Re: attach XP computer to network fror printing

Top Page
Attachments:
Message as email
+ (text/plain)
+ (text/html)
+ (text/plain)
Delete this message
Reply to this message
Author: Lisa Kachold
Date:  
To: Main PLUG discussion list
Subject: Re: attach XP computer to network fror printing
Good Job Michael! You have negotiated the ufw. Keep in mind that you
would not want to open all this on a traveling laptop (since it would
expose trusted services to all). Now just because you have opened the
ports on one system, you can't be sure they are actually "seen" from the
other system without a test?

From the other system, now run:

# nmap $thissystem

Did you see 22 tcp open from the other system NOW?

Make sure it's enabled for the service via ufw (on the target system):

# sudo ufw allow ssh

It appears that your ssh is timing out, but the logs can tell you why:

On the target system:

# tail /var/log/messages
or
# tail /var/log/secure

Sshd is setup by default for strict host checking, so you MUST have an
acceptable /etc/hosts file configuration:

There must be a hostname that matches your host entry, which matches your
IP address.

*EXAMPLE*

       127.0.0.1       localhost
       192.168.1.10    foo.mydomain.org       foo
       192.168.1.13    bar.mydomain.org       bar
       146.82.138.7    master.debian.org      master
       209.237.226.90  www.opensource.org


Reference: http://manpages.ubuntu.com/manpages/jaunty/man5/hosts.5.html

You can also do a couple of ssh daemon "hacks", by editing the
/etc/ssh/sshd_config file:

a) Allow root ssh (which is disallowed by default) [What command are you
running from the other system to get here? As root?]:

Find out line that read as follows:
*PermitRootLogin no*
Set it as follows:
*PermitRootLogin yes*

b) Disable Strict
*StrictHostKeyChecking* *yes
*set it as follows:*
**StrictHostKeyChecking* *no*

c) Change/extend the timeouts:

*ServerAliveInterval 100*


These changes can be used to provide more information on why you are not
connecting.

ALWAYS remember to copy your original CONFIGS to backup before editing so
you can seamlessly roll forward and back.

Don't forget to restart ssh daemon after making configuration changes!

On Fri, Mar 16, 2012 at 11:00 PM, James Mcphee <> wrote:

> if you're opening that much, just disable iptables until you figure out
> what you need to leave open.
> On Mar 16, 2012 6:06 PM, "Michael Havens" <> wrote:
>
>>      hmmmmmm..... opening the ports didn't help any. I opened:

>>
>> bmike1@Michaels-PC:~$ sudo ufw status
>> Status: active
>>
>> To                         Action      From
>> --                         ------      ----
>> 22                         ALLOW       Anywhere
>> 137                        ALLOW       Anywhere
>> 138                        ALLOW       Anywhere
>> 139                        ALLOW       Anywhere
>> 445                        ALLOW       Anywhere
>> 389                        ALLOW       Anywhere
>> 901                        ALLOW       Anywhere
>> 53                         ALLOW       Anywhere
>> 80                         ALLOW       Anywhere
>> 110                        ALLOW       Anywhere
>> 143                        ALLOW       Anywhere
>> 443                        ALLOW       Anywhere
>> 631                        ALLOW       Anywhere
>> 993                        ALLOW       Anywhere
>> 995                        ALLOW       Anywhere
>> 5800                       ALLOW       Anywhere
>> 5900                       ALLOW       Anywhere
>> 9418                       ALLOW       Anywhere
>> 8080                       ALLOW       Anywhere
>> 22                         ALLOW       Anywhere (v6)
>> 137                        ALLOW       Anywhere (v6)
>> 138                        ALLOW       Anywhere (v6)
>> 139                        ALLOW       Anywhere (v6)
>> 445                        ALLOW       Anywhere (v6)
>> 389                        ALLOW       Anywhere (v6)
>> 901                        ALLOW       Anywhere (v6)
>> 53                         ALLOW       Anywhere (v6)
>> 80                         ALLOW       Anywhere (v6)
>> 110                        ALLOW       Anywhere (v6)
>> 143                        ALLOW       Anywhere (v6)
>> 443                        ALLOW       Anywhere (v6)
>> 631                        ALLOW       Anywhere (v6)
>> 993                        ALLOW       Anywhere (v6)
>> 995                        ALLOW       Anywhere (v6)
>> 5800                       ALLOW       Anywhere (v6)
>> 5900                       ALLOW       Anywhere (v6)
>> 9418                       ALLOW       Anywhere (v6)
>> 8080                       ALLOW       Anywhere (v6)

>>
>> bmike1@Michaels-PC:~$
>>
>>
>>      What else do you think I should open?

>>
>>
>> On Fri, Mar 16, 2012 at 10:44 AM, Michael Havens <>wrote:
>>
>>> look what I found in my quest to open ports for printing: I found a
>>> program called ufw which is a 'program for managing a netfilter
>>> firewall.' And one of the commands is:
>>>
>>>        ufw allow 53
>>>        This  rule  will allow tcp and udp port 53 to any address on this
>>>        host.

>>>
>>> Which is the printers port?... of course 631. my search engine is givong
>>> me another: 515? But both of my computers print.
>>> Do you know if I can specify more than one port in the command? oops...
>>> I just found the correct syntax:
>>>      ufw allow 18:25,50:110,130:150,389:445,
>>> 631,900:1000,5800:5900,8080,9418
>>> the man page says I'm allowed 15 numbers in there. No spaces, separated
>>> by a coma, and ranges (x:y ) count as two numbers.

>>>
>>> What other ports does the great brain known as PLUG believe is good to
>>> open?
>>> I think ufw is basically a program to make iptables easier. Or do you
>>> want to give me a tutelage on iptables. I'm willing if you are! Does anyone
>>> have any pointers about ufw?
>>>
>>> ufw probably is an acronym for unix fire wall. or perhaps ubuntu fire
>>> wall.
>>>
>>>
>>

--
(503) 754-4452 Android
(623) 239-3392 Skype
(623) 688-3392 Google Voice
**
it-clowns.com
---------------------------------------------------
PLUG-discuss mailing list -
To subscribe, unsubscribe, or to change your mail settings:
http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss