Re: Finding out what port to open on the firewall

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Hi Mike.
I always knew it was a firewall problem.
I just did not want to open the firewall to the whole ip address, specially given the fact that I was already printing without problem.
But I was not able myself to find out what ports I had to open on the firewall to make it work (yet!).

I will keep trying to find out how the traffic goes with tcdump and wireshark
Thanks for the suggestion!



On Sat, May 6, 2017 at 10:35 AM, Mike Wright <nobody@xxxxxxxxxxxxxxxxxxxx> wrote:
On 05/06/2017 06:28 AM, Tim wrote:
Allegedly, on or about 06 May 2017, Javier Perez sent:
Ended up accepting all the traffic from the printer IP on the
firewall.

Now it works.

Forgot to add:  Now that it works, do a check on what traffic is going
to and from the device, and see if you can figure out which particular
ports need to be allowed through the firewall.


That shows that it was a firewalling problem the whole time.

Tim is absolutely correct.  Firewall rules *must* be written to account for *both* traffic directions although one is typically less specific than the other.

The following rule will allow traffic returning from the printer:

# pedantic
iptables --table   filter
         --append  INPUT
         --source  <printer_IP>
         --match   conntrack
         --ctstate ESTABLISHED
         --jump    ACCEPT

# shorthand
iptables -A INPUT -s printer_IP -m conntrack --ctstate EST -j ACCEPT
_______________________________________________
users mailing list -- users@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe send an email to users-leave@lists.fedoraproject.org



--
------------------------------
 /\_/\  
 |O O|  pepebuho@xxxxxxxxx
 ~~~~     Javier Perez
 ~~~~          While the night runs
 ~~~~          toward the day...
  m m       Pepebuho watches
                from his high perch.
_______________________________________________
users mailing list -- users@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe send an email to users-leave@xxxxxxxxxxxxxxxxxxxxxxx
[Index of Archives]     [Older Fedora Users]     [Fedora Announce]     [Fedora Package Announce]     [EPEL Announce]     [EPEL Devel]     [Fedora Magazine]     [Fedora Summer Coding]     [Fedora Laptop]     [Fedora Cloud]     [Fedora Advisory Board]     [Fedora Education]     [Fedora Security]     [Fedora Scitech]     [Fedora Robotics]     [Fedora Infrastructure]     [Fedora Websites]     [Anaconda Devel]     [Fedora Devel Java]     [Fedora Desktop]     [Fedora Fonts]     [Fedora Marketing]     [Fedora Management Tools]     [Fedora Mentors]     [Fedora Package Review]     [Fedora R Devel]     [Fedora PHP Devel]     [Kickstart]     [Fedora Music]     [Fedora Packaging]     [Fedora SELinux]     [Fedora Legal]     [Fedora Kernel]     [Fedora OCaml]     [Coolkey]     [Virtualization Tools]     [ET Management Tools]     [Yum Users]     [Yosemite News]     [Gnome Users]     [KDE Users]     [Fedora Art]     [Fedora Docs]     [Fedora Sparc]     [Libvirt Users]     [Fedora ARM]

  Powered by Linux