> I have a printer on the inside network with a 10.* address (HP 4050N).
> I just set it up as a default printer on my Hardy server (which has a > static internet IP).
> My question is, is that secure. Does the printer server limit itself to > local network only (based on interfaces and netmasks)?
> Or can any internet user connect to my printer service? (undesirable)
> i
If your server is connected directly (and without a firewall) to the Internet, then it will be possible for users (from anywhere) to print. You should install a firewall and configure it to only allow local machines to print.
-- Best regards Jacob Tranholm <http://jtranholm.dk/> Karl R. Popper: Observation statements and statements of experimental results are always interpretations of the facts observed.
> Ignoramus9437 skrev: >> I have a server with Ubuntu Hardy (8.04).
>> I have a printer on the inside network with a 10.* address (HP 4050N).
>> I just set it up as a default printer on my Hardy server (which has a >> static internet IP).
>> My question is, is that secure. Does the printer server limit itself to >> local network only (based on interfaces and netmasks)?
>> Or can any internet user connect to my printer service? (undesirable)
>> i
> If your server is connected directly (and without a firewall) to the > Internet, then it will be possible for users (from anywhere) to print. > You should install a firewall and configure it to only allow local > machines to print.
Thanks. Just double checking, do you know this for a fact or just guessing?
Some services are good about checking whether a connection comes from a local address, and some allow all machines and defer this question to the firewall.
Ignoramus9437 wrote: > Thanks. Just double checking, do you know this for a fact or just > guessing?
> Some services are good about checking whether a connection comes from > a local address, and some allow all machines and defer this question > to the firewall.
> i
I know for a fact that CUPS in some configurations are accessible from the Internet. Whether this is true for the default Hardy config, or your config, I am not sure... I have always configured my CUPS to only allow local access and further configured a firewall to block internet access.
-- Best regards Jacob Tranholm <http://jtranholm.dk/> Karl R. Popper: Observation statements and statements of experimental results are always interpretations of the facts observed.
Jacob Tranholm wrote: > Ignoramus9437 skrev: >> I have a server with Ubuntu Hardy (8.04).
>> I have a printer on the inside network with a 10.* address (HP 4050N).
>> I just set it up as a default printer on my Hardy server (which has a >> static internet IP). >> My question is, is that secure. Does the printer server limit itself to >> local network only (based on interfaces and netmasks)? >> Or can any internet user connect to my printer service? (undesirable)
>> i
> If your server is connected directly (and without a firewall) to the > Internet, then it will be possible for users (from anywhere) to print. > You should install a firewall and configure it to only allow local > machines to print.
I do not know about Ubuntu, but CentOS 4's CUPS system provides a screen for sharing printers. If you open the machine to anything other than itself, you can list those other IP addresses that are allowed to use your printer. So in my case, I allow only the other computer on my LAN to use it. But if I really trusted you, I could allow your machine to print on my printer too.
-- .~. Jean-David Beyer Registered Linux User 85642. /V\ PGP-Key: 9A2FC99A Registered Machine 241939. /( )\ Shrewsbury, New Jersey http://counter.li.org ^^-^^ 13:40:01 up 24 days, 18:42, 5 users, load average: 4.07, 4.17, 4.14
> Thanks. Just double checking, do you know this for a fact or just > guessing?
> Some services are good about checking whether a connection comes from > a local address, and some allow all machines and defer this question > to the firewall.
> i
You can check your /etc/cups/cupsd.conf and make sure you have either:
<Location /some.path> Order allow,deny Allow @LOCAL </Location>
Or something similar (for instance Allow 10.*, Allow 127.* or Allow @IF(eth1) (if your local network is at eth1 and internet at eth0)) defined.
But I would still also configure a firewall...
-- Best regards Jacob Tranholm <http://jtranholm.dk/> Karl R. Popper: Observation statements and statements of experimental results are always interpretations of the facts observed.
Thanks. I looked at cupsd.conf. By default, it only listens on localhost. So I was safe.
However, now I think that this printer sharing is pointless -- the printer is available as a 10.* IP address to the whole home network, anyway, so each computer can be configured to just print on it directly.
This continues my efforts to reduce dependency of my home network on my home "server". I already moved DHCP service from my server to the cable modem. I did the same with network forwarding, now the modem acts as a gateway as opposed to my home linux server.
This makes my network more reliable in the light of possibility that my basement server crashes or breaks or becomes disconnected.
So, for now, about the only function that my basement server would do for my home computers, is file serving.
There is only one exception as to why sharing a printer on localhost may be useful: it would be useful to print from a laptop that is away from home, if I want to print something on the home printer. (example, I just bought something from a website and want to print the receipt page).
I can do a ssh tunnel from my laptop to home, to make home printer appear as a local printer on port 631 on the laptop.
The regular home computers, would print on their own.
