Re: attach XP computer to network fror printing

Top Page
Attachments:
Message as email
+ (text/plain)
+ (text/html)
+ (text/plain)
Delete this message
Reply to this message
Author: Michael Havens
Date:  
To: Main PLUG discussion list
Subject: Re: attach XP computer to network fror printing
On Sat, Mar 17, 2012 at 6:35 AM, Lisa Kachold <>wrote:

> Good Job Michael! You have negotiated the ufw. Keep in mind that you
> would not want to open all this on a traveling laptop (since it would
> expose trusted services to all). Now just because you have opened the
> ports on one system, you can't be sure they are actually "seen" from the
> other system without a test?
>
> From the other system, now run:
>
> # nmap $thissystem
>
> Did you see 22 tcp open from the other system NOW?
>
> no.


bmike1@Michaels-Laptop ~ $ sudo nmap 192.168.0.4 (laptops ip)

Starting Nmap 5.21 ( http://nmap.org ) at 2012-03-18 15:11 MST
Nmap scan report for 192.168.0.4
Host is up (0.000022s latency).
Not shown: 999 closed ports
PORT    STATE SERVICE
631/tcp open  ipp


Nmap done: 1 IP address (1 host up) scanned in 0.29 seconds

bmike1@Michaels-Laptop ~ $ sudo nmap 192.168.0.3 (print servers ip)

Starting Nmap 5.21 ( http://nmap.org ) at 2012-03-18 15:12 MST
Nmap scan report for 192.168.0.3
Host is up (0.0020s latency).
Not shown: 997 filtered ports
PORT    STATE SERVICE
139/tcp open  netbios-ssn
443/tcp open  https
445/tcp open  microsoft-ds
MAC Address: 00:09:6B:78:AB:F0 (IBM)


Nmap done: 1 IP address (1 host up) scanned in 12.29 seconds
bmike1@Michaels-Laptop ~ $

Make sure it's enabled for the service via ufw (on the target system):
>
> # sudo ufw allow ssh
>
> it said the rule already exists.



> It appears that your ssh is timing out, but the logs can tell you why:
>
> On the target system:
>
> # tail /var/log/messages
> or
> # tail /var/log/secure
>
> it responded '...no such file...'


Sshd is setup by default for strict host checking, so you MUST have an
> acceptable /etc/hosts file configuration:
>
> There must be a hostname that matches your host entry, which matches your
> IP address.
>


Here is now my /etc/hosts file

127.0.0.1       localhost
127.0.1.1       Michaels-PC
#####################
#added
192.168.0.2     SonyDesktop      <-this is the computer name..... if I'm
supposed to put something else in please
                                                  tell me how to get that
info on an XP
192.168.0.4     Michaels-Laptop  <-I put the computer name in because that
is what is in there in /etc/hosts
                                                   [127.0.0.1 (computer
name)]
#added
#####################
# The following lines are desirable for IPv6 capable hosts
::1     ip6-localhost ip6-loopback
fe00::0 ip6-localnet
ff00::0 ip6-mcastprefix
ff02::1 ip6-allnodes
ff02::2 ip6-allrouters




> You can also do a couple of ssh daemon "hacks", by editing the
> /etc/ssh/sshd_config file:
>
> If I do this I don't need to worry about /etc/hosts?



> a) Allow root ssh (which is disallowed by default) [What command are you
> running from the other system to get here? As root?]:
>
> Find out line that read as follows:
> *PermitRootLogin no*
> Set it as follows:
> *PermitRootLogin yes*
>
> b) Disable Strict
> *StrictHostKeyChecking* *yes
> *set it as follows:*
> **StrictHostKeyChecking* *no*
>
> c) Change/extend the timeouts:
>
> *ServerAliveInterval 100*
>
>
> These changes can be used to provide more information on why you are not
> connecting.
>
> ALWAYS remember to copy your original CONFIGS to backup before editing so
> you can seamlessly roll forward and back.
>
> Don't forget to restart ssh daemon after making configuration changes!
>
> Nope... didn't work.



>
>

On Fri, Mar 16, 2012 at 11:00 PM, James Mcphee <> wrote:
>
>> if you're opening that much, just disable iptables until you figure out
>> what you need to leave open.
>> On Mar 16, 2012 6:06 PM, "Michael Havens" <> wrote:
>>
>>>      hmmmmmm..... opening the ports didn't help any. I opened:

>>>
>>> bmike1@Michaels-PC:~$ sudo ufw status
>>> Status: active
>>>
>>> To                         Action      From
>>> --                         ------      ----
>>> 22                         ALLOW       Anywhere
>>> 137                        ALLOW       Anywhere
>>> 138                        ALLOW       Anywhere
>>> 139                        ALLOW       Anywhere
>>> 445                        ALLOW       Anywhere
>>> 389                        ALLOW       Anywhere
>>> 901                        ALLOW       Anywhere
>>> 53                         ALLOW       Anywhere
>>> 80                         ALLOW       Anywhere
>>> 110                        ALLOW       Anywhere
>>> 143                        ALLOW       Anywhere
>>> 443                        ALLOW       Anywhere
>>> 631                        ALLOW       Anywhere
>>> 993                        ALLOW       Anywhere
>>> 995                        ALLOW       Anywhere
>>> 5800                       ALLOW       Anywhere
>>> 5900                       ALLOW       Anywhere
>>> 9418                       ALLOW       Anywhere
>>> 8080                       ALLOW       Anywhere
>>> 22                         ALLOW       Anywhere (v6)
>>> 137                        ALLOW       Anywhere (v6)
>>> 138                        ALLOW       Anywhere (v6)
>>> 139                        ALLOW       Anywhere (v6)
>>> 445                        ALLOW       Anywhere (v6)
>>> 389                        ALLOW       Anywhere (v6)
>>> 901                        ALLOW       Anywhere (v6)
>>> 53                         ALLOW       Anywhere (v6)
>>> 80                         ALLOW       Anywhere (v6)
>>> 110                        ALLOW       Anywhere (v6)
>>> 143                        ALLOW       Anywhere (v6)
>>> 443                        ALLOW       Anywhere (v6)
>>> 631                        ALLOW       Anywhere (v6)
>>> 993                        ALLOW       Anywhere (v6)
>>> 995                        ALLOW       Anywhere (v6)
>>> 5800                       ALLOW       Anywhere (v6)
>>> 5900                       ALLOW       Anywhere (v6)
>>> 9418                       ALLOW       Anywhere (v6)
>>> 8080                       ALLOW       Anywhere (v6)

>>>
>>> bmike1@Michaels-PC:~$
>>>
>>>
>>>      What else do you think I should open?

>>>
>>>
>>> On Fri, Mar 16, 2012 at 10:44 AM, Michael Havens <>wrote:
>>>
>>>> look what I found in my quest to open ports for printing: I found a
>>>> program called ufw which is a 'program for managing a netfilter
>>>> firewall.' And one of the commands is:
>>>>
>>>>        ufw allow 53
>>>>        This  rule  will allow tcp and udp port 53 to any address on this
>>>>        host.

>>>>
>>>> Which is the printers port?... of course 631. my search engine is
>>>> givong me another: 515? But both of my computers print.
>>>> Do you know if I can specify more than one port in the command? oops...
>>>> I just found the correct syntax:
>>>>      ufw allow 18:25,50:110,130:150,389:445,
>>>> 631,900:1000,5800:5900,8080,9418
>>>> the man page says I'm allowed 15 numbers in there. No spaces, separated
>>>> by a coma, and ranges (x:y ) count as two numbers.

>>>>
>>>> What other ports does the great brain known as PLUG believe is good to
>>>> open?
>>>> I think ufw is basically a program to make iptables easier. Or do you
>>>> want to give me a tutelage on iptables. I'm willing if you are! Does anyone
>>>> have any pointers about ufw?
>>>>
>>>> ufw probably is an acronym for unix fire wall. or perhaps ubuntu fire
>>>> wall.
>>>>
>>>>
>>>
> --
> (503) 754-4452 Android
> (623) 239-3392 Skype
> (623) 688-3392 Google Voice
> **
> it-clowns.com
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
> ---------------------------------------------------
> PLUG-discuss mailing list -
> To subscribe, unsubscribe, or to change your mail settings:
> http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss
>




--
:-)~MIKE~(-:
---------------------------------------------------
PLUG-discuss mailing list -
To subscribe, unsubscribe, or to change your mail settings:
http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss