Re: Allowing network printing through Arno's IP Tables

To: debian-user@lists.debian.org
Subject: Re: Allowing network printing through Arno's IP Tables
From: AG <computing.account@googlemail.com>
Date: Wed, 29 Dec 2010 15:43:17 +0000
Message-id: <[🔎] 4D1B5715.6090401@gmail.com>
Reply-to: computing.account@gmail.com
In-reply-to: <[🔎] pan.2010.12.28.15.02.22@gmail.com>
References: <[🔎] 4D19D131.5080807@gmail.com> <[🔎] pan.2010.12.28.15.02.22@gmail.com>

On 28/12/10 15:02, Camaleón wrote:

On Tue, 28 Dec 2010 11:59:45 +0000, AG wrote:

I have recently installed Arno's IP Tables on my Deb testing machine and
want to know how I can allow print privileges to a second computer,
because my machine runs the print server (CUPS).

(...)

First I would test is stopping Arno's IP Tables service and check if it
works, just to ensure the firewall rule is the culprit :-)

I'm not very good at "firewalling" but I guess you will have to put your
internal network inside the "trusted" side. By performing a quick read on
the Arno's IP tables manual ("/usr/share/doc/arno-iptables-firewall/
README.gz") I suppose it should be set using "FULL_ACCESS_HOSTS"
variable. If that works, then you can fine-tune the rule and allow access
only to the desired host in the required port.

Greetings,


Hello Camaleón

Thanks for your prompt reply. In response to your first suggestion, yes- I have already eliminated other options: it *is* a firewall rule issue.

In following your second suggestion - I already reviewed that file priorto posting my query. I am a little confused though because my machineis single-homed because it only has one NIC. However, it is throughthis NIC that the client machine must access the print server, so it isa single-homed machine, but serving one service to the LAN whileaccessing the (outside) Net.

In the actual firewall.conf file, this situation becomes even moreconfusing, because it notes:

"Specify here your internal network (LAN) interface(s). Multiple(!)interfacesshould be space separated. Remark this if you don't have any internalnetwork

interfaces. Note that by default ALL traffic is accepted from these
interfaces."

But this is not happening - the traffic is being blocked. Now I wonderif this is because the eth0 (i.e. ext_if) is seeing internallyoriginating traffic as originating from outside, because it is sharingthe same NIC?

Any other thoughts because I am (understandably) quite leery aboutadjusting settings without a full understanding of the implications ofdoing so.


Cheers

AG

Reply to:

Follow-Ups:
- Re: Allowing network printing through Arno's IP Tables
  - From: Camaleón <noelamac@gmail.com>

References:
- Allowing network printing through Arno's IP Tables
  - From: AG <computing.account@googlemail.com>
- Re: Allowing network printing through Arno's IP Tables
  - From: Camaleón <noelamac@gmail.com>

Prev by Date: Re: saytime kills sound
Next by Date: Re: Problems with Pacemaker + Corosync after reboot
Previous by thread: Re: Allowing network printing through Arno's IP Tables
Next by thread: Re: Allowing network printing through Arno's IP Tables
Index(es):
- Date
- Thread