[Solved] Network-Printer & Firewall

Support for security such as Firewalls and securing linux
Post Reply
dimpflmoser
Posts: 8
Joined: 2017/01/10 20:12:45

[Solved] Network-Printer & Firewall

Post by dimpflmoser » 2021/02/09 17:48:34

Hello everybody,

after a long pause I set up a computer with centos 8. Everything works fine so far except I can't access my network printer.

If I open the printer-dialog my network-printers are not recognized - but if I turn of the firewall they are and I'm able to print. If I turn the firewall back on the printers are not present anymore.

I think I have to apply changes to the firewall configuration - but as I'm from the desktop side I neither know which nor where. It seems my question is that stupid that even Mr. Google seems not to be able to explain.

Can anybody help please?

Thanks
Last edited by dimpflmoser on 2021/02/12 09:54:56, edited 1 time in total.

dimpflmoser
Posts: 8
Joined: 2017/01/10 20:12:45

Re: Network-Printer & Firewall

Post by dimpflmoser » 2021/02/11 09:23:19

Hello again,

after quite some testing and squeezing I found the solution myself. As there are some questions in several forums regarding the same problem, I'll post it myself.

The easiest way is to first install firewall-config with dnf (sudo dnf install firewall-config) but you can work from commandline as well.
The default-zone on my machine is public, so choose public on the left side, choose "permanent" and tick the following services "dhcpv6-client", "ipp-client", and "mdns"
Now move to the Ports page, choose permanent and add the following ports "631 / tcp" and "631 /udp"
After either restarting your computer or the firewall you will be able to see, install and use your networking printers.

Now I'm not sure how to set this topic to solved - can pleas someone do this for me.

Thanks

User avatar
jlehtone
Posts: 3335
Joined: 2007/12/11 08:17:33
Location: Finland

Re: Network-Printer & Firewall

Post by jlehtone » 2021/02/11 11:44:53

First, I believe you can edit the title of your first post to include "[SOLVED]" or similar string.

Firewalld has many services defined. Among them ipp and ipp-client:

Code: Select all

$ sudo firewall-cmd --info-service=ipp
ipp
  ports: 631/tcp 631/udp
  protocols: 
  source-ports: 
  modules: 
  destination: 
  includes: 
  helpers: 

$ sudo firewall-cmd --info-service=ipp-client
ipp-client
  ports: 631/udp
  protocols: 
  source-ports: 
  modules: 
  destination: 
  includes: 
  helpers: 
You did select "ipp-client", which opens port 631/udp, and you explicitly opened port 631/udp. That is redundant.
In fact, you should prefer "ipp" over "ipp-client" and those two ports, because "ipp" opens those two ports.

However, the description of "ipp" is:
"IPP (over tcp) provides the ability to share printers over the network. Enable this option if you plan to share printers via cups over the network."

While "ipp-client" has:
"IPP (over udp) provides the ability to get information about a printer (e.g. capability and status) and to control printer jobs. If you plan to use a remote network printer via cups, do not disable this option."

Therefore, I would keep the "ipp-client" service, remove the ports from the zone, and then test whether I can still print.


I presume that the reason to open 631/udp is that the CUPS service in your machine listens to it for advertisement broadcasts from the printers and/or that the printers reply "out-of-band" that the connection tracking does not recognize as replies.


PS. CentOS project did "shift its focus" last December. CentOS Linux 8 will end already at the end of this year. There are (or in future) some alternatives to move to.

dimpflmoser
Posts: 8
Joined: 2017/01/10 20:12:45

Re: [Solved] Network-Printer & Firewall

Post by dimpflmoser » 2021/02/12 09:58:31

Thanks for your reply and information - I've just done some tryal and error - so I'm happy to receive more information.

To your postscriptum: I've already moved two machines to AlmaLinux (beta) - https://www.almalinux.org/ - and it really looks good!

dimpflmoser
Posts: 8
Joined: 2017/01/10 20:12:45

Re: [Solved] Network-Printer & Firewall

Post by dimpflmoser » 2021/02/13 13:24:28

Hello again,

just checked it. I had to open both ports explicit - after I removed the ports my network printers disapeared. After opening the ports again they were back...

Please stay save and sound - all of you

Post Reply

Return to “CentOS 8 - Security Support”