Linux Forums - Linux Help,Advice & support community:LinuxSolved.com

Network Troublshooting => Linux Servers Support => Topic started by: nickcol on December 08, 2004, 03:57:35 PM

Title: Firewall settings for samba and cups
Post by: nickcol on December 08, 2004, 03:57:35 PM

Im running a rh9 server with samba - cups printing and webmin on it.

Cups is set to print to network printers on various ip:9100 and ip:9101

if IP tables is set to ALLOW ALL then the cups printing works.

but When you drop ALL INCOMING PACKETS Except for

TCP 1000 Webmin
TCP 22 SSL
TCP + UDP 137-139 Samba

Cups printing stops working. You cannot even access Printers through webmin. I have tried various ports ie 631 445  9100 but cannot get the printing to work with the firewall enabled.
 Samba shares and webmin are ok with it enabled.

Nick

Title: Re: Firewall settings for samba and cups
Post by: Ricky on December 08, 2004, 05:49:14 PM

Quote from: "nickcol"

Im running a rh9 server with samba - cups printing and webmin on it.

Cups is set to print to network printers on various ip:9100 and ip:9101

if IP tables is set to ALLOW ALL then the cups printing works.

but When you drop ALL INCOMING PACKETS Except for

TCP 1000 Webmin
TCP 22 SSL
TCP + UDP 137-139 Samba

Cups printing stops working. You cannot even access Printers through webmin. I have tried various ports ie 631 445  9100 but cannot get the printing to work with the firewall enabled.
 Samba shares and webmin are ok with it enabled.

Nick

are you sure the rules you mad are correct !
btw. webmin uses port 10000 ,
You can made firewall in such way that i denyes all and then give access to only required one ...

that is.. Another approach to firewalls is to drop everything and then grant access to each port you may need.

Code: [Select]

iptables -F
iptables -A INPUT -i lo -p all -j ACCEPT                       - Allow self access by loopback interface
iptables -A OUTPUT -o lo -p all -j ACCEPT
iptables -A INPUT -i eth0 -m state --state ESTABLISHED,RELATED -j ACCEPT - Accept established connections
iptables -A INPUT -p tcp --tcp-option ! 2 -j REJECT --reject-with tcp-reset
iptables -A INPUT -p tcp -i eth0 --dport 21 -j ACCEPT          - Open ftp port
iptables -A INPUT -p udp -i eth0 --dport 21 -j ACCEPT
iptables -A INPUT -p tcp -i eth0 --dport 22 -j ACCEPT          - Open secure shell port
iptables -A INPUT -p udp -i eth0 --dport 22 -j ACCEPT
iptables -A INPUT -p tcp -i eth0 --dport 80 -j ACCEPT          - Open HTTP port
iptables -A INPUT -p udp -i eth0 --dport 80 -j ACCEPT
iptables -A INPUT -p tcp --syn -s 192.168.10.0/24 --destination-port 139 -j ACCEPT   - Accept local network Samba connection
iptables -A INPUT -p tcp --syn -s trancas --destination-port 139 -j ACCEPT
iptables -P INPUT DROP                                        - Drop all other connection attempts. Only connections defined

btw.. above is a copy + paste

You can also add other ports similarly..

Title: Firewall settings for samba and cups
Post by: nickcol on December 09, 2004, 11:38:30 AM

Sorry webmin does use 10000, Typing mistake.

When I deny all on incoming packets on eth0

Then Allow the following
 
10000(webmin),  TCP 22 (SSL), TCP + UDP 137-139 (Samba), TCP80 (websrv)

Samba and webmin +ssl works but samba-cups printing to external network printers fails. I have tried to allow several ports and ranges but cannot find the correct one. Does anyone know. ?


Thanks

Nick