ipfw & cups
To my ipfw firewall I have added, according to what I found in the internet, the following rule to allow the use of cupsd on the same box: 00520 allow ip from any to any dst-port 631 in to no avail because it is not even checked as you can see below from the log (obtained from kde kcontrol center trying (and failing) to display the connected cups' printers): Am I missing something? What should I do? Ciao Vittorio .. NbBSD# ipfw -td list 00500 check-state 00501 Mon Oct 2 17:10:13 2006 deny tcp from any to any established 00502 deny ip from any to any frag 00503 Mon Oct 2 17:10:13 2006 allow ip from any to any via lo0 00514 deny ip from any to any not verrevpath in 00520 allow ip from any to any dst-port 631 in 00525 deny ip from any to 127.0.0.0/8 ... ... 00609 allow tcp from 10.155.102.6 1491 to any 00610 allow tcp from me to any dst-port 53 out via fxp0 keep-state 00612 allow udp from me to any dst-port 53 out via fxp0 keep-state 00700 allow icmp from 10.155.0.0/16 to any via fxp0 65535 Mon Oct 2 17:10:13 2006 deny ip from any to any ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
ipfw & cups
As an IPFW newbye with the following rules I'm unable to use cupsd in the same box where ipfw is running; cups seems to hang endlessly (rule 631 is about the port 631). What ami I missing Ciao Vittorio # ipfw list 00500 check-state 00501 deny tcp from any to any established 00502 deny ip from any to any frag 00503 allow ip from any to any via lo0 00504 deny ip from any to any not verrevpath in 00505 deny ip from any to 127.0.0.0/8 00508 deny ip from 127.0.0.0/8 to any 00590 allow tcp from 10.155.100.0/24 to me dst-port 22,80 via iwi0 setup keep-state 00595 allow tcp from me to any dst-port 22,80,443 via iwi0 setup keep-state 00597 allow ip from me to any dst-port 20,21 out setup keep-state 00601 allow tcp from 10.155.100.0/24 to me dst-port 81,137-139,445 via iwi0 setup keep-state 00602 allow udp from 10.155.100.0/24 to me dst-port 123,81,137,138,139,445 via iwi0 setup keep-state 00603 allow tcp from me to 10.155.100.0/24 dst-port 81,137-139,445 via iwi0 setup keep-state 00604 allow udp from me to 10.155.100.0/24 dst-port 123,81,137,138,139,445 via iwi0 setup keep-state 00605 allow tcp from 10.155.100.0/24 to me dst-port 1024,5432,5900-5909 via iwi0 setup keep-state 00607 allow udp from 10.155.100.0/24 to me dst-port 1024,5432,5900-5909 via iwi0 setup keep-state 00608 allow tcp from any to 10.155.100.33 dst-port 1491 00609 allow tcp from 10.155.100.33 1491 to any 00610 allow tcp from me to any dst-port 53 out via iwi0 keep-state 00612 allow udp from me to any dst-port 53 out via iwi0 keep-state 00631 allow tcp from 10.155.100.0/24 to me dst-port 631 00650 allow tcp from any to any dst-port 25 out via iwi0 setup keep-state 00655 allow tcp from any to any dst-port 110 out via iwi0 setup keep-state 00700 allow icmp from 10.155.100.0/24 to any via iwi0 65535 deny ip from any to any ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: ipfw & cups
On Mon, 2 Oct 2006 16:22:13 +0100 (GMT+01:00)
Vittorio <[EMAIL PROTECTED]> wrote:
> To my ipfw firewall I have added, according to what I found in the
> internet, the following rule to allow the use of cupsd on the same box:
>
> 00520 allow ip from any to any dst-port 631 in
>
> to no avail because it
> is not even checked as you can see below from the log (obtained from
> kde kcontrol center trying (and failing) to display the connected cups'
> printers):
>
> Am I missing something?
> What should I do?
> Ciao
> Vittorio
> ..
> NbBSD# ipfw -td list
> 00500 check-state
> 00501 Mon Oct 2 17:10:13
> 2006 deny tcp from any to any established
> 00502
> deny ip from any to any frag
> 00503 Mon Oct 2 17:10:13 2006 allow ip
> from any to any via lo0
> 00514 deny ip from any
> to any not verrevpath in
> 00520 allow ip from
> any to any dst-port 631 in
> 00525 deny ip from
> any to 127.0.0.0/8
> ...
> ...
> 00609 allow tcp from 10.155.102.6 1491 to any
> 00610 allow tcp from me to any dst-port 53 out
> via fxp0 keep-state
> 00612 allow udp from me to
> any dst-port 53 out via fxp0 keep-state
> 00700
> allow icmp from 10.155.0.0/16 to any via fxp0
> 65535 Mon Oct 2 17:10:13
> 2006 deny ip from any to any
can you please send your rules again , making sure there is no dates inserted
all over the place?
thx
_
{Beto|Norberto|Numard} Meijome
"Throughout the centuries there were [people] who took first steps down new
paths armed only with their own vision." Ayn Rand
I speak for myself, not my employer. Contents may be hot. Slippery when wet.
Reading disclaimers makes you go blind. Writing them is worse. You have been
Warned.
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "[EMAIL PROTECTED]"
R: Re: ipfw & cups
This are my rules (line 631 is about the same port!):
Ciao - Vittorio
#ipfw list
00500 check-state
00501 deny tcp from any to any established
00502 deny ip from any to any frag
00503 allow ip from any to any via
lo0
00505 deny ip from any to 127.0.0.0/8
00508 deny ip from 127.0.0.0
/8 to any
00590 allow tcp from 10.155.0.0/16 to me dst-port 22,80,8080
via fxp0 setup keep-state
00595 allow tcp from me to any dst-port
22,80,8080,443 via fxp0 setup keep-state
00596 allow tcp from me to
10.155.222.37 dst-port 1524 setup keep-state
00601 allow tcp from
10.155.0.0/16 to me dst-port 81,137-139,445 via fxp0 setup keep-state
00602 allow udp from 10.155.0.0/16 to me dst-port
123,81,137,138,139,445 via fxp0 setup keep-state
00603 allow tcp from
me to any dst-port 81,137-139,445 via fxp0 setup keep-state
00604 allow
udp from me to any dst-port 123,81,137,138,139,445 via fxp0 setup keep-
state
00605 allow tcp from 10.155.0.0/16 to me dst-port
1024,3306,5432,5900-5909 via fxp0 setup keep-state
00607 allow udp from
10.155.0.0/16 to me dst-port 1024,3306,5432,5900 via fxp0 setup keep-
state
00608 allow tcp from any to 10.155.102.6 dst-port 1491
00609
allow tcp from 10.155.102.6 1491 to any
00610 allow tcp from me to any
dst-port 53 out via fxp0 keep-state
00612 allow udp from me to any dst-
port 53 out via fxp0 keep-state
00631 allow tcp from 10.155.0.0/16 to
me dst-port 631
00700 allow icmp from 10.155.0.0/16 to any via fxp0
65535 deny ip from any to any
Sorry for the way they're displayed but
I'm writing on an awful webmail
Ciao
Vittorio
>Messaggio
originale
>Da: [EMAIL PROTECTED]
>Data: 3-ott-2006 7.08
>A:
>Cc: "Vittorio"<[EMAIL PROTECTED]>
>Ogg:
Re: ipfw & cups
>
>On Mon, 2 Oct 2006 16:22:13 +0100 (GMT+01:00)
>Vittorio <[EMAIL PROTECTED]> wrote:
>
>> To my ipfw firewall I have
added, according to what I found in the
>> internet, the following
rule to allow the use of cupsd on the same box:
>>
>> 00520 allow ip
from any to any dst-port 631 in
>>
>> to no avail because it
>> is
not even checked as you can see below from the log (obtained from
>>
kde kcontrol center trying (and failing) to display the connected
cups'
>> printers):
>>
>> Am I missing something?
>> What should I
do?
>> Ciao
>> Vittorio
>> ..
>>
NbBSD# ipfw -td list
>> 00500 check-state
>>
00501 Mon Oct 2 17:10:13
>> 2006 deny tcp from any to any established
>> 00502
>> deny ip from any to any frag
>>
00503 Mon Oct 2 17:10:13 2006 allow ip
>> from any to any via lo0
>>
00514 deny ip from any
>> to any not
verrevpath in
>> 00520 allow ip from
>> any to
any dst-port 631 in
>> 00525 deny ip from
>>
any to 127.0.0.0/8
>>
...
>>
...
>> 00609 allow tcp from 10.155.102.6 1491 to
any
>> 00610 allow tcp from me to any dst-port
53 out
>> via fxp0 keep-state
>> 00612 allow
udp from me to
>> any dst-port 53 out via fxp0 keep-state
>>
00700
>> allow icmp from 10.155.0.0/16 to any
via fxp0
>> 65535 Mon Oct 2 17:10:13
>> 2006 deny ip from any to any
>
>can you please send your rules again , making sure there is no dates
inserted
>all over the place?
>thx
>_
>
{Beto|Norberto|Numard} Meijome
>
>"Throughout the centuries there were
[people] who took first steps down new
>paths armed only with their own
vision." Ayn Rand
>
>I speak for myself, not my employer. Contents may
be hot. Slippery when wet.
>Reading disclaimers makes you go blind.
Writing them is worse. You have been
>Warned.
>
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "[EMAIL PROTECTED]"
