I want to lock down my server to allow only certain ip addresses and ports in. I was thinking of doing this through the iptables but someone sugguested I used the hosts.allow and deny files to allow who can access the system. What do people suggest? If I"m trying to ensure no ip's can access my system except the ones I want, how would I do this with just the allow and deny files?
I am trying to set up a computer to act as a firewall/gateway on my network, and am using the Firestarter program to do this. Everything appears to be set up correctly, and I followed the instructions on their website completely, and I get an error message when I try to start the firewall. It says that eth0 (my internal NIC) isn't ready, and to make sure it's active.
The problem is it won't. I have an Ubuntu (11.04) computer cabled to a Belkin wireless router. The Brother printer is usb connected to the Ubuntu box - there is no problem printing directly. However, I need to print from a separate wireless connected Win7 box to the printer on the Ubuntu box and this does not work.
The Win7 can see all other Win computers on the network, but not the Ubuntu. Answers at my level gratefully received (eg: it took me two weeks, many hours and 3 re-installs to get dvds to play on Ubuntu 10). Current printer sharing information on the internet is either hopelessly above my head or outdated.
I just installed an HP Officejet 6200 on a Slackware 12.1 machine. It uses a USB interface. If I am on the machine, I can print to it with no problem. When I am on my Debian or Centos machines, I cannot. I have midified the cupsd.conf file to allow everyone to connect to it but so far have not had any success. Port 631 is open on all machines. I have explicitly added a hosts allow 192.168.0.0/24 line in several portions of the conf file with no luck. If I use the cups interface on any of the machines using localhost:631 as the address, I can not only see the printer I can print to it, but I noticed, I am actually attached to the Slackware machine where the printer is located. Can someone suggest a debugging method to help?
I am having problems trying to share a printer on my desktop. The printer is an HP Laserjet 1020, and the desktop is running 64-bit Ubuntu Karmic. None of the other boxes on the network (wired/wireless, 32-bit/64-bit, Ubuntu Lucid/Win7/XP) can access the printer.
I have checked all of the appropriate boxes in printer properties and server settings. When I try to install the printer on the other systems, I am asked for a username and password on the desktop. I set up a user named "printer" and gave it a password, but when I try to use that username/password to install the printer on one of the other systems, I get an "access denied" error. All of the networked systems can see each other, and access shared files.
I have a Samsung CLX 3175 connected via CUPS to a Ubuntu box running 11.04. After installing the Samsung Unified Printer Driver as described in this post [URL] the printer works perfectly under Linux, I even got network scanning to work under Windows via TwainSane.
The big problem is network printing from Windows over Samba, though (although I thought that this should be easier to set up than scanning..). Even after hours of trying, I could not get it to print a single page spooled from my Windows computer.the print jobs do show up in CUPS as finished, but do not actually get processed. Could this be a rights-related thing? Depending of one setting in smb.conf (namely, "cups options = raw"), the printer even makes some noise and warms up when I spool a new job -- but it does not print.
My setup is the following:
- CUPS in the current version with Samsung Driver - Samba 3.5.8 - Windows XP and 7 clients
i have a hp 6500 e709a printer. have configured for network printing and would like to use the scan facility.i have tried to scan from the printer but it does not find the computer. the hp documents mention advanced firewall information on incoming udp ports and tcp ports etci believe it is with my machine as my son has a windows box with the hp software and i have managed to scan from that machine.
I have got a wireless network in my house with a router as the hub and my Linux Laptop and Macbook connecting to it. I have got a wireless Kodak printer which the Macbook uses, but they do not have any drivers for Linux. I have enabled ssh for both the laptops and have enabled "Print sharing" on the Macbook. Can I access the printer from the Linux laptop via the Macbook? When I have sshed to the macbook, the kodak printer comes up in the list of printers to choose from...but the printing job just goes to the queue, but does not actually complete. Is this because I have not got the drivers for the linux laptop?
I installed it on a desktop today to try it out. So far I'm loving it and have gotten everything to work except for one thing:
There's a printer connected to it (HP PSC 1600), and I'd like the other computers on the network to be able to print to that computer. The other computers are running Windows 7, and one is running Snow Leopard.
When I plugged in the printer, Ubuntu recognized it almost immediately and installed it. Wonderful! I then went ahead and set it to be Shared, and hoped for the best. Neither the Windows machine or the OS X machine could find the printer...even after I pointed them directly at what I thought was the CUPS address (\mycomputername:631). To make matters even more confusing, I was able to set up shared folders and have the other computers be able to view them.
I have a Fedora 11 box with an HP Laserjet 1000 (connected by USB) a Windows XP machineBoth are on the same network. I am desperately trying to share the printer to the Windows XP box using IPP. The Windows XP machine recognizes the printer queue, configures correctly and then ... nothing. It simply does not print ! Printer sharing worked perfectly in Fedora 10, with CUPS 1.3, but something seems to have broken.I used the guide available at this adress and tried all mentionned possibilites
I'm looking for a SIMPLE solution for printer sharing. I have an HP printer attached to my Linux host (prints fine from there). I want my XP box to be able to use this printer as well. I can ping my XP box from my Linux box (and vice versa), and the XP box has the HP print driver installed.When I go into my XP box and try to add a printer, I click "A network printer or a printer attached to another computer", then "Connetc to a printer on the Internet or on a home office network" and enter my printer.I'm using the printer name as show in CUPS. I also tried it without port 631. Either way, I get an error message saying "Windows cannot connect to the printer. Either the printer name was typed incorrectly or the specified printer has lost its connection to the server.
I have: 1) A desktop PC running Ubuntu 10.04 and a Virtualbox guest, Windows XP. My printer is connected and operates via XP. Yep, its a Windows-only printer, but the VB file-sharing allows me to print Ubuntu files. 2.) Another desktop running Puppy Linux. 3.) A netbook running XP as a native install.
No. 1 and 2 are connected to a Level One router by ethernet cable. No. 3 is wireless. All 3 machines work fine independently, with no problems accessing the internet. Getting these machines to "see" each other seems to be harder than falling off a log! How to share files and the printer, especially on how to configure the router. The manual that came with it doesn't seem to explain how to do this. It assumes that all your devices are either wired or wireless, with no hints about how to network wired and wireless machines together.
I want to learn how to build a Linux network from scratch that includes file and printer sharing, intranet. I have an intermediate-level knowledge of Windows networking. Can anyone suggest a book or online tutorial that I can learn from? Now let me be clear: I am finding no shortage of tutorials on the web. However, too many are old or incomplete.
A little extra info: I am a teacher/network admin for a small private school with about 50 student computers (that I wish to become Linux machines in the future) and about 10 staff computers (mostly Windows laptops--I do not expect the staff to convert to Linux as readily), I currently do not have an intranet implemented.
I am having trouble getting ports to open, on the router that the server is connected to it is set to DMZ, so everything passing through the router should go to the server right? but when I use a port checker none of the ports that I need to be open are. so my question is does ubuntu have a built in firewall that no one told me about? or something that would block me from having the ports open?
I have linux server setup on a network with 2 interfaces. One (eth0) is connected to the regular network and the other (eth1) has a DHCP server and transparent web cache listening on it. The machines connected on the eth1 side are on a different subnet and the linux server is there gateway. Untrusted machines are introduced to this network to keep them isolated.
This isolation works well, too well. There are a small set of resources on the regular network I would like to make available to machines on untrustworthy network. I think I need to use iptables but alas I've had no luck in piecing together the command I need (in one case looking myself out and having to physically reset the machine).
I have just switched over from firestart to gufw.I have set all incoming traffic to deny and all outgoing traffic to allow.I have rules set for incoming traffic, and have only opened 1 port on my system for torrents. My router also only has the same port opened which again is for torrents.I use "Network Tools" which is included on squeeze and do a portscan of 192.168.1.100 and 127.0.0.1 I get all kinds of crazy ports coming back as opened. What is even stranger is if I do a few scans, these ports change, so one port on one scan may come up as open, then it will disappear and a different port may show as open.
Mind you none but the torrent port is forwarded in my router, I have no idea what any of these other ports are, or why they are even showing up.What the heck is going on? I dont think this is normal? Am I at any higher risk for attack?
how to open firewall ports without using yast. The reason I'm asking is because I'm working on a .sh script for the installation of a couple of programs. Some ports need to be open for the programs to work, I find it really annoying to go to yast and type the ports manually every time. I've looked at /etc/sysconfig/SuSEfirewall2 but can't seem to find anything, I also know that after the changes I will have to stop start the firewall by running:
Which ports should be open for a mail server for INPUT CHAIN? When I use firewall rules (allow just a few ports), some users complain that they're not receiving messages from other domains. When the firewall is disabled these ports show as open:
Not shown: 9987 closed ports PORT STATE SERVICE 21/tcp open ftp
I have a couple of openSUSE 11.2 machines and each is directly connected to the Internet (they are not behind a router, firewall, etc). I want them to be able to communicate without any firewall restrictions, but keep the firewall rules for all other IP addresses. Is this possible? the software package I'm trying to use randomly chooses a port to use in the range of 32768-61000 and I don't feel comfortable having a port range that wide open on both machines.
I'm using opensuse 11.3 32bit with LXDE. I have configured an apache tomcat server listening on port 8080. Yast was used to open udp 8080 and tcp 8080 in the firewall by manual entry under the advanced button of 'allowed services' menu.Another system was used to access the tomcat server via a firefox webbrowser. The attempt was unsuccessful. The url used was [URL]. firefox webbrowser keeps showing'connecting ...' until timeout. I'm assuming that inspite of the specified port openings in the firewall, it is somehow ignored. If I were to disable the firewall, then I can access the tomcat server with the firefox webbrowser.
I am trying to understand why when running nmap against a SonicWALL firewall at a remote location, the SonicWall firewall is saying that most of its 65535 ports are open? I know this cant be correct and remember reading about how some of these network appliances are setup this way to thwart off attacks.
Small server running 5.3 - stock postfix configured to use Maildir. Dovecot configured but both pop and imap ports blocked by firewall. Access to mail is via Squirrelmail via https. Configured to virus scan via ClamAV. Works just fine. Now I want to add procmail filtering. So I create these two files - ~/.forward and ~/.procmailrc in my user home dir: "|exec /usr/bin/procmail -f- || exit 75 #mpeters"