On 28/12/10 15:02, Camaleón wrote:
On Tue, 28 Dec 2010 11:59:45 +0000, AG wrote:
I have recently installed Arno's IP Tables on my Deb testing machine and
want to know how I can allow print privileges to a second computer,
because my machine runs the print server (CUPS).
(...)
First I would test is stopping Arno's IP Tables service and check if it
works, just to ensure the firewall rule is the culprit :-)
I'm not very good at "firewalling" but I guess you will have to put your
internal network inside the "trusted" side. By performing a quick read on
the Arno's IP tables manual ("/usr/share/doc/arno-iptables-firewall/
README.gz") I suppose it should be set using "FULL_ACCESS_HOSTS"
variable. If that works, then you can fine-tune the rule and allow access
only to the desired host in the required port.
Greetings,
Hello Camaleón
Thanks for your prompt reply. In response to your first suggestion, yes
- I have already eliminated other options: it *is* a firewall rule issue.
In following your second suggestion - I already reviewed that file prior
to posting my query. I am a little confused though because my machine
is single-homed because it only has one NIC. However, it is through
this NIC that the client machine must access the print server, so it is
a single-homed machine, but serving one service to the LAN while
accessing the (outside) Net.
In the actual firewall.conf file, this situation becomes even more
confusing, because it notes:
"Specify here your internal network (LAN) interface(s). Multiple(!)
interfaces
should be space separated. Remark this if you don't have any internal
network
interfaces. Note that by default ALL traffic is accepted from these
interfaces."
But this is not happening - the traffic is being blocked. Now I wonder
if this is because the eth0 (i.e. ext_if) is seeing internally
originating traffic as originating from outside, because it is sharing
the same NIC?
Any other thoughts because I am (understandably) quite leery about
adjusting settings without a full understanding of the implications of
doing so.
Cheers
AG
--
To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Archive: http://lists.debian.org/4d1b5715.6090...@gmail.com
