Hello everybody,
after a long pause I set up a computer with centos 8. Everything works fine so far except I can't access my network printer.
If I open the printer-dialog my network-printers are not recognized - but if I turn of the firewall they are and I'm able to print. If I turn the firewall back on the printers are not present anymore.
I think I have to apply changes to the firewall configuration - but as I'm from the desktop side I neither know which nor where. It seems my question is that stupid that even Mr. Google seems not to be able to explain.
Can anybody help please?
Thanks
[Solved] Network-Printer & Firewall
-
- Posts: 9
- Joined: 2017/01/10 20:12:45
[Solved] Network-Printer & Firewall
Last edited by dimpflmoser on 2021/02/12 09:54:56, edited 1 time in total.
-
- Posts: 9
- Joined: 2017/01/10 20:12:45
Re: Network-Printer & Firewall
Hello again,
after quite some testing and squeezing I found the solution myself. As there are some questions in several forums regarding the same problem, I'll post it myself.
The easiest way is to first install firewall-config with dnf (sudo dnf install firewall-config) but you can work from commandline as well.
The default-zone on my machine is public, so choose public on the left side, choose "permanent" and tick the following services "dhcpv6-client", "ipp-client", and "mdns"
Now move to the Ports page, choose permanent and add the following ports "631 / tcp" and "631 /udp"
After either restarting your computer or the firewall you will be able to see, install and use your networking printers.
Now I'm not sure how to set this topic to solved - can pleas someone do this for me.
Thanks
after quite some testing and squeezing I found the solution myself. As there are some questions in several forums regarding the same problem, I'll post it myself.
The easiest way is to first install firewall-config with dnf (sudo dnf install firewall-config) but you can work from commandline as well.
The default-zone on my machine is public, so choose public on the left side, choose "permanent" and tick the following services "dhcpv6-client", "ipp-client", and "mdns"
Now move to the Ports page, choose permanent and add the following ports "631 / tcp" and "631 /udp"
After either restarting your computer or the firewall you will be able to see, install and use your networking printers.
Now I'm not sure how to set this topic to solved - can pleas someone do this for me.
Thanks
Re: Network-Printer & Firewall
First, I believe you can edit the title of your first post to include "[SOLVED]" or similar string.
Firewalld has many services defined. Among them ipp and ipp-client:
You did select "ipp-client", which opens port 631/udp, and you explicitly opened port 631/udp. That is redundant.
In fact, you should prefer "ipp" over "ipp-client" and those two ports, because "ipp" opens those two ports.
However, the description of "ipp" is:
"IPP (over tcp) provides the ability to share printers over the network. Enable this option if you plan to share printers via cups over the network."
While "ipp-client" has:
"IPP (over udp) provides the ability to get information about a printer (e.g. capability and status) and to control printer jobs. If you plan to use a remote network printer via cups, do not disable this option."
Therefore, I would keep the "ipp-client" service, remove the ports from the zone, and then test whether I can still print.
I presume that the reason to open 631/udp is that the CUPS service in your machine listens to it for advertisement broadcasts from the printers and/or that the printers reply "out-of-band" that the connection tracking does not recognize as replies.
PS. CentOS project did "shift its focus" last December. CentOS Linux 8 will end already at the end of this year. There are (or in future) some alternatives to move to.
Firewalld has many services defined. Among them ipp and ipp-client:
Code: Select all
$ sudo firewall-cmd --info-service=ipp
ipp
ports: 631/tcp 631/udp
protocols:
source-ports:
modules:
destination:
includes:
helpers:
$ sudo firewall-cmd --info-service=ipp-client
ipp-client
ports: 631/udp
protocols:
source-ports:
modules:
destination:
includes:
helpers:
In fact, you should prefer "ipp" over "ipp-client" and those two ports, because "ipp" opens those two ports.
However, the description of "ipp" is:
"IPP (over tcp) provides the ability to share printers over the network. Enable this option if you plan to share printers via cups over the network."
While "ipp-client" has:
"IPP (over udp) provides the ability to get information about a printer (e.g. capability and status) and to control printer jobs. If you plan to use a remote network printer via cups, do not disable this option."
Therefore, I would keep the "ipp-client" service, remove the ports from the zone, and then test whether I can still print.
I presume that the reason to open 631/udp is that the CUPS service in your machine listens to it for advertisement broadcasts from the printers and/or that the printers reply "out-of-band" that the connection tracking does not recognize as replies.
PS. CentOS project did "shift its focus" last December. CentOS Linux 8 will end already at the end of this year. There are (or in future) some alternatives to move to.
-
- Posts: 9
- Joined: 2017/01/10 20:12:45
Re: [Solved] Network-Printer & Firewall
Thanks for your reply and information - I've just done some tryal and error - so I'm happy to receive more information.
To your postscriptum: I've already moved two machines to AlmaLinux (beta) - https://www.almalinux.org/ - and it really looks good!
To your postscriptum: I've already moved two machines to AlmaLinux (beta) - https://www.almalinux.org/ - and it really looks good!
-
- Posts: 9
- Joined: 2017/01/10 20:12:45
Re: [Solved] Network-Printer & Firewall
Hello again,
just checked it. I had to open both ports explicit - after I removed the ports my network printers disapeared. After opening the ports again they were back...
Please stay save and sound - all of you
just checked it. I had to open both ports explicit - after I removed the ports my network printers disapeared. After opening the ports again they were back...
Please stay save and sound - all of you