cups: connection timed out
I'm showing connection timed out in the /var/log/cups/error_log.
D [29/Oct/2015:17:43:32 -0400] cupsdSetBusyState: Printing jobs
D [29/Oct/2015:17:44:04 -0400] [Job 11441] Connection error: Connection timed out
I find that if I change the default OUTPUT policy to ACCEPT, cups processes my print jobs without a hitch.
Here is my iptables config (showing policy DROP)
Chain OUTPUT (policy DROP 4 packets, 262 bytes)
pkts bytes target prot opt in out source destination
61345 14M ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED
60 3600 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 multiport dports 80,443,636 state NEW,ESTABLISHED
0 0 ACCEPT icmp -- * * 0.0.0.0/0 0.0.0.0/0 state NEW,RELATED,ESTABLISHED
1 76 ACCEPT udp -- * * 0.0.0.0/0 0.0.0.0/0 udp dpt:123 state NEW,ESTABLISHED
10 600 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:22 state NEW,ESTABLISHED
4 240 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:25 state NEW,ESTABLISHED
265 15900 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 multiport dports 1433 state NEW,ESTABLISHED
26 1662 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:445 state NEW,ESTABLISHED
0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:631 state NEW,ESTABLISHED
0 0 ACCEPT udp -- * * 0.0.0.0/0 0.0.0.0/0 udp dpt:631 state NEW,ESTABLISHED
0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:139 state NEW,ESTABLISHED
6143 2445K ACCEPT udp -- * * 0.0.0.0/0 0.0.0.0/0 udp dpt:514 state NEW,ESTABLISHED
0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:4443 state NEW,ESTABLISHED
I'm allowing outbound traffic on port 631 (upd and tcp).
If I relax OUTPUT to ACCEPT, the print queue processes normally, but I am not showing any outbound traffic on port 631.
Here's the relevant section from /etc/cups/cupsd.conf:
# Only listen for connections from the local machine.
Listen localhost:631
Listen /var/run/cups/cups.sock
This configuration worked until yesterday when I moved the printer to a new VLAN (from 2.2.2.2 to 3.3.3.3). I can ping the printer OK with the firewall up.
What could be going on with my iptables config to prevent print jobs from being sent to the printer?
centos iptables cups output
edited 37 mins ago
Rui F Ribeiro
40.1k1479135
asked Oct 29 '15 at 21:49
a codera coder
1,01972747
add a comment |
I'm showing connection timed out in the /var/log/cups/error_log.
D [29/Oct/2015:17:43:32 -0400] cupsdSetBusyState: Printing jobs
D [29/Oct/2015:17:44:04 -0400] [Job 11441] Connection error: Connection timed out
I find that if I change the default OUTPUT policy to ACCEPT, cups processes my print jobs without a hitch.
Here is my iptables config (showing policy DROP)
Chain OUTPUT (policy DROP 4 packets, 262 bytes)
pkts bytes target prot opt in out source destination
61345 14M ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED
60 3600 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 multiport dports 80,443,636 state NEW,ESTABLISHED
0 0 ACCEPT icmp -- * * 0.0.0.0/0 0.0.0.0/0 state NEW,RELATED,ESTABLISHED
1 76 ACCEPT udp -- * * 0.0.0.0/0 0.0.0.0/0 udp dpt:123 state NEW,ESTABLISHED
10 600 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:22 state NEW,ESTABLISHED
4 240 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:25 state NEW,ESTABLISHED
265 15900 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 multiport dports 1433 state NEW,ESTABLISHED
26 1662 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:445 state NEW,ESTABLISHED
0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:631 state NEW,ESTABLISHED
0 0 ACCEPT udp -- * * 0.0.0.0/0 0.0.0.0/0 udp dpt:631 state NEW,ESTABLISHED
0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:139 state NEW,ESTABLISHED
6143 2445K ACCEPT udp -- * * 0.0.0.0/0 0.0.0.0/0 udp dpt:514 state NEW,ESTABLISHED
0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:4443 state NEW,ESTABLISHED
I'm allowing outbound traffic on port 631 (upd and tcp).
If I relax OUTPUT to ACCEPT, the print queue processes normally, but I am not showing any outbound traffic on port 631.
Here's the relevant section from /etc/cups/cupsd.conf:
# Only listen for connections from the local machine.
Listen localhost:631
Listen /var/run/cups/cups.sock
This configuration worked until yesterday when I moved the printer to a new VLAN (from 2.2.2.2 to 3.3.3.3). I can ping the printer OK with the firewall up.
What could be going on with my iptables config to prevent print jobs from being sent to the printer?
centos iptables cups output
edited 37 mins ago
Rui F Ribeiro
40.1k1479135
asked Oct 29 '15 at 21:49
a codera coder
1,01972747
add a comment |
I'm showing connection timed out in the /var/log/cups/error_log.
D [29/Oct/2015:17:43:32 -0400] cupsdSetBusyState: Printing jobs
D [29/Oct/2015:17:44:04 -0400] [Job 11441] Connection error: Connection timed out
I find that if I change the default OUTPUT policy to ACCEPT, cups processes my print jobs without a hitch.
Here is my iptables config (showing policy DROP)
Chain OUTPUT (policy DROP 4 packets, 262 bytes)
pkts bytes target prot opt in out source destination
61345 14M ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED
60 3600 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 multiport dports 80,443,636 state NEW,ESTABLISHED
0 0 ACCEPT icmp -- * * 0.0.0.0/0 0.0.0.0/0 state NEW,RELATED,ESTABLISHED
1 76 ACCEPT udp -- * * 0.0.0.0/0 0.0.0.0/0 udp dpt:123 state NEW,ESTABLISHED
10 600 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:22 state NEW,ESTABLISHED
4 240 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:25 state NEW,ESTABLISHED
265 15900 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 multiport dports 1433 state NEW,ESTABLISHED
26 1662 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:445 state NEW,ESTABLISHED
0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:631 state NEW,ESTABLISHED
0 0 ACCEPT udp -- * * 0.0.0.0/0 0.0.0.0/0 udp dpt:631 state NEW,ESTABLISHED
0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:139 state NEW,ESTABLISHED
6143 2445K ACCEPT udp -- * * 0.0.0.0/0 0.0.0.0/0 udp dpt:514 state NEW,ESTABLISHED
0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:4443 state NEW,ESTABLISHED
I'm allowing outbound traffic on port 631 (upd and tcp).
If I relax OUTPUT to ACCEPT, the print queue processes normally, but I am not showing any outbound traffic on port 631.
Here's the relevant section from /etc/cups/cupsd.conf:
# Only listen for connections from the local machine.
Listen localhost:631
Listen /var/run/cups/cups.sock
This configuration worked until yesterday when I moved the printer to a new VLAN (from 2.2.2.2 to 3.3.3.3). I can ping the printer OK with the firewall up.
What could be going on with my iptables config to prevent print jobs from being sent to the printer?
centos iptables cups output
edited 37 mins ago
Rui F Ribeiro
40.1k1479135
asked Oct 29 '15 at 21:49
a codera coder
1,01972747
I'm showing connection timed out in the /var/log/cups/error_log.
D [29/Oct/2015:17:43:32 -0400] cupsdSetBusyState: Printing jobs
D [29/Oct/2015:17:44:04 -0400] [Job 11441] Connection error: Connection timed out
I find that if I change the default OUTPUT policy to ACCEPT, cups processes my print jobs without a hitch.
Here is my iptables config (showing policy DROP)
Chain OUTPUT (policy DROP 4 packets, 262 bytes)
pkts bytes target prot opt in out source destination
61345 14M ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED
60 3600 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 multiport dports 80,443,636 state NEW,ESTABLISHED
0 0 ACCEPT icmp -- * * 0.0.0.0/0 0.0.0.0/0 state NEW,RELATED,ESTABLISHED
1 76 ACCEPT udp -- * * 0.0.0.0/0 0.0.0.0/0 udp dpt:123 state NEW,ESTABLISHED
10 600 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:22 state NEW,ESTABLISHED
4 240 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:25 state NEW,ESTABLISHED
265 15900 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 multiport dports 1433 state NEW,ESTABLISHED
26 1662 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:445 state NEW,ESTABLISHED
0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:631 state NEW,ESTABLISHED
0 0 ACCEPT udp -- * * 0.0.0.0/0 0.0.0.0/0 udp dpt:631 state NEW,ESTABLISHED
0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:139 state NEW,ESTABLISHED
6143 2445K ACCEPT udp -- * * 0.0.0.0/0 0.0.0.0/0 udp dpt:514 state NEW,ESTABLISHED
0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:4443 state NEW,ESTABLISHED
I'm allowing outbound traffic on port 631 (upd and tcp).
If I relax OUTPUT to ACCEPT, the print queue processes normally, but I am not showing any outbound traffic on port 631.
Here's the relevant section from /etc/cups/cupsd.conf:
# Only listen for connections from the local machine.
Listen localhost:631
Listen /var/run/cups/cups.sock
This configuration worked until yesterday when I moved the printer to a new VLAN (from 2.2.2.2 to 3.3.3.3). I can ping the printer OK with the firewall up.
What could be going on with my iptables config to prevent print jobs from being sent to the printer?
centos iptables cups output
centos iptables cups output
edited 37 mins ago
Rui F Ribeiro
40.1k1479135
asked Oct 29 '15 at 21:49
a codera coder
1,01972747
edited 37 mins ago
Rui F Ribeiro
40.1k1479135
asked Oct 29 '15 at 21:49
a codera coder
1,01972747
edited 37 mins ago
Rui F Ribeiro
40.1k1479135
edited 37 mins ago
Rui F Ribeiro
40.1k1479135
edited 37 mins ago
Rui F Ribeiro
40.1k1479135
40.1k1479135
asked Oct 29 '15 at 21:49
a codera coder
1,01972747
asked Oct 29 '15 at 21:49
a codera coder
1,01972747
asked Oct 29 '15 at 21:49
a codera coder
1,01972747
1,01972747
add a comment |
add a comment |
0
active
oldest
votes
Your Answer
StackExchange.ready(function() {
var channelOptions = {
tags: "".split(" "),
id: "106"
};
initTagRenderer("".split(" "), "".split(" "), channelOptions);
StackExchange.using("externalEditor", function() {
// Have to fire editor after snippets, if snippets enabled
if (StackExchange.settings.snippets.snippetsEnabled) {
StackExchange.using("snippets", function() {
createEditor();
});
}
else {
createEditor();
}
});
function createEditor() {
StackExchange.prepareEditor({
heartbeatType: 'answer',
autoActivateHeartbeat: false,
convertImagesToLinks: false,
noModals: true,
showLowRepImageUploadWarning: true,
reputationToPostImages: null,
bindNavPrevention: true,
postfix: "",
imageUploader: {
brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
allowUrls: true
},
onDemand: true,
discardSelector: ".discard-answer"
,immediatelyShowMarkdownHelp:true
});
}
});
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2funix.stackexchange.com%2fquestions%2f239616%2fcups-connection-timed-out%23new-answer', 'question_page');
}
);
Post as a guest
Required, but never shown
0
active
oldest
votes
0
active
oldest
votes
active
oldest
votes
active
oldest
votes
Thanks for contributing an answer to Unix & Linux Stack Exchange!
- Please be sure to answer the question. Provide details and share your research!
But avoid …
- Asking for help, clarification, or responding to other answers.
- Making statements based on opinion; back them up with references or personal experience.
To learn more, see our tips on writing great answers.
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2funix.stackexchange.com%2fquestions%2f239616%2fcups-connection-timed-out%23new-answer', 'question_page');
}
);
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
