On 05/06/2017 06:28 AM, Tim wrote:
Allegedly, on or about 06 May 2017, Javier Perez sent:
Ended up accepting all the traffic from the printer IP on the
firewall.
Now it works.
Forgot to add: Now that it works, do a check on what traffic is going
to and from the device, and see if you can figure out which particular
ports need to be allowed through the firewall.
That shows that it was a firewalling problem the whole time.
Tim is absolutely correct. Firewall rules *must* be written to account
for *both* traffic directions although one is typically less specific
than the other.
The following rule will allow traffic returning from the printer:
# pedantic
iptables --table filter
--append INPUT
--source <printer_IP>
--match conntrack
--ctstate ESTABLISHED
--jump ACCEPT
# shorthand
iptables -A INPUT -s printer_IP -m conntrack --ctstate EST -j ACCEPT
_______________________________________________
users mailing list -- users@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe send an email to users-leave@xxxxxxxxxxxxxxxxxxxxxxx
