Re: Problem printing through firewall

From: Alan Johnson (adjtech_at_ulster.net)
Date: 05/02/03 

Date: Thu, 01 May 2003 21:18:26 -0400

Roger Hunen wrote:

> Greetings!
>
> We have problems printing to TCP port 515 (lpd) via an IPfilter based
> firewall. The application (SAP R/3 in this case) places the print job in
> the queue, where it stays up to 20 minutes before it is delivered at the
> printer. While a job is lingering in the print queue, the spooler is trying
> to setup a TCP connection to the printer on port 515. Netstat reveals
> that this connection stays in the SYN_SENT state. The firewall rules
> do permit this connection though (for example: I have no problems at
> all telnetting to the printer on port 515 from the HP-UX machine).
>
> Cause of the problem seems to be that the HP-UX printer spooler always
> uses TCP source port 1023 for this printer. When two print jobs are sent
> back to back, this causes the firewall to think that communication for the
> second job is attempted on a TCP connection (from the first job) that is
> closing (the firewall tracks the state of TCP connections).
>
> Question: is it possible to reconfigure HP-UX printing such that a different
> TCP source port is used for every print job? If so, what changes must
> I make to the system?
>
> Thanks in advance,
> -Roger
>
>
>
>

We had the same problem, the port was open one way going in to the
printer/printserv but the packets were not allowed to come back out from
the printer. You have to check and see what port the print server is
sending the ack's on, it is probably not the same one.

Relevant Pages

  • Re: When PC restarted all printjobs printed prior to restart are r
    ... I have disabled virus scan to the specified ... the port and when I attempted to get into the properties of the USB001 port, ... all print jobs which have been printed since the ... >> shows the job in queue but the status is printed. ...
    (microsoft.public.win2000.printing)
  • Re: When PC restarted all printjobs printed prior to restart are r
    ... Bidirectional is a check box on the Ports tab page. ... > the port and when I attempted to get into the properties of the USB001 ... all print jobs which have been printed since ... >>> shows the job in queue but the status is printed. ...
    (microsoft.public.win2000.printing)
  • [PATCH 3/3] Intel IXP4xx network drivers
    ... - hardware queue manager ... endif #NETDEVICES ... +static inline void debug_desc(unsigned int queue, u32 desc_phys, ... +static int request_queues(struct port *port) ...
    (Linux-Kernel)
  • why is my pf configuration breaking ssh?
    ... #queue dflt bandwidth 5% cbq ... pass in log quick on lo0 inet proto tcp \ ... pass in log quick on $int_if inet proto tcp from any to any port flags S/SA synproxy state ...
    (freebsd-questions)
  • dhcpd assigns address, but DNS resolvers and ping fail
    ... #queue dflt bandwidth 5% cbq ... pass in log quick on lo0 inet proto tcp \ ... pass in log quick on $int_if inet proto tcp from any to any port ...
    (freebsd-questions)