CentOS - Mar 2009 - Cannot open port 631 for Cups printer sharing

I have been trying to set up printer sharing on the LAN.All machines are
CentOS 5.2 fully updated. The problem server is a fresh build.  The box
it is replacing worked fine for many months.
The problem appears to be a closed port 631 on the new box.  iptables
and ip6tables are stopped as shown by the output below.  To confirm I
was using nmap correctly I ran it against the old server first which
shows 631 open.  No matter what I do to the new box (192.168.2.205) 631
remains closed.  I was running it on the new box via ssh which I think
eleminates any swithc/router issues.

Any thoughts gladly accepted.  This must be something simple/stupid I
have overlooked.  Not much hair left to pull out. ;-/

B.J. 

[root at office bmcclure]# ssh 192.168.2.200
root at 192.168.2.200's password: 
Last login: Sat Feb 21 17:39:51 2009
[root at fileserver ~]# nmap -sT -p 631 -PT 192.168.2.200

Starting Nmap 4.20 ( http://insecure.org ) at 2009-03-02 11:00 EST
Interesting ports on 192.168.2.200:
PORT    STATE SERVICE
631/tcp open  ipp

Nmap finished: 1 IP address (1 host up) scanned in 0.121 seconds
[root at fileserver ~]# nmap -sT -p 631 -PT 192.168.2.205

Starting Nmap 4.20 ( http://insecure.org ) at 2009-03-02 11:01 EST
Interesting ports on 192.168.2.205:
PORT    STATE  SERVICE
631/tcp closed ipp
MAC Address: 00:17:31:EC:0B:2D (Asustek Computer)

Nmap finished: 1 IP address (1 host up) scanned in 0.185 seconds
[root at fileserver ~]# exit
logout

Connection to 192.168.2.200 closed.
[root at office bmcclure]# ssh 192.168.2.205
root at 192.168.2.205's password: 
Last login: Mon Mar  2 06:52:36 2009 from house.keepertoad.com
[root at webserver ~]# service iptables stop
[root at webserver ~]# service ip6tables stop
[root at webserver ~]# iptables -L
Chain INPUT (policy ACCEPT)
target     prot opt source               destination         

Chain FORWARD (policy ACCEPT)
target     prot opt source               destination         

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination         
[root at webserver ~]# ip6tables -L
Chain INPUT (policy ACCEPT)
target     prot opt source               destination         

Chain FORWARD (policy ACCEPT)
target     prot opt source               destination         

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination         
[root at webserver ~]# nmap -sT -p 631 -PT 127.0.0.1

Starting Nmap 4.11 ( http://www.insecure.org/nmap/ ) at 2009-03-02 11:03
EST
Interesting ports on localhost (127.0.0.1):
PORT    STATE  SERVICE
631/tcp closed ipp

Nmap finished: 1 IP address (1 host up) scanned in 0.031 seconds
[root at webserver ~]# service cups status
cupsd (pid 6941) is running...
[root at webserver ~]# nmap -sT -F -PT 127.0.0.1

Starting Nmap 4.11 ( http://www.insecure.org/nmap/ ) at 2009-03-02 11:09
EST
Interesting ports on localhost (127.0.0.1):
Not shown: 1233 closed ports
PORT     STATE SERVICE
22/tcp   open  ssh
25/tcp   open  smtp
111/tcp  open  rpcbind
443/tcp  open  https
636/tcp  open  ldapssl
2049/tcp open  nfs

Nmap finished: 1 IP address (1 host up) scanned in 0.077 seconds

[root at webserver ~]# 


CentOS 5.2, Linux 2.6.18-92.1.22.el5 x86_64 10:54:59 up 17:48, 1 user,
load average: 0.34, 0.23, 0.09

On Mon, 2009-03-02 at 11:20 -0500, b.j. mcclure wrote:
> I have been trying to set up printer sharing on the LAN.All machines are
> CentOS 5.2 fully updated. The problem server is a fresh build.  The box
> it is replacing worked fine for many months.
> The problem appears to be a closed port 631 on the new box.  iptables
> and ip6tables are stopped as shown by the output below.  To confirm I
> was using nmap correctly I ran it against the old server first which
> shows 631 open.  No matter what I do to the new box (192.168.2.205) 631
> remains closed.  I was running it on the new box via ssh which I think
> eleminates any swithc/router issues.
> 
> Any thoughts gladly accepted.  This must be something simple/stupid I
> have overlooked.  Not much hair left to pull out. ;-/
Do you have the Cups Service running? service cups status and service
hplip status.

JohnStanley

On Mon, 2009-03-02 at 11:37 -0500, JohnS wrote:
> On Mon, 2009-03-02 at 11:20 -0500, b.j. mcclure wrote:
> > I have been trying to set up printer sharing on the LAN.All machines
are
> > CentOS 5.2 fully updated. The problem server is a fresh build.  The
box
> > it is replacing worked fine for many months.
> > The problem appears to be a closed port 631 on the new box.  iptables
> > and ip6tables are stopped as shown by the output below.  To confirm I
> > was using nmap correctly I ran it against the old server first which
> > shows 631 open.  No matter what I do to the new box (192.168.2.205)
631
> > remains closed.  I was running it on the new box via ssh which I think
> > eleminates any swithc/router issues.
> > 
> > Any thoughts gladly accepted.  This must be something simple/stupid I
> > have overlooked.  Not much hair left to pull out. ;-/
> 
> Do you have the Cups Service running? service cups status and service
> hplip status.
> 
> JohnStanley
Yes.  See output in original post.  Thanks.
> _______________________________________________
> CentOS mailing list
> CentOS at centos.org
> http://lists.centos.org/mailman/listinfo/centos
CentOS 5.2, Linux 2.6.18-92.1.22.el5 x86_64 12:20:30 up 19:14, 2 users,
load average: 0.01, 0.01, 0.00

on 3-2-2009 8:20 AM b.j. mcclure spake the following:
> I have been trying to set up printer sharing on the LAN.All machines are
> CentOS 5.2 fully updated. The problem server is a fresh build.  The box
> it is replacing worked fine for many months.
> The problem appears to be a closed port 631 on the new box.  iptables
> and ip6tables are stopped as shown by the output below.  To confirm I
> was using nmap correctly I ran it against the old server first which
> shows 631 open.  No matter what I do to the new box (192.168.2.205) 631
> remains closed.  I was running it on the new box via ssh which I think
> eleminates any swithc/router issues.
> 
> Any thoughts gladly accepted.  This must be something simple/stupid I
> have overlooked.  Not much hair left to pull out. ;-/
> 

Cups defaults to only being open on localhost. You have to edit the config
file to open more up.



-- 
MailScanner is like deodorant...
You hope everybody uses it, and
you notice quickly if they don't!!!!

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 258 bytes
Desc: OpenPGP digital signature
URL:
<http://lists.centos.org/pipermail/centos/attachments/20090302/77c74959/attachment-0004.sig>

On Mon, 2009-03-02 at 11:14 -0800, Scott Silva wrote:
> on 3-2-2009 8:20 AM b.j. mcclure spake the following:
> > I have been trying to set up printer sharing on the LAN.All machines
are
> > CentOS 5.2 fully updated. The problem server is a fresh build.  The
box
> > it is replacing worked fine for many months.
> > The problem appears to be a closed port 631 on the new box.  iptables
> > and ip6tables are stopped as shown by the output below.  To confirm I
> > was using nmap correctly I ran it against the old server first which
> > shows 631 open.  No matter what I do to the new box (192.168.2.205)
631
> > remains closed.  I was running it on the new box via ssh which I think
> > eleminates any swithc/router issues.
> > 
> > Any thoughts gladly accepted.  This must be something simple/stupid I
> > have overlooked.  Not much hair left to pull out. ;-/
> > 
> 
> 
> Cups defaults to only being open on localhost. You have to edit the config
> file to open more up.
Qouted by me earlier:
>Interesting that when the local host address is used the port is open:
>[root at rwells-rh legacydp]# nmap -sT -p 631 -PT 127.0.0.1
"""It is configured by default to it has to be
changed"""  # Maybe they
did not understand my wording of it? Should have said It has to be
changed for networking.
Posted a working networkable config also and linked the cups site also
JohnStanley

On Mon, 2009-03-02 at 11:14 -0800, Scott Silva wrote:
> on 3-2-2009 8:20 AM b.j. mcclure spake the following:
> > I have been trying to set up printer sharing on the LAN.All machines
are
> > CentOS 5.2 fully updated. The problem server is a fresh build.  The
box
> > it is replacing worked fine for many months.
> > The problem appears to be a closed port 631 on the new box.  iptables
> > and ip6tables are stopped as shown by the output below.  To confirm I
> > was using nmap correctly I ran it against the old server first which
> > shows 631 open.  No matter what I do to the new box (192.168.2.205)
631
> > remains closed.  I was running it on the new box via ssh which I think
> > eleminates any swithc/router issues.
> > 
> > Any thoughts gladly accepted.  This must be something simple/stupid I
> > have overlooked.  Not much hair left to pull out. ;-/
> > 
> 
> 
> Cups defaults to only being open on localhost. You have to edit the config
> file to open more up.
Perhaps I misunderstand your suggestion but cupsd.conf is identical for
the machine that works properly and the one upon which I cannot get port
631 open, even on localhost.

Thanks,
B.J.
CentOS 5.2, Linux 2.6.18-92.1.22.el5 x86_64 15:07:43 up 22:01, 4 users,
load average: 0.14, 0.09, 0.02