Re: attach XP computer to network fror printing

Top Page
Attachments:
Message as email
+ (text/plain)
+ (text/html)
+ (text/plain)
Delete this message
Reply to this message
Author: Michael Havens
Date:  
To: Main PLUG discussion list
Subject: Re: attach XP computer to network fror printing
I tell you.... this is all screwed up!

bmike1@Michaels-PC:~$ sudo /lib/ufw/ufw-init status
Firewall is running
bmike1@Michaels-PC:~$ sudo /lib/ufw/ufw-init stop
Skip stopping firewall: ufw (not enabled)
bmike1@Michaels-PC:~$ sudo /lib/ufw/ufw-init restart
Skipping (not enabled)
bmike1@Michaels-PC:~$ sudo /lib/ufw/ufw-init start
Skip starting firewall: ufw (not enabled)
bmike1@Michaels-PC:~$ sudo /lib/ufw/ufw-init force-reload
Skipping (not enabled)
bmike1@Michaels-PC:~$

So it says the firewall is running but it won't
stop/restart/start/force-reload it because it isn't running? Now check this
out, I wanted to su to root so I didn't have to type in sudo and:

bmike1@Michaels-PC:~$ su
Password:
su: Authentication failure
bmike1@Michaels-PC:~$ su
Password:
su: Authentication failure
bmike1@Michaels-PC:~$ su
Password:
su: Authentication failure
bmike1@Michaels-PC:~$ su
Password:
bmike1@Michaels-PC:~$ sudo passwd root
Enter new UNIX password:
Retype new UNIX password:
passwd: password updated successfully
bmike1@Michaels-PC:~$ su
Password:
Added user root.
root@Michaels-PC:/home/bmike1#

Oh... I think I see. To change roots passwd you need to type in 'passwd
root'? (I did try changing it typing in 'passwd'). But this doesn't explain
why it wouldn't su into root until a changed the passwd. (I didn't really
change it.... it is what I originally set it to. Why wouldn't it accept it
until I "changed' it??

I thought maybe this might have fixed the ssh problem but no:

bmike1@Michaels-PC:~$ sudo ssh 192.168.0.4
[sudo] password for bmike1:
ssh: connect to host 192.168.0.4 port 22: Connection refused
bmike1@Michaels-PC:~$

bmike1@Michaels-Laptop ~ $ sudo ssh 192.168.0.3
ssh: connect to host 192.168.0.3 port 22: Connection timed out
bmike1@Michaels-Laptop ~ $

while I was doing this I accidently tried to ping the laptop from the
laptop with the following results:

bmike1@Michaels-Laptop ~ $ sudo ssh 192.168.0.4
[sudo] password for bmike1:
ssh: connect to host 192.168.0.4 port 22: Connection refused

perhaps.... ufw will help.

nope.... 'allow 22' didn't help ssh to the laptop (192.168.0.4). Connection
still refused.


On Sun, Mar 18, 2012 at 9:09 PM, Michael Havens <> wrote:

> man.... I'm beginning to think I should just reinstall my print server.
>
>
> On Sun, Mar 18, 2012 at 6:57 PM, Michael Havens <> wrote:
>
>> I forgot to mention that they can all ping each other
>>
>>
>>
>> On Sun, Mar 18, 2012 at 5:01 PM, Michael Havens <> wrote:
>>
>>> it is strange and I think related to the printing issue that when I try
>>> to ssh from the server to the laptop the connection is refused but when I
>>> try the other way the connection times out. Does that little piece of
>>> information help any?
>>> --more info--
>>> ssh server to xp=timeout
>>> ssh laptopto XP= timeout
>>> ssh xp to laptop=connection refused (cygwin)
>>> ssh xp to server=connection timeout (cygwin)
>>>
>>>
>>> On Sun, Mar 18, 2012 at 4:21 PM, Michael Havens <>wrote:
>>>
>>>>
>>>>
>>>> On Sat, Mar 17, 2012 at 6:35 AM, Lisa Kachold <>wrote:
>>>>
>>>>> Good Job Michael! You have negotiated the ufw. Keep in mind that you
>>>>> would not want to open all this on a traveling laptop (since it would
>>>>> expose trusted services to all). Now just because you have opened the
>>>>> ports on one system, you can't be sure they are actually "seen" from the
>>>>> other system without a test?
>>>>>
>>>>> From the other system, now run:
>>>>>
>>>>> # nmap $thissystem
>>>>>
>>>>> Did you see 22 tcp open from the other system NOW?
>>>>>
>>>>> no.
>>>>
>>>> bmike1@Michaels-Laptop ~ $ sudo nmap 192.168.0.4 (laptops ip)
>>>>
>>>> Starting Nmap 5.21 ( http://nmap.org ) at 2012-03-18 15:11 MST
>>>> Nmap scan report for 192.168.0.4
>>>> Host is up (0.000022s latency).
>>>> Not shown: 999 closed ports
>>>> PORT    STATE SERVICE
>>>> 631/tcp open  ipp

>>>>
>>>> Nmap done: 1 IP address (1 host up) scanned in 0.29 seconds
>>>>
>>>> bmike1@Michaels-Laptop ~ $ sudo nmap 192.168.0.3 (print servers ip)
>>>>
>>>> Starting Nmap 5.21 ( http://nmap.org ) at 2012-03-18 15:12 MST
>>>> Nmap scan report for 192.168.0.3
>>>> Host is up (0.0020s latency).
>>>> Not shown: 997 filtered ports
>>>> PORT    STATE SERVICE
>>>> 139/tcp open  netbios-ssn
>>>> 443/tcp open  https
>>>> 445/tcp open  microsoft-ds
>>>> MAC Address: 00:09:6B:78:AB:F0 (IBM)

>>>>
>>>> Nmap done: 1 IP address (1 host up) scanned in 12.29 seconds
>>>> bmike1@Michaels-Laptop ~ $
>>>>
>>>> Make sure it's enabled for the service via ufw (on the target system):
>>>>>
>>>>> # sudo ufw allow ssh
>>>>>
>>>>> it said the rule already exists.
>>>>
>>>>
>>>>> It appears that your ssh is timing out, but the logs can tell you why:
>>>>>
>>>>> On the target system:
>>>>>
>>>>> # tail /var/log/messages
>>>>> or
>>>>> # tail /var/log/secure
>>>>>
>>>>> it responded '...no such file...'
>>>>
>>>> Sshd is setup by default for strict host checking, so you MUST have an
>>>>> acceptable /etc/hosts file configuration:
>>>>>
>>>>> There must be a hostname that matches your host entry, which matches
>>>>> your IP address.
>>>>>
>>>>
>>>> Here is now my /etc/hosts file
>>>>
>>>> 127.0.0.1       localhost
>>>> 127.0.1.1       Michaels-PC
>>>> #####################
>>>> #added
>>>> 192.168.0.2     SonyDesktop      <-this is the computer name..... if
>>>> I'm supposed to put something else in please
>>>>                                                   tell me how to get
>>>> that info on an XP
>>>> 192.168.0.4     Michaels-Laptop  <-I put the computer name in because
>>>> that is what is in there in /etc/hosts
>>>>                                                    [127.0.0.1 (computer
>>>> name)]
>>>> #added
>>>> #####################
>>>> # The following lines are desirable for IPv6 capable hosts
>>>> ::1     ip6-localhost ip6-loopback
>>>> fe00::0 ip6-localnet
>>>> ff00::0 ip6-mcastprefix
>>>> ff02::1 ip6-allnodes
>>>> ff02::2 ip6-allrouters

>>>>
>>>>
>>>>
>>>>> You can also do a couple of ssh daemon "hacks", by editing the
>>>>> /etc/ssh/sshd_config file:
>>>>>
>>>>> If I do this I don't need to worry about /etc/hosts?
>>>>
>>>>
>>>>> a) Allow root ssh (which is disallowed by default) [What command are
>>>>> you running from the other system to get here? As root?]:
>>>>>
>>>>> Find out line that read as follows:
>>>>> *PermitRootLogin no*
>>>>> Set it as follows:
>>>>> *PermitRootLogin yes*
>>>>>
>>>>> b) Disable Strict
>>>>> *StrictHostKeyChecking* *yes
>>>>> *set it as follows:*
>>>>> **StrictHostKeyChecking* *no*
>>>>>
>>>>> c) Change/extend the timeouts:
>>>>>
>>>>> *ServerAliveInterval 100*
>>>>>
>>>>>
>>>>> These changes can be used to provide more information on why you are
>>>>> not connecting.
>>>>>
>>>>> ALWAYS remember to copy your original CONFIGS to backup before editing
>>>>> so you can seamlessly roll forward and back.
>>>>>
>>>>> Don't forget to restart ssh daemon after making configuration changes!
>>>>>
>>>>> Nope... didn't work.
>>>>
>>>>
>>>>>
>>>>>
>>>> On Fri, Mar 16, 2012 at 11:00 PM, James Mcphee <>wrote:
>>>>>
>>>>>> if you're opening that much, just disable iptables until you figure
>>>>>> out what you need to leave open.
>>>>>> On Mar 16, 2012 6:06 PM, "Michael Havens" <> wrote:
>>>>>>
>>>>>>>      hmmmmmm..... opening the ports didn't help any. I opened:

>>>>>>>
>>>>>>> bmike1@Michaels-PC:~$ sudo ufw status
>>>>>>> Status: active
>>>>>>>
>>>>>>> To                         Action      From
>>>>>>> --                         ------      ----
>>>>>>> 22                         ALLOW       Anywhere
>>>>>>> 137                        ALLOW       Anywhere
>>>>>>> 138                        ALLOW       Anywhere
>>>>>>> 139                        ALLOW       Anywhere
>>>>>>> 445                        ALLOW       Anywhere
>>>>>>> 389                        ALLOW       Anywhere
>>>>>>> 901                        ALLOW       Anywhere
>>>>>>> 53                         ALLOW       Anywhere
>>>>>>> 80                         ALLOW       Anywhere
>>>>>>> 110                        ALLOW       Anywhere
>>>>>>> 143                        ALLOW       Anywhere
>>>>>>> 443                        ALLOW       Anywhere
>>>>>>> 631                        ALLOW       Anywhere
>>>>>>> 993                        ALLOW       Anywhere
>>>>>>> 995                        ALLOW       Anywhere
>>>>>>> 5800                       ALLOW       Anywhere
>>>>>>> 5900                       ALLOW       Anywhere
>>>>>>> 9418                       ALLOW       Anywhere
>>>>>>> 8080                       ALLOW       Anywhere
>>>>>>> 22                         ALLOW       Anywhere (v6)
>>>>>>> 137                        ALLOW       Anywhere (v6)
>>>>>>> 138                        ALLOW       Anywhere (v6)
>>>>>>> 139                        ALLOW       Anywhere (v6)
>>>>>>> 445                        ALLOW       Anywhere (v6)
>>>>>>> 389                        ALLOW       Anywhere (v6)
>>>>>>> 901                        ALLOW       Anywhere (v6)
>>>>>>> 53                         ALLOW       Anywhere (v6)
>>>>>>> 80                         ALLOW       Anywhere (v6)
>>>>>>> 110                        ALLOW       Anywhere (v6)
>>>>>>> 143                        ALLOW       Anywhere (v6)
>>>>>>> 443                        ALLOW       Anywhere (v6)
>>>>>>> 631                        ALLOW       Anywhere (v6)
>>>>>>> 993                        ALLOW       Anywhere (v6)
>>>>>>> 995                        ALLOW       Anywhere (v6)
>>>>>>> 5800                       ALLOW       Anywhere (v6)
>>>>>>> 5900                       ALLOW       Anywhere (v6)
>>>>>>> 9418                       ALLOW       Anywhere (v6)
>>>>>>> 8080                       ALLOW       Anywhere (v6)

>>>>>>>
>>>>>>> bmike1@Michaels-PC:~$
>>>>>>>
>>>>>>>
>>>>>>>      What else do you think I should open?

>>>>>>>
>>>>>>>
>>>>>>> On Fri, Mar 16, 2012 at 10:44 AM, Michael Havens <>wrote:
>>>>>>>
>>>>>>>> look what I found in my quest to open ports for printing: I found a
>>>>>>>> program called ufw which is a 'program for managing a netfilter
>>>>>>>> firewall.' And one of the commands is:
>>>>>>>>
>>>>>>>>        ufw allow 53
>>>>>>>>        This  rule  will allow tcp and udp port 53 to any address on
>>>>>>>> this
>>>>>>>>        host.

>>>>>>>>
>>>>>>>> Which is the printers port?... of course 631. my search engine is
>>>>>>>> givong me another: 515? But both of my computers print.
>>>>>>>> Do you know if I can specify more than one port in the command?
>>>>>>>> oops... I just found the correct syntax:
>>>>>>>>      ufw allow 18:25,50:110,130:150,389:445,
>>>>>>>> 631,900:1000,5800:5900,8080,9418
>>>>>>>> the man page says I'm allowed 15 numbers in there. No spaces,
>>>>>>>> separated by a coma, and ranges (x:y ) count as two numbers.

>>>>>>>>
>>>>>>>> What other ports does the great brain known as PLUG believe is good
>>>>>>>> to open?
>>>>>>>> I think ufw is basically a program to make iptables easier. Or do
>>>>>>>> you want to give me a tutelage on iptables. I'm willing if you are! Does
>>>>>>>> anyone have any pointers about ufw?
>>>>>>>>
>>>>>>>> ufw probably is an acronym for unix fire wall. or perhaps ubuntu
>>>>>>>> fire wall.
>>>>>>>>
>>>>>>>>
>>>>>>>
>>>>> --
>>>>> (503) 754-4452 Android
>>>>> (623) 239-3392 Skype
>>>>> (623) 688-3392 Google Voice
>>>>> **
>>>>> it-clowns.com
>>>>>
>>>>>
>>>>>
>>>>>
>>>>>
>>>>>
>>>>>
>>>>>
>>>>>
>>>>>
>>>>>
>>>>>
>>>>>
>>>>>
>>>>>
>>>>>
>>>>> ---------------------------------------------------
>>>>> PLUG-discuss mailing list -
>>>>> To subscribe, unsubscribe, or to change your mail settings:
>>>>> http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss
>>>>>
>>>>
>>>>
>>>>
>>>> --
>>>> :-)~MIKE~(-:
>>>>
>>>
>>>
>>>
>>> --
>>> :-)~MIKE~(-:
>>>
>>
>>
>>
>> --
>> :-)~MIKE~(-:
>>
>
>
>
> --
> :-)~MIKE~(-:
>




--
:-)~MIKE~(-:
---------------------------------------------------
PLUG-discuss mailing list -
To subscribe, unsubscribe, or to change your mail settings:
http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss