Re: Problem with network printing on RH 8.0

Thu, 14 Aug 2003 12:35:30 -0700 

On Sun, 2003-08-10 at 11:07, Phil Campaigne wrote:

> Hi Jason,
> Ok, here is the contents of my /etc/sysconfig/iptables:

I've attached a revised iptables file.  I assume you're using LPRng
(rather than cups).  I don't recall whether LPRng uses UDP or TCP by
default, so I've enabled both.  You might want to evaluate the output of
"netstat -van | grep 515" to see which protocol it's using and edit your
iptables file accordingly.

Make a backup of your original file, then put this one in its place
(drop the ".phil" suffix).  Restart your iptables service with "service
iptables restart" (as root).  Verify that printing still works.

P.S.  If you ever need to edit your firewall rules again, please note
that the lokkit utility is a "write-only" application.  In other words,
it doesn't have the ability to read your existing ruleset.  If you make
a new ruleset with lokkit, you'll lose the changes we just added.

HTH

-- 
Jason Dixon, RHCE
DixonGroup Consulting
http://www.dixongroup.net

# Firewall configuration written by lokkit
# Manual customization of this file is not recommended.
# Note: ifup-post will punch the current nameservers through the
#       firewall; such entries will *not* be listed here.
*filter
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
:RH-Lokkit-0-50-INPUT - [0:0]
-A INPUT -j RH-Lokkit-0-50-INPUT
-A RH-Lokkit-0-50-INPUT -p tcp -m tcp -s 0/0 --dport 515 --syn -j ACCEPT
-A RH-Lokkit-0-50-INPUT -p udp -m udp -s 0/0 --dport 515 -j ACCEPT
-A RH-Lokkit-0-50-INPUT -p udp -m udp -s 0/0 --sport 67:68 -d 0/0 --dport 67:68 -i 
eth0 -j ACCEPT
-A RH-Lokkit-0-50-INPUT -p udp -m udp -s 0/0 --sport 67:68 -d 0/0 --dport 67:68 -i 
eth1 -j ACCEPT
-A RH-Lokkit-0-50-INPUT -i lo -j ACCEPT
-A RH-Lokkit-0-50-INPUT -p tcp -m tcp --dport 0:1023 --syn -j REJECT
-A RH-Lokkit-0-50-INPUT -p tcp -m tcp --dport 2049 --syn -j REJECT
-A RH-Lokkit-0-50-INPUT -p udp -m udp --dport 0:1023 -j REJECT
-A RH-Lokkit-0-50-INPUT -p udp -m udp --dport 2049 -j REJECT
-A RH-Lokkit-0-50-INPUT -p tcp -m tcp --dport 6000:6009 --syn -j REJECT
-A RH-Lokkit-0-50-INPUT -p tcp -m tcp --dport 7100 --syn -j REJECT
COMMIT

Reply via email to