HPE Community
Operating System - Linux
1823945 Members
3430 Online
109667 Solutions
New Discussion юеВ

Which ports need to be open through firewall??

 
Eddy Chan_1
Occasional Advisor

тАО06-02-2002 10:40 AM

тАО06-02-2002 10:40 AM

Which ports need to be open through firewall??

I have a external hosts which located in Data Centre protected by Checkpoint firewall, I am examine this external host can print to my printer inside my company firewall (use iptables) , I open port 515 of Checkpoint can print to my HP jetdirect with real IP address ,but can't print when the printer is inside my firewall, I do with post-route and preroute rule and open port 515 as well, but still can't print, Do you know any echo port or others port need to be open when external host printing through firwall (iptables)??

Thanks in advance
Eddy Chan
0 Kudos
Reply
9 REPLIES 9
Kodjo Agbenu
Honored Contributor

тАО06-02-2002 11:43 AM

тАО06-02-2002 11:43 AM

Re: Which ports need to be open through firewall??

Hello,

HP Jetdirect adapters use the following ports to communicate with hosts :

-> 515 when emulating LPD/LPR printing system

-> 9100 for native HP Network Printing (HPNP) protocol

In some circumstances, you may need to open also 9101 and 9102 ports (for example if you have a multi-port Jetdirect box).

Good luck.

Kodjo
Learn and explain...
0 Kudos
Reply
Eddy Chan_1
Occasional Advisor

тАО06-02-2002 01:27 PM

тАО06-02-2002 01:27 PM

Re: Which ports need to be open through firewall??

I opened port 515 and 9100 , but stil can't print, maybe my rules have some problem,
202.X.Y.Z is external host ip
printer ip is 192.168.3.198, pls give comment
Eddy Chan
0 Kudos
Reply
Kodjo Agbenu
Honored Contributor

тАО06-03-2002 01:58 AM

тАО06-03-2002 01:58 AM

Re: Which ports need to be open through firewall??

Hello,

If I were you, I would accept also the traffic from 192.168.3.198:9100/515 to 202.X.Y.Z.

I think that the JetDirect box tries to communicate with the host (for example : True End-Of-Job and Job Recovery features).

If you still have problems, try open all the traffic to and from 515/9100 ports, and log the traffic using iptables. After that, you can have a good idea of what packets go to where.

Good luck.

Learn and explain...
0 Kudos
Reply
Eddy Chan_1
Occasional Advisor

тАО06-03-2002 02:31 AM

тАО06-03-2002 02:31 AM

Re: Which ports need to be open through firewall??

In my firewall rule ,all output chain is set to allow from internal, I tried to log the ip of external host and printer , but nothing can be caputured or maybe I can't found the log file, is it in /var/log/ ?? By the way, I am weak in reading tcp/udp dump log file, anyone can help me examine which ports must be open come in and out firewall??
Eddy Chan
0 Kudos
Reply
D. Jackson_1
Honored Contributor

тАО06-03-2002 07:05 AM

тАО06-03-2002 07:05 AM

Re: Which ports need to be open through firewall??

Can you telnet to the HP printer port:

telnet ip_addy_of_printer 9100

echo port = 7

HTH
0 Kudos
Reply
Kodjo Agbenu
Honored Contributor

тАО06-03-2002 08:04 AM

тАО06-03-2002 08:04 AM

Re: Which ports need to be open through firewall??

Hello,

To log packets with iptables, insert the following rules at the beginning of your script, just after the line "iptables -P FORWARD DROP" :

iptables -N log_packets
iptables -A log_packets -j LOG --log-prefix FIREWALL

iptables -A INPUT -s 202.X.Y.Z/32 --dport 515 -j log_packets

iptables -A INPUT -s 202.X.Y.Z/32 --dport 9100 -j log_packets

iptables -A INPUT -s 192.168.3.198/32 --sport 515 -j log_packets

iptables -A INPUT -s 192.168.3.198/32 --sport 9100 -j log_packets


Have a look in /var/log/messages, and try to analyse what happens.

Good luck.

Kodjo
Learn and explain...
0 Kudos
Reply
Eddy Chan_1
Occasional Advisor

тАО06-03-2002 10:36 AM

тАО06-03-2002 10:36 AM

Re: Which ports need to be open through firewall??

I can telnet from external host to my printer thr' firewall , so I think the pre-routing nad post-routing rules for NAT is no problem, but still can't print thr' firewall, I need to log the messsage to see what happen but I am weekless in reading TCP/UDP packet, I need more help...Thanks
Eddy Chan
0 Kudos
Reply
Eddy Chan_1
Occasional Advisor

тАО06-04-2002 01:24 AM

тАО06-04-2002 01:24 AM

Re: Which ports need to be open through firewall??

Sorry for previous wrong post,
I can telnet IP only to my printer through firewall,
but cannot telnet ip with port 9100 to my printer.
Here is my firewall with NAT
"External_Host_Real_ip" is the real ip of external host .
"Printer_Real_ip" is my assign to my JetDirect 's real ip.
After NAT of printer's ip is "Virtual_Printer_ip".

Eddy Chan
0 Kudos
Reply
shpshftr
New Member

тАО03-21-2004 02:42 PM

тАО03-21-2004 02:42 PM

Re: Which ports need to be open through firewall??

I have the same problem.
Destination port is 9100. This works as a charm if I telnet from the router-box, but not from the outside.
I am forwarding port 9100 9101 and 9102 into the printer.

I am using "Arno's iptables" script on the routerbox to administer the iptables rules.

I am also "weak" with iptables, therefore I use this script to ease the administration.

Any input on this issue would be greatly appreciated. The branch office I am setting this up for needs this to work for a new economy system that needs print-access.
0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.