attach XP computer to network fror printing
Michael Havens
bmike1 at gmail.com
Mon Mar 19 10:18:03 MST 2012
I tell you.... this is all screwed up!
bmike1 at Michaels-PC:~$ sudo /lib/ufw/ufw-init status
Firewall is running
bmike1 at Michaels-PC:~$ sudo /lib/ufw/ufw-init stop
Skip stopping firewall: ufw (not enabled)
bmike1 at Michaels-PC:~$ sudo /lib/ufw/ufw-init restart
Skipping (not enabled)
bmike1 at Michaels-PC:~$ sudo /lib/ufw/ufw-init start
Skip starting firewall: ufw (not enabled)
bmike1 at Michaels-PC:~$ sudo /lib/ufw/ufw-init force-reload
Skipping (not enabled)
bmike1 at Michaels-PC:~$
So it says the firewall is running but it won't
stop/restart/start/force-reload it because it isn't running? Now check this
out, I wanted to su to root so I didn't have to type in sudo and:
bmike1 at Michaels-PC:~$ su
Password:
su: Authentication failure
bmike1 at Michaels-PC:~$ su
Password:
su: Authentication failure
bmike1 at Michaels-PC:~$ su
Password:
su: Authentication failure
bmike1 at Michaels-PC:~$ su
Password:
bmike1 at Michaels-PC:~$ sudo passwd root
Enter new UNIX password:
Retype new UNIX password:
passwd: password updated successfully
bmike1 at Michaels-PC:~$ su
Password:
Added user root.
root at Michaels-PC:/home/bmike1#
Oh... I think I see. To change roots passwd you need to type in 'passwd
root'? (I did try changing it typing in 'passwd'). But this doesn't explain
why it wouldn't su into root until a changed the passwd. (I didn't really
change it.... it is what I originally set it to. Why wouldn't it accept it
until I "changed' it??
I thought maybe this might have fixed the ssh problem but no:
bmike1 at Michaels-PC:~$ sudo ssh 192.168.0.4
[sudo] password for bmike1:
ssh: connect to host 192.168.0.4 port 22: Connection refused
bmike1 at Michaels-PC:~$
bmike1 at Michaels-Laptop ~ $ sudo ssh 192.168.0.3
ssh: connect to host 192.168.0.3 port 22: Connection timed out
bmike1 at Michaels-Laptop ~ $
while I was doing this I accidently tried to ping the laptop from the
laptop with the following results:
bmike1 at Michaels-Laptop ~ $ sudo ssh 192.168.0.4
[sudo] password for bmike1:
ssh: connect to host 192.168.0.4 port 22: Connection refused
perhaps.... ufw will help.
nope.... 'allow 22' didn't help ssh to the laptop (192.168.0.4). Connection
still refused.
On Sun, Mar 18, 2012 at 9:09 PM, Michael Havens <bmike1 at gmail.com> wrote:
> man.... I'm beginning to think I should just reinstall my print server.
>
>
> On Sun, Mar 18, 2012 at 6:57 PM, Michael Havens <bmike1 at gmail.com> wrote:
>
>> I forgot to mention that they can all ping each other
>>
>>
>>
>> On Sun, Mar 18, 2012 at 5:01 PM, Michael Havens <bmike1 at gmail.com> wrote:
>>
>>> it is strange and I think related to the printing issue that when I try
>>> to ssh from the server to the laptop the connection is refused but when I
>>> try the other way the connection times out. Does that little piece of
>>> information help any?
>>> --more info--
>>> ssh server to xp=timeout
>>> ssh laptopto XP= timeout
>>> ssh xp to laptop=connection refused (cygwin)
>>> ssh xp to server=connection timeout (cygwin)
>>>
>>>
>>> On Sun, Mar 18, 2012 at 4:21 PM, Michael Havens <bmike1 at gmail.com>wrote:
>>>
>>>>
>>>>
>>>> On Sat, Mar 17, 2012 at 6:35 AM, Lisa Kachold <lisakachold at obnosis.com>wrote:
>>>>
>>>>> Good Job Michael! You have negotiated the ufw. Keep in mind that you
>>>>> would not want to open all this on a traveling laptop (since it would
>>>>> expose trusted services to all). Now just because you have opened the
>>>>> ports on one system, you can't be sure they are actually "seen" from the
>>>>> other system without a test?
>>>>>
>>>>> From the other system, now run:
>>>>>
>>>>> # nmap $thissystem
>>>>>
>>>>> Did you see 22 tcp open from the other system NOW?
>>>>>
>>>>> no.
>>>>
>>>> bmike1 at Michaels-Laptop ~ $ sudo nmap 192.168.0.4 (laptops ip)
>>>>
>>>> Starting Nmap 5.21 ( http://nmap.org ) at 2012-03-18 15:11 MST
>>>> Nmap scan report for 192.168.0.4
>>>> Host is up (0.000022s latency).
>>>> Not shown: 999 closed ports
>>>> PORT STATE SERVICE
>>>> 631/tcp open ipp
>>>>
>>>> Nmap done: 1 IP address (1 host up) scanned in 0.29 seconds
>>>>
>>>> bmike1 at Michaels-Laptop ~ $ sudo nmap 192.168.0.3 (print servers ip)
>>>>
>>>> Starting Nmap 5.21 ( http://nmap.org ) at 2012-03-18 15:12 MST
>>>> Nmap scan report for 192.168.0.3
>>>> Host is up (0.0020s latency).
>>>> Not shown: 997 filtered ports
>>>> PORT STATE SERVICE
>>>> 139/tcp open netbios-ssn
>>>> 443/tcp open https
>>>> 445/tcp open microsoft-ds
>>>> MAC Address: 00:09:6B:78:AB:F0 (IBM)
>>>>
>>>> Nmap done: 1 IP address (1 host up) scanned in 12.29 seconds
>>>> bmike1 at Michaels-Laptop ~ $
>>>>
>>>> Make sure it's enabled for the service via ufw (on the target system):
>>>>>
>>>>> # sudo ufw allow ssh
>>>>>
>>>>> it said the rule already exists.
>>>>
>>>>
>>>>> It appears that your ssh is timing out, but the logs can tell you why:
>>>>>
>>>>> On the target system:
>>>>>
>>>>> # tail /var/log/messages
>>>>> or
>>>>> # tail /var/log/secure
>>>>>
>>>>> it responded '...no such file...'
>>>>
>>>> Sshd is setup by default for strict host checking, so you MUST have an
>>>>> acceptable /etc/hosts file configuration:
>>>>>
>>>>> There must be a hostname that matches your host entry, which matches
>>>>> your IP address.
>>>>>
>>>>
>>>> Here is now my /etc/hosts file
>>>>
>>>> 127.0.0.1 localhost
>>>> 127.0.1.1 Michaels-PC
>>>> #####################
>>>> #added
>>>> 192.168.0.2 SonyDesktop <-this is the computer name..... if
>>>> I'm supposed to put something else in please
>>>> tell me how to get
>>>> that info on an XP
>>>> 192.168.0.4 Michaels-Laptop <-I put the computer name in because
>>>> that is what is in there in /etc/hosts
>>>> [127.0.0.1 (computer
>>>> name)]
>>>> #added
>>>> #####################
>>>> # The following lines are desirable for IPv6 capable hosts
>>>> ::1 ip6-localhost ip6-loopback
>>>> fe00::0 ip6-localnet
>>>> ff00::0 ip6-mcastprefix
>>>> ff02::1 ip6-allnodes
>>>> ff02::2 ip6-allrouters
>>>>
>>>>
>>>>
>>>>> You can also do a couple of ssh daemon "hacks", by editing the
>>>>> /etc/ssh/sshd_config file:
>>>>>
>>>>> If I do this I don't need to worry about /etc/hosts?
>>>>
>>>>
>>>>> a) Allow root ssh (which is disallowed by default) [What command are
>>>>> you running from the other system to get here? As root?]:
>>>>>
>>>>> Find out line that read as follows:
>>>>> *PermitRootLogin no*
>>>>> Set it as follows:
>>>>> *PermitRootLogin yes*
>>>>>
>>>>> b) Disable Strict
>>>>> *StrictHostKeyChecking* *yes
>>>>> *set it as follows:*
>>>>> **StrictHostKeyChecking* *no*
>>>>>
>>>>> c) Change/extend the timeouts:
>>>>>
>>>>> *ServerAliveInterval 100*
>>>>>
>>>>>
>>>>> These changes can be used to provide more information on why you are
>>>>> not connecting.
>>>>>
>>>>> ALWAYS remember to copy your original CONFIGS to backup before editing
>>>>> so you can seamlessly roll forward and back.
>>>>>
>>>>> Don't forget to restart ssh daemon after making configuration changes!
>>>>>
>>>>> Nope... didn't work.
>>>>
>>>>
>>>>>
>>>>>
>>>> On Fri, Mar 16, 2012 at 11:00 PM, James Mcphee <jmcphe at gmail.com>wrote:
>>>>>
>>>>>> if you're opening that much, just disable iptables until you figure
>>>>>> out what you need to leave open.
>>>>>> On Mar 16, 2012 6:06 PM, "Michael Havens" <bmike1 at gmail.com> wrote:
>>>>>>
>>>>>>> hmmmmmm..... opening the ports didn't help any. I opened:
>>>>>>>
>>>>>>> bmike1 at Michaels-PC:~$ sudo ufw status
>>>>>>> Status: active
>>>>>>>
>>>>>>> To Action From
>>>>>>> -- ------ ----
>>>>>>> 22 ALLOW Anywhere
>>>>>>> 137 ALLOW Anywhere
>>>>>>> 138 ALLOW Anywhere
>>>>>>> 139 ALLOW Anywhere
>>>>>>> 445 ALLOW Anywhere
>>>>>>> 389 ALLOW Anywhere
>>>>>>> 901 ALLOW Anywhere
>>>>>>> 53 ALLOW Anywhere
>>>>>>> 80 ALLOW Anywhere
>>>>>>> 110 ALLOW Anywhere
>>>>>>> 143 ALLOW Anywhere
>>>>>>> 443 ALLOW Anywhere
>>>>>>> 631 ALLOW Anywhere
>>>>>>> 993 ALLOW Anywhere
>>>>>>> 995 ALLOW Anywhere
>>>>>>> 5800 ALLOW Anywhere
>>>>>>> 5900 ALLOW Anywhere
>>>>>>> 9418 ALLOW Anywhere
>>>>>>> 8080 ALLOW Anywhere
>>>>>>> 22 ALLOW Anywhere (v6)
>>>>>>> 137 ALLOW Anywhere (v6)
>>>>>>> 138 ALLOW Anywhere (v6)
>>>>>>> 139 ALLOW Anywhere (v6)
>>>>>>> 445 ALLOW Anywhere (v6)
>>>>>>> 389 ALLOW Anywhere (v6)
>>>>>>> 901 ALLOW Anywhere (v6)
>>>>>>> 53 ALLOW Anywhere (v6)
>>>>>>> 80 ALLOW Anywhere (v6)
>>>>>>> 110 ALLOW Anywhere (v6)
>>>>>>> 143 ALLOW Anywhere (v6)
>>>>>>> 443 ALLOW Anywhere (v6)
>>>>>>> 631 ALLOW Anywhere (v6)
>>>>>>> 993 ALLOW Anywhere (v6)
>>>>>>> 995 ALLOW Anywhere (v6)
>>>>>>> 5800 ALLOW Anywhere (v6)
>>>>>>> 5900 ALLOW Anywhere (v6)
>>>>>>> 9418 ALLOW Anywhere (v6)
>>>>>>> 8080 ALLOW Anywhere (v6)
>>>>>>>
>>>>>>> bmike1 at Michaels-PC:~$
>>>>>>>
>>>>>>>
>>>>>>> What else do you think I should open?
>>>>>>>
>>>>>>>
>>>>>>> On Fri, Mar 16, 2012 at 10:44 AM, Michael Havens <bmike1 at gmail.com>wrote:
>>>>>>>
>>>>>>>> look what I found in my quest to open ports for printing: I found a
>>>>>>>> program called ufw which is a 'program for managing a netfilter
>>>>>>>> firewall.' And one of the commands is:
>>>>>>>>
>>>>>>>> ufw allow 53
>>>>>>>> This rule will allow tcp and udp port 53 to any address on
>>>>>>>> this
>>>>>>>> host.
>>>>>>>>
>>>>>>>> Which is the printers port?... of course 631. my search engine is
>>>>>>>> givong me another: 515? But both of my computers print.
>>>>>>>> Do you know if I can specify more than one port in the command?
>>>>>>>> oops... I just found the correct syntax:
>>>>>>>> ufw allow 18:25,50:110,130:150,389:445,
>>>>>>>> 631,900:1000,5800:5900,8080,9418
>>>>>>>> the man page says I'm allowed 15 numbers in there. No spaces,
>>>>>>>> separated by a coma, and ranges (x:y ) count as two numbers.
>>>>>>>>
>>>>>>>> What other ports does the great brain known as PLUG believe is good
>>>>>>>> to open?
>>>>>>>> I think ufw is basically a program to make iptables easier. Or do
>>>>>>>> you want to give me a tutelage on iptables. I'm willing if you are! Does
>>>>>>>> anyone have any pointers about ufw?
>>>>>>>>
>>>>>>>> ufw probably is an acronym for unix fire wall. or perhaps ubuntu
>>>>>>>> fire wall.
>>>>>>>>
>>>>>>>>
>>>>>>>
>>>>> --
>>>>> (503) 754-4452 Android
>>>>> (623) 239-3392 Skype
>>>>> (623) 688-3392 Google Voice
>>>>> **
>>>>> it-clowns.com
>>>>>
>>>>>
>>>>>
>>>>>
>>>>>
>>>>>
>>>>>
>>>>>
>>>>>
>>>>>
>>>>>
>>>>>
>>>>>
>>>>>
>>>>>
>>>>>
>>>>> ---------------------------------------------------
>>>>> PLUG-discuss mailing list - PLUG-discuss at lists.plug.phoenix.az.us
>>>>> To subscribe, unsubscribe, or to change your mail settings:
>>>>> http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss
>>>>>
>>>>
>>>>
>>>>
>>>> --
>>>> :-)~MIKE~(-:
>>>>
>>>
>>>
>>>
>>> --
>>> :-)~MIKE~(-:
>>>
>>
>>
>>
>> --
>> :-)~MIKE~(-:
>>
>
>
>
> --
> :-)~MIKE~(-:
>
--
:-)~MIKE~(-:
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.PLUG.phoenix.az.us/pipermail/plug-discuss/attachments/20120319/2ff7ade2/attachment.html>
More information about the PLUG-discuss
mailing list