Linux Forums - Linux Help,Advice & support community:LinuxSolved.com
Network Troublshooting => Linux Servers Support => Topic started by: nickcol on December 08, 2004, 03:57:35 PM
-
Im running a rh9 server with samba - cups printing and webmin on it.
Cups is set to print to network printers on various ip:9100 and ip:9101
if IP tables is set to ALLOW ALL then the cups printing works.
but When you drop ALL INCOMING PACKETS Except for
TCP 1000 Webmin
TCP 22 SSL
TCP + UDP 137-139 Samba
Cups printing stops working. You cannot even access Printers through webmin. I have tried various ports ie 631 445 9100 but cannot get the printing to work with the firewall enabled.
Samba shares and webmin are ok with it enabled.
Nick
-
Im running a rh9 server with samba - cups printing and webmin on it.
Cups is set to print to network printers on various ip:9100 and ip:9101
if IP tables is set to ALLOW ALL then the cups printing works.
but When you drop ALL INCOMING PACKETS Except for
TCP 1000 Webmin
TCP 22 SSL
TCP + UDP 137-139 Samba
Cups printing stops working. You cannot even access Printers through webmin. I have tried various ports ie 631 445 9100 but cannot get the printing to work with the firewall enabled.
Samba shares and webmin are ok with it enabled.
Nick
are you sure the rules you mad are correct !
btw. webmin uses port 10000 ,
You can made firewall in such way that i denyes all and then give access to only required one ...
that is.. Another approach to firewalls is to drop everything and then grant access to each port you may need.
iptables -F
iptables -A INPUT -i lo -p all -j ACCEPT - Allow self access by loopback interface
iptables -A OUTPUT -o lo -p all -j ACCEPT
iptables -A INPUT -i eth0 -m state --state ESTABLISHED,RELATED -j ACCEPT - Accept established connections
iptables -A INPUT -p tcp --tcp-option ! 2 -j REJECT --reject-with tcp-reset
iptables -A INPUT -p tcp -i eth0 --dport 21 -j ACCEPT - Open ftp port
iptables -A INPUT -p udp -i eth0 --dport 21 -j ACCEPT
iptables -A INPUT -p tcp -i eth0 --dport 22 -j ACCEPT - Open secure shell port
iptables -A INPUT -p udp -i eth0 --dport 22 -j ACCEPT
iptables -A INPUT -p tcp -i eth0 --dport 80 -j ACCEPT - Open HTTP port
iptables -A INPUT -p udp -i eth0 --dport 80 -j ACCEPT
iptables -A INPUT -p tcp --syn -s 192.168.10.0/24 --destination-port 139 -j ACCEPT - Accept local network Samba connection
iptables -A INPUT -p tcp --syn -s trancas --destination-port 139 -j ACCEPT
iptables -P INPUT DROP - Drop all other connection attempts. Only connections defined
btw.. above is a copy + paste
You can also add other ports similarly..
-
Sorry webmin does use 10000, Typing mistake.
When I deny all on incoming packets on eth0
Then Allow the following
10000(webmin), TCP 22 (SSL), TCP + UDP 137-139 (Samba), TCP80 (websrv)
Samba and webmin +ssl works but samba-cups printing to external network printers fails. I have tried to allow several ports and ranges but cannot find the correct one. Does anyone know. ?
Thanks
Nick