[cups.bugs] CUPS and Shorewall firewall interfering with each other

Anonymous anonymous at easysw.com
Sat Jan 15 14:22:56 PST 2005 

I encountered a similar issue. I deleted and re-added the printer on each client (thankfully only a few) but had to pass it the path to the printer using the ip address, not the name. For anything else I can access the server using \\name and it works, but for the printer setup it only works with \\ipaddress\printername. The printer worked fine after that though I still cannot browse to it.

Never had a problem with CUPS and Shorewall until I restarted the server after some routine work. I wouldn't have minded if I was playing with network settings but all I did was take out a broken FDD and replace it with a new one :D

> I don't know how you rfirewall really works, but keep in mind that -
> with LPD printing -
> the port 515 is the DESTINATION port, whereas the source port lies
> between
> 721 and 732 (if "reserve=yes" is defined as an option in the device URL)
> or is even
> a port above 1024.
>
> Helge
>
>
> Erik Reuter wrote:
> >
> > I'm having a problem with CUPS and the Shorewall firewall interfering
> > with each other.
> >
> >    Linux kernel 2.6.9
> >    CUPS 1.1.22-2
> >    Shorewall 2.0.13
> >
> > CUPS was working fine to print to my Epson C84 (network connected via a
> > Netgear PS101 print server using lpd://PS101.IP.address/raw ) until I
> > installed the Shorewall firewall on the machine running CUPS.
> >
> > When I installed Shorewall, I opened up port 515 for lpd printing from
> > the firewall to the local network
> >
> >    ACCEPT          fw              loc             tcp     515  # LPD
> >
> > so I didn't anticipate any problems with CUPS printing.
> >
> > However, as soon as I started the Shorewall firewall, I found that I
> > could no longer print from the firewall machine using CUPS.
> >
> > Okay, my first thought was that I had to open more ports in the
> > firewall. So I checked the Shorewall packet reject log to see which
> > ports I would need to open. Surprisingly, NO PACKETS RELATED TO PRINTING
> > HAD BEEN REJECTED. It was not a logging problem, because there were
> > packets occasionally being rejected, but not during the times when I was
> > trying to print.
> >
> > Just to make sure, I put a couple lines in my Shorewall policy file to
> > open ALL ports between fw<->loc , and I still could not print.
> >
> > So, with the exception of printing with CUPS, the Shorewall firewall
> > is working with all of my other programs. And with the exceptions of
> > Shorewall, the CUPS printing works with all of my other programs. But I
> > cannot use CUPS and Shorewall together, since they seem to interfere.
> >
> > How can I find out the source of the interference? What is the best way
> > to troubleshoot this?
> >
> > Here's some output from the end of the CUPS log from when I try a print
> > job:
> >
> > D [28/Dec/2004:12:05:40 -0500] [Job 9] GIMP-PRINT tossing right 0
> > I [28/Dec/2004:12:05:40 -0500] [Job 9] Finished page 1...
> > d [28/Dec/2004:12:05:40 -0500] PID 7522 exited with no errors.
> > D [28/Dec/2004:12:05:40 -0500] [Job 9] GIMP-PRINT: Image_height 3915
> > D [28/Dec/2004:12:05:40 -0500] [Job 9] GIMP-PRINT: Image_width 3060
> > D [28/Dec/2004:12:05:40 -0500] [Job 9] GIMP-PRINT: Image_width 3060
> > D [28/Dec/2004:12:05:40 -0500] [Job 9] GIMP-PRINT: Image_height 3915
> > D [28/Dec/2004:12:05:40 -0500] [Job 9] GIMP-PRINT: Image_height 3915
> > D [28/Dec/2004:12:05:40 -0500] [Job 9] GIMP-PRINT: Image_width 3060
> > I [28/Dec/2004:12:05:40 -0500] [Job 9] Ready to print.
> > I [28/Dec/2004:12:05:40 -0500] [Job 9] Attempting to connect to host
> > 192.168.0.1
> > 9 for printer raw
> > d [28/Dec/2004:12:05:40 -0500] PID 7523 exited with no errors.
> > d [28/Dec/2004:12:05:41 -0500] select_timeout: 11 seconds to process
> > active jobs
>
> --
> Helge Blischke
> Softwareentwicklung
> SRZ Berlin | Firmengruppe besscom
> http://www.srz.de
> tel: +49 30 75301-360

More information about the cups mailing list