[PLUG] ports not accessible to local network?

[Wil Cooley]

On Sun, 2004-11-21 at 09:45 -0800, Brian Quade wrote:
> I have two machines on a network, rh9cups and fc2bind.
> rh9cups runs RH9, has a printer attached, and runs CUPS as a server.
> fc2bind runs Fedora Core2 and BIND as the authoritative server for the 
> local domain.

> rh9cups resolv.conf file lists fc2bind's IP address as its first name 
> server, but running dig from rh9cups shows that it is using the 
> secondary name server (the ISP) and is not resolving any of my local 
> addresses.

This is normal; the resolver usually uses your DNS servers in round-
robin fashion.  You'd be fine on a network the size of yours just using
one.

>  From fc2bind, if I run "nmap localhost" it shows 4 ports open (ssh, 
> domain, ipp, rndc).
>  From rh9cups, if I run "nmap 192.168.123.2" it shows only 1 port open 
> (ssh).
> (192.168.123.2 is the IP address of fc2bind)
> Can a port be opened for local access only?  And if so, how can that be 
> changed?
> Is this an incorrectly configured BIND setup?

> I am wondering if this is why the print server doesn't work either.  I 
> had assumed it was just me because I have had trouble setting up CUPS in 
> the past, but since rh9cups does not even see that fc2bind has an ipp 
> port open I am wondering if it is the same problem.  fc2bind can see 
> that rh9cups has an ipp port open, but it still does not see the printer.

rh9cups shouldn't need to see the ipp port open on fc2bind, because
fc2bind connects as a client to the CUPS server.  It should, however,
see the 'domain' port open, although you scanned for TCP, and DNS
usually works through UDP.  However, it's probably the default firewall
setuo which is blocking both.  For the short term, run 'service iptables
stop' and see if you can get things working, then re-enabled the
firewall and configure it appropriately.

Wil
-- 
Wil Cooley <wcooley at nakedape.cc>
Naked Ape Consulting, Ltd. <http://naked-ape.com>