[Techtalk] More fiddling-generated problems

[Raven Alder]

Heya --

Quoth Patricia Fraser (Mon, Jul 08, 2002 at 09:31:00PM +1000):
> I've looked through the list of iptables rules in force, and I'm not sure 
> what to change (if anything) to make life easier (grin) - or if it's even the 
> problem... (rules available for perusal on request)

	Sure, send them on.  Are you defaulting to an allow or a deny
policy?  If you're defaulting to deny and you haven't allowed
connections to the printer port from your local host, it would produce
behaviour like you're seeing.  

> I don't think I did anything different at the firewall-making stage; but I 
> think I used to have lpd installed, and now I don't - not sure at all!

	Don't know a lot about printers, but AFAIK cups-lpd and such is
a replacement for lpd.  So you shouldn't need both.  And Bastille
doesn't randomly uninstall things.  Did you do anything with Bastille
besides create a firewall?  If so, the other things you changed/hardened
may have affected things.
 
> lsof -i output looks like this:
> 
> lpc     5032 trish    3u  IPv4  82770       TCP 
> d251-ps0-mel.alphalink.com.au:ctt-broker->localhost.localdomain:ipp (SYN_SENT)

	Okay, that's an attempted connection from
d251-ps0-mel.alphalink.com.au (I assume this is the name for the IP your
ethernet card has assigned to it) to the printer port on your local
host.  This sounds like a firewall problem to me.  SYN_SENT basically
means that the first packet to set up the TCP connection has been sent,
but no acknowledgement of this has been recieved, and the connection is
not up yet.  So I'd guess that you're sending the SYN, your firewall is
blocking it, and so it hangs there (and so do your apps) until the
connection times out.  This can be a very long time.  Killing the
printer processes just causes it to fail, and the rest of the program
can move on. 

	Post your rules, and we'll see what we can do with 'em.

Cheers,
Raven
 
"If you bring your freak, I get to bring mine."
  -- Jericho, on sushi