Re: Networking / security problem in gentoo
That did it. Thanks! My son should buy you a beer. 8-) On Thu, 2 Oct 2003 23:00:54 -0400 Tim Wunder [EMAIL PROTECTED] wrote: On Thursday 02 October 2003 10:37 pm, someone claiming to be Alan Jackson wrote: On Thu, 2 Oct 2003 14:15:12 -0400 Matthew Carpenter [EMAIL PROTECTED] wrote: Is it xinetd? Does it use tcpwrappers of any sort? (more specifically, are you being blocked by /etc/hosts.deny or /etc/hosts.allow) What do your logs tell you? (/var/log/messages, /var/log/xxx) Nothing in /var/log/messages There was no /etc/hosts.allow or deny (*those* I understand!) Running CUPS - don't know which port it should be using... bash-2.05b$ netstat -an Active Internet connections (servers and established) Proto Recv-Q Send-Q Local Address Foreign Address State tcp0 0 0.0.0.0:60000.0.0.0:* LISTEN tcp0 0 0.0.0.0:1 0.0.0.0:* LISTEN tcp0 0 0.0.0.0:13045 0.0.0.0:* LISTEN tcp0 0 127.0.0.1:631 0.0.0.0:* LISTEN snip 631 is cups check /etc/cups/cupsd.conf You probly have to edit that file to allow the local network to get access, something like: Location / Order Deny,Allow Deny From All Allow From 127.0.0.1 Allow From 192.168.* /Location and further down, for admin access... Location /admin # # You definitely will want to limit access to the administration functions. # The default configuration requires a local connection from a user who # is a member of the system group to do any admin tasks. You can change # the group name using the SystemGroup directive. # AuthType Basic AuthClass System ## Restrict access to local domain Order Deny,Allow Deny From All Allow From 127.0.0.1 Allow From 192.168.* #Encryption Required /Location HTH, Tim -- RedHat 8.0 Kernel 2.4.20-20.8, KDE 3.1.3, Xfree86 4.2.1 10:55pm up 5 days, 15:18, 2 users, load average: 0.02, 0.05, 0.07 It's what you learn after you know it all that counts ___ Linux-users mailing list [EMAIL PROTECTED] Unsubscribe/Suspend/Etc - http://smtp.linux-sxs.org/mailman/listinfo/linux-users -- --- | Alan K. Jackson| To see a World in a Grain of Sand | | [EMAIL PROTECTED] | And a Heaven in a Wild Flower, | | www.ajackson.org | Hold Infinity in the palm of your hand | | Houston, Texas | And Eternity in an hour. - Blake | --- ___ Linux-users mailing list [EMAIL PROTECTED] Unsubscribe/Suspend/Etc - http://smtp.linux-sxs.org/mailman/listinfo/linux-users
Re: Networking / security problem in gentoo
Is it xinetd? Does it use tcpwrappers of any sort? (more specifically, are you being blocked by /etc/hosts.deny or /etc/hosts.allow) What do your logs tell you? (/var/log/messages, /var/log/xxx) - Original Message - From: Alan Jackson [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Wednesday, October 01, 2003 10:48 PM Subject: Networking / security problem in gentoo Well, my son is upset because he can't print to my printer since I went to gentoo. He gets a message : lp: unable to print file: server-error-service-unavailable When I try it from a different system, I get : connection to 'earthman' failed - Connection refused job 'cfA845starman.oplnk.net' transfer to [EMAIL PROTECTED] failed Thinking about this, I realized that I don't understand the gentoo security model. Apparently they don't use inetd, but reading through the docs it wasn't clear what they *do* use. I suspect that I have over-secured stuff by accident, but I don't know where to start. Can anyone give me a clue? (yes, I admit it, I am clueless... sigh) -- --- | Alan K. Jackson| To see a World in a Grain of Sand | | [EMAIL PROTECTED] | And a Heaven in a Wild Flower, | | www.ajackson.org | Hold Infinity in the palm of your hand | | Houston, Texas | And Eternity in an hour. - Blake | --- ___ Linux-users mailing list [EMAIL PROTECTED] Unsubscribe/Suspend/Etc - http://smtp.linux-sxs.org/mailman/listinfo/linux-users ___ Linux-users mailing list [EMAIL PROTECTED] Unsubscribe/Suspend/Etc - http://smtp.linux-sxs.org/mailman/listinfo/linux-users
Re: Networking / security problem in gentoo
also, what printing system are you using? CUPS? CUPS-LPD (usually port 515 through inetd or the like and then accessing the CUPS daemon)? LPD? LPRNG? - Original Message - From: Alan Jackson [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Wednesday, October 01, 2003 10:48 PM Subject: Networking / security problem in gentoo Well, my son is upset because he can't print to my printer since I went to gentoo. He gets a message : lp: unable to print file: server-error-service-unavailable When I try it from a different system, I get : connection to 'earthman' failed - Connection refused job 'cfA845starman.oplnk.net' transfer to [EMAIL PROTECTED] failed Thinking about this, I realized that I don't understand the gentoo security model. Apparently they don't use inetd, but reading through the docs it wasn't clear what they *do* use. I suspect that I have over-secured stuff by accident, but I don't know where to start. Can anyone give me a clue? (yes, I admit it, I am clueless... sigh) -- --- | Alan K. Jackson| To see a World in a Grain of Sand | | [EMAIL PROTECTED] | And a Heaven in a Wild Flower, | | www.ajackson.org | Hold Infinity in the palm of your hand | | Houston, Texas | And Eternity in an hour. - Blake | --- ___ Linux-users mailing list [EMAIL PROTECTED] Unsubscribe/Suspend/Etc - http://smtp.linux-sxs.org/mailman/listinfo/linux-users ___ Linux-users mailing list [EMAIL PROTECTED] Unsubscribe/Suspend/Etc - http://smtp.linux-sxs.org/mailman/listinfo/linux-users
Re: Networking / security problem in gentoo
Stupid question. Is whatever printing daemon you're using even listening on the port its supposed to listen on? (netstat -an) On Thu, 2 Oct 2003, Matthew Carpenter wrote: also, what printing system are you using? CUPS? CUPS-LPD (usually port 515 through inetd or the like and then accessing the CUPS daemon)? LPD? LPRNG? - Original Message - From: Alan Jackson [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Wednesday, October 01, 2003 10:48 PM Subject: Networking / security problem in gentoo Well, my son is upset because he can't print to my printer since I went to gentoo. He gets a message : lp: unable to print file: server-error-service-unavailable When I try it from a different system, I get : connection to 'earthman' failed - Connection refused job 'cfA845starman.oplnk.net' transfer to [EMAIL PROTECTED] failed Thinking about this, I realized that I don't understand the gentoo security model. Apparently they don't use inetd, but reading through the docs it wasn't clear what they *do* use. I suspect that I have over-secured stuff by accident, but I don't know where to start. Can anyone give me a clue? (yes, I admit it, I am clueless... sigh) -- --- | Alan K. Jackson| To see a World in a Grain of Sand | | [EMAIL PROTECTED] | And a Heaven in a Wild Flower, | | www.ajackson.org | Hold Infinity in the palm of your hand | | Houston, Texas | And Eternity in an hour. - Blake | --- ___ Linux-users mailing list [EMAIL PROTECTED] Unsubscribe/Suspend/Etc - http://smtp.linux-sxs.org/mailman/listinfo/linux-users ___ Linux-users mailing list [EMAIL PROTECTED] Unsubscribe/Suspend/Etc - http://smtp.linux-sxs.org/mailman/listinfo/linux-users -- ~~ Lonni J Friedman[EMAIL PROTECTED] Linux Step-by-step TyGeMo http://netllama.ipfox.com ___ Linux-users mailing list [EMAIL PROTECTED] Unsubscribe/Suspend/Etc - http://smtp.linux-sxs.org/mailman/listinfo/linux-users
Re: Networking / security problem in gentoo
On Thu, 2 Oct 2003 14:15:12 -0400 Matthew Carpenter [EMAIL PROTECTED] wrote: Is it xinetd? Does it use tcpwrappers of any sort? (more specifically, are you being blocked by /etc/hosts.deny or /etc/hosts.allow) What do your logs tell you? (/var/log/messages, /var/log/xxx) Nothing in /var/log/messages There was no /etc/hosts.allow or deny (*those* I understand!) Running CUPS - don't know which port it should be using... bash-2.05b$ netstat -an Active Internet connections (servers and established) Proto Recv-Q Send-Q Local Address Foreign Address State tcp0 0 0.0.0.0:60000.0.0.0:* LISTEN tcp0 0 0.0.0.0:1 0.0.0.0:* LISTEN tcp0 0 0.0.0.0:13045 0.0.0.0:* LISTEN tcp0 0 127.0.0.1:631 0.0.0.0:* LISTEN tcp0 0 0.0.0.0:25 0.0.0.0:* LISTEN tcp0 0 192.168.0.2:1023192.168.0.4:513 ESTABLISHED udp0 0 0.0.0.0:1 0.0.0.0:* udp0 0 0.0.0.0:797 0.0.0.0:* udp0 0 0.0.0.0:798 0.0.0.0:* udp0 0 0.0.0.0:799 0.0.0.0:* udp0 0 0.0.0.0:800 0.0.0.0:* udp0 0 0.0.0.0:631 0.0.0.0:* udp0 0 192.168.0.2:123 0.0.0.0:* udp0 0 127.0.0.1:123 0.0.0.0:* udp0 0 0.0.0.0:123 0.0.0.0:* Active UNIX domain sockets (servers and established) - Original Message - From: Alan Jackson [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Wednesday, October 01, 2003 10:48 PM Subject: Networking / security problem in gentoo Well, my son is upset because he can't print to my printer since I went to gentoo. He gets a message : lp: unable to print file: server-error-service-unavailable When I try it from a different system, I get : connection to 'earthman' failed - Connection refused job 'cfA845starman.oplnk.net' transfer to [EMAIL PROTECTED] failed Thinking about this, I realized that I don't understand the gentoo security model. Apparently they don't use inetd, but reading through the docs it wasn't clear what they *do* use. I suspect that I have over-secured stuff by accident, but I don't know where to start. Can anyone give me a clue? (yes, I admit it, I am clueless... sigh) -- --- | Alan K. Jackson| To see a World in a Grain of Sand | | [EMAIL PROTECTED] | And a Heaven in a Wild Flower, | | www.ajackson.org | Hold Infinity in the palm of your hand | | Houston, Texas | And Eternity in an hour. - Blake | --- ___ Linux-users mailing list [EMAIL PROTECTED] Unsubscribe/Suspend/Etc - http://smtp.linux-sxs.org/mailman/listinfo/linux-users ___ Linux-users mailing list [EMAIL PROTECTED] Unsubscribe/Suspend/Etc - http://smtp.linux-sxs.org/mailman/listinfo/linux-users -- --- | Alan K. Jackson| To see a World in a Grain of Sand | | [EMAIL PROTECTED] | And a Heaven in a Wild Flower, | | www.ajackson.org | Hold Infinity in the palm of your hand | | Houston, Texas | And Eternity in an hour. - Blake | --- ___ Linux-users mailing list [EMAIL PROTECTED] Unsubscribe/Suspend/Etc - http://smtp.linux-sxs.org/mailman/listinfo/linux-users
Re: Networking / security problem in gentoo
On Thursday 02 October 2003 10:37 pm, someone claiming to be Alan Jackson wrote: On Thu, 2 Oct 2003 14:15:12 -0400 Matthew Carpenter [EMAIL PROTECTED] wrote: Is it xinetd? Does it use tcpwrappers of any sort? (more specifically, are you being blocked by /etc/hosts.deny or /etc/hosts.allow) What do your logs tell you? (/var/log/messages, /var/log/xxx) Nothing in /var/log/messages There was no /etc/hosts.allow or deny (*those* I understand!) Running CUPS - don't know which port it should be using... bash-2.05b$ netstat -an Active Internet connections (servers and established) Proto Recv-Q Send-Q Local Address Foreign Address State tcp0 0 0.0.0.0:60000.0.0.0:* LISTEN tcp0 0 0.0.0.0:1 0.0.0.0:* LISTEN tcp0 0 0.0.0.0:13045 0.0.0.0:* LISTEN tcp0 0 127.0.0.1:631 0.0.0.0:* LISTEN snip 631 is cups check /etc/cups/cupsd.conf You probly have to edit that file to allow the local network to get access, something like: Location / Order Deny,Allow Deny From All Allow From 127.0.0.1 Allow From 192.168.* /Location and further down, for admin access... Location /admin # # You definitely will want to limit access to the administration functions. # The default configuration requires a local connection from a user who # is a member of the system group to do any admin tasks. You can change # the group name using the SystemGroup directive. # AuthType Basic AuthClass System ## Restrict access to local domain Order Deny,Allow Deny From All Allow From 127.0.0.1 Allow From 192.168.* #Encryption Required /Location HTH, Tim -- RedHat 8.0 Kernel 2.4.20-20.8, KDE 3.1.3, Xfree86 4.2.1 10:55pm up 5 days, 15:18, 2 users, load average: 0.02, 0.05, 0.07 It's what you learn after you know it all that counts ___ Linux-users mailing list [EMAIL PROTECTED] Unsubscribe/Suspend/Etc - http://smtp.linux-sxs.org/mailman/listinfo/linux-users