[cups.bugs] CUPS and Shorewall firewall interfering with each other

Helge Blischke h.blischke at srz.de
Mon Jan 3 05:36:52 PST 2005 

I don't know how you rfirewall really works, but keep in mind that -
with LPD printing -
the port 515 is the DESTINATION port, whereas the source port lies
between 
721 and 732 (if "reserve=yes" is defined as an option in the device URL)
or is even
a port above 1024.

Helge


Erik Reuter wrote:
> 
> I'm having a problem with CUPS and the Shorewall firewall interfering
> with each other.
> 
>    Linux kernel 2.6.9
>    CUPS 1.1.22-2
>    Shorewall 2.0.13
> 
> CUPS was working fine to print to my Epson C84 (network connected via a
> Netgear PS101 print server using lpd://PS101.IP.address/raw ) until I
> installed the Shorewall firewall on the machine running CUPS.
> 
> When I installed Shorewall, I opened up port 515 for lpd printing from
> the firewall to the local network
> 
>    ACCEPT          fw              loc             tcp     515  # LPD
> 
> so I didn't anticipate any problems with CUPS printing.
> 
> However, as soon as I started the Shorewall firewall, I found that I
> could no longer print from the firewall machine using CUPS.
> 
> Okay, my first thought was that I had to open more ports in the
> firewall. So I checked the Shorewall packet reject log to see which
> ports I would need to open. Surprisingly, NO PACKETS RELATED TO PRINTING
> HAD BEEN REJECTED. It was not a logging problem, because there were
> packets occasionally being rejected, but not during the times when I was
> trying to print.
> 
> Just to make sure, I put a couple lines in my Shorewall policy file to
> open ALL ports between fw<->loc , and I still could not print.
> 
> So, with the exception of printing with CUPS, the Shorewall firewall
> is working with all of my other programs. And with the exceptions of
> Shorewall, the CUPS printing works with all of my other programs. But I
> cannot use CUPS and Shorewall together, since they seem to interfere.
> 
> How can I find out the source of the interference? What is the best way
> to troubleshoot this?
> 
> Here's some output from the end of the CUPS log from when I try a print
> job:
> 
> D [28/Dec/2004:12:05:40 -0500] [Job 9] GIMP-PRINT tossing right 0
> I [28/Dec/2004:12:05:40 -0500] [Job 9] Finished page 1...
> d [28/Dec/2004:12:05:40 -0500] PID 7522 exited with no errors.
> D [28/Dec/2004:12:05:40 -0500] [Job 9] GIMP-PRINT: Image_height 3915
> D [28/Dec/2004:12:05:40 -0500] [Job 9] GIMP-PRINT: Image_width 3060
> D [28/Dec/2004:12:05:40 -0500] [Job 9] GIMP-PRINT: Image_width 3060
> D [28/Dec/2004:12:05:40 -0500] [Job 9] GIMP-PRINT: Image_height 3915
> D [28/Dec/2004:12:05:40 -0500] [Job 9] GIMP-PRINT: Image_height 3915
> D [28/Dec/2004:12:05:40 -0500] [Job 9] GIMP-PRINT: Image_width 3060
> I [28/Dec/2004:12:05:40 -0500] [Job 9] Ready to print.
> I [28/Dec/2004:12:05:40 -0500] [Job 9] Attempting to connect to host
> 192.168.0.1
> 9 for printer raw
> d [28/Dec/2004:12:05:40 -0500] PID 7523 exited with no errors.
> d [28/Dec/2004:12:05:41 -0500] select_timeout: 11 seconds to process
> active jobs

-- 
Helge Blischke
Softwareentwicklung
SRZ Berlin | Firmengruppe besscom
http://www.srz.de
tel: +49 30 75301-360

More information about the cups mailing list