from 80.133.12.21
> 
> After that it worked as it should. The next step was to put in the name
> of the interface at my provider and to remove the numeric ip:
> 
> 	Allow from p50850C15.dip0.t-ipconnect.de
> 
> I also added the option
> 
> 	HostNameLookups On
> 
> (Yes, after each change I restarted cups)
> 
> With this configuration it also worked.
> 
> Then I tried the same using my address at dyndns.org:
> 
> 	Allow From lisa.dyndns.org
> 
> And this did not work! The browser tells me, that I do not have acess
> rights. How can this be? It seems that cups differentiates between
> dynamic and static names. Is this intended? Is there any option to
> change this?

Probably what is happening is that the reverse lookup of the IP
address is not returning lisa.dyndns.org.

A simpler solution is to use:

     Allow from @LOCAL

which will allow access on the local subnet (of which your IP is
a part), however that would mean that anyone else on the same DSL
segment would be able to access your system, too...

I think we could provide an @name for the local interface addresses,
such that access would be allowed from the local machine's addresses
no matter what they are currently set to.  If you are interested in
that functionality, could you file a request at:

     http://www.cups.org/str.php

That way we can track it as it is implemented...

-- 
______________________________________________________________________
Michael Sweet, Easy Software Products           mike at easysw dot com
Printing Software for UNIX                       http://www.easysw.com

More information about the cups mailing list