April 28, 2024, 11:06:35 AM

News : LinuxSolved.com Linux Help Community Forum..

 

« previous next »
Pages: [1]

Author Topic: Firewall settings for samba and cups  (Read 4247 times)

Offline nickcol

  • Linux Noob !
  • *
  • Posts: 5
Firewall settings for samba and cups
« on: December 08, 2004, 03:57:35 PM »
Im running a rh9 server with samba - cups printing and webmin on it.

Cups is set to print to network printers on various ip:9100 and ip:9101

if IP tables is set to ALLOW ALL then the cups printing works.

but When you drop ALL INCOMING PACKETS Except for

TCP 1000 Webmin
TCP 22 SSL
TCP + UDP 137-139 Samba

Cups printing stops working. You cannot even access Printers through webmin. I have tried various ports ie 631 445  9100 but cannot get the printing to work with the firewall enabled.
 Samba shares and webmin are ok with it enabled.

Nick
Logged

Offline Ricky

  • LST CareTaker
  • Specially Skilled
  • *****
  • Posts: 2381
Re: Firewall settings for samba and cups
« Reply #1 on: December 08, 2004, 05:49:14 PM »
Quote from: "nickcol"
Im running a rh9 server with samba - cups printing and webmin on it.

Cups is set to print to network printers on various ip:9100 and ip:9101

if IP tables is set to ALLOW ALL then the cups printing works.

but When you drop ALL INCOMING PACKETS Except for

TCP 1000 Webmin
TCP 22 SSL
TCP + UDP 137-139 Samba

Cups printing stops working. You cannot even access Printers through webmin. I have tried various ports ie 631 445  9100 but cannot get the printing to work with the firewall enabled.
 Samba shares and webmin are ok with it enabled.

Nick


are you sure the rules you mad are correct !
btw. webmin uses port 10000 ,
You can made firewall in such way that i denyes all and then give access to only required one ...

that is.. Another approach to firewalls is to drop everything and then grant access to each port you may need.
Code: [Select]
iptables -F
iptables -A INPUT -i lo -p all -j ACCEPT                       - Allow self access by loopback interface
iptables -A OUTPUT -o lo -p all -j ACCEPT
iptables -A INPUT -i eth0 -m state --state ESTABLISHED,RELATED -j ACCEPT - Accept established connections
iptables -A INPUT -p tcp --tcp-option ! 2 -j REJECT --reject-with tcp-reset
iptables -A INPUT -p tcp -i eth0 --dport 21 -j ACCEPT          - Open ftp port
iptables -A INPUT -p udp -i eth0 --dport 21 -j ACCEPT
iptables -A INPUT -p tcp -i eth0 --dport 22 -j ACCEPT          - Open secure shell port
iptables -A INPUT -p udp -i eth0 --dport 22 -j ACCEPT
iptables -A INPUT -p tcp -i eth0 --dport 80 -j ACCEPT          - Open HTTP port
iptables -A INPUT -p udp -i eth0 --dport 80 -j ACCEPT
iptables -A INPUT -p tcp --syn -s 192.168.10.0/24 --destination-port 139 -j ACCEPT   - Accept local network Samba connection
iptables -A INPUT -p tcp --syn -s trancas --destination-port 139 -j ACCEPT
iptables -P INPUT DROP                                        - Drop all other connection attempts. Only connections defined

btw.. above is a copy + paste

You can also add other ports similarly..
Logged

Offline nickcol

  • Linux Noob !
  • *
  • Posts: 5
Firewall settings for samba and cups
« Reply #2 on: December 09, 2004, 11:38:30 AM »
Sorry webmin does use 10000, Typing mistake.

When I deny all on incoming packets on eth0

Then Allow the following
 
10000(webmin),  TCP 22 (SSL), TCP + UDP 137-139 (Samba), TCP80 (websrv)

Samba and webmin +ssl works but samba-cups printing to external network printers fails. I have tried to allow several ports and ranges but cannot find the correct one. Does anyone know. ?


Thanks

Nick
Logged
Pages: [1]
« previous next »