Firewall Rules for Printer Access?

superlative

unread,

Dec 18, 2016, 6:16:08 PM12/18/16

to qubes-users

Hi,
I read the instructions to configure a printer here https://www.qubes-os.org/doc/network-printer/ . It says to configure the Firewall to allow printer access. But when I get to the template VM firewall rules, it asks for an URL or IP Address, and I'm not sure how to add an address for my printer which is not on the Internet. How do I "allow network access from the template VM to [my] printer"?

Thank you.

raah...@gmail.com

unread,

Dec 18, 2016, 6:47:48 PM12/18/16

to qubes-users

you would only allow temporary network access to the templatevm to test the printer. you can right click the templatevm name in qubes-manager and hit edit firewall rules.

after shutting down the template set your appvm firewall rules accordingly and restart it. default is to allow all outgoing so you shouldn't have to worry about setting anything, unless you've made custom changes.

Andrew David Wong

unread,

Dec 19, 2016, 12:18:53 AM12/19/16

to superlative, qubes-users

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

If it's a network printer, then you probably want to allow access to
whichever IP address it has on your local network, e.g., 192.168.1.102.

- --
Andrew David Wong (Axon)
Community Manager, Qubes OS
https://www.qubes-os.org
-----BEGIN PGP SIGNATURE-----

iQIcBAEBCgAGBQJYV22xAAoJENtN07w5UDAwpZUP/20Y6crlGyhZFxJ3hdeQeqV9
vQ+xlh4+jAtNM6phAtSnQw50FvZHvYM7YyOhKBejcIURshcXy0AaxLrJfDUBh/SX
p8vv4/ciQrE4j6dAjCLKuiPcIJhDLImnjJY+EbL13gYFhww2ZGQrTi4/CYhmam2q
yoidp2ju9OJQTC2mFaFUdYcsrkyH6YM06AwJp+qZb2/Zy72fj4Guc4Nz/KUr42Wo
Yfu1reluqG604z2Q9obfGYjz4Ou1K2bwkdsgob+nm5weLF+qD4RozKo+TvJc7kEN
0yPTp4X/ApuAWh1YIc+tiCiqm3BFCubhRhYNdtYLWW+/h5EGDm1O7BObwtJOCfkI
DlthIgpZ234i6++8PZrkQUea8vljDHWbwnBlPyN6T3uRoRpcmDfAZE9BIrfACW/c
FgiUIJsbSFuqsi6yjG7KlpxqK+RE1To1irXvQfUgpTO73OFavH4uxrLzlq18FkSc
azIod7E6pGhUABLrsk6qqt670sRk2tSg6TEdwBwzFZ0iS2KZY/35xfePk+65rB1c
sTrWzYCAvRbKZFN2I0cQYwF4gbwibKsBlUyM1N2Edn1pdGtlhkNPecn3aBmLkSpR
1oVpv0+QiDMv14Lg2Hu6E6WvxGmNUUJTXnMjQBGBzdUNYf3o3WSZHIgLUCmeldz/
HlLyBHO5qJ9OswK8YAwL
=9gFH
-----END PGP SIGNATURE-----

superlative

unread,

Dec 22, 2016, 6:48:06 PM12/22/16

to qubes-users, randomf...@gmail.com

On Sunday, December 18, 2016 at 9:18:53 PM UTC-8, Andrew David Wong wrote:
> If it's a network printer, then you probably want to allow access to
> whichever IP address it has on your local network, e.g., 192.168.1.102.
>
> - --
> Andrew David Wong (Axon)
> Community Manager, Qubes OS
> https://www.qubes-os.org

It is a USB printer, not a network printer. So I assume I don't need to mess with the firewall, and it should show up in the attach/detatch context menu on Qubes VM Manager. But it doesn't! What do I do if it doesn't show up there?

I'd assume I need to install HPLIP package. But I'm not sure which template to install it on in order for the Qubes VM Manager to pick it up? In other words, what template does the Qubes VM Manager use?

Thanks for everyone who responded to me.

Franz

unread,

Dec 22, 2016, 7:41:23 PM12/22/16

to superlative, qubes-users

On Thu, Dec 22, 2016 at 8:48 PM, superlative <randomf...@gmail.com> wrote:

On Sunday, December 18, 2016 at 9:18:53 PM UTC-8, Andrew David Wong wrote:
> If it's a network printer, then you probably want to allow access to
> whichever IP address it has on your local network, e.g., 192.168.1.102.
>
> - --
> Andrew David Wong (Axon)
> Community Manager, Qubes OS
> https://www.qubes-os.org

It is a USB printer, not a network printer.

It is for something that everybody suppose it is a network printer. In fact a network printer is the suggested way to use a printer in Qubes to avoid all the problems with USB and VMs.

I had the same problem as yours and solved it buying for a few dollars a network printer server, so converting an ordinary USB printer into a network printer.

Best

Fran

So I assume I don't need to mess with the firewall, and it should show up in the attach/detatch context menu on Qubes VM Manager. But it doesn't! What do I do if it doesn't show up there?

I'd assume I need to install HPLIP package. But I'm not sure which template to install it on in order for the Qubes VM Manager to pick it up? In other words, what template does the Qubes VM Manager use?

Thanks for everyone who responded to me.

--
You received this message because you are subscribed to the Google Groups "qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscribe@googlegroups.com.
To post to this group, send email to qubes...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/bda5ed4d-c584-473c-9039-fdfe8aa31eab%40googlegroups.com.

For more options, visit https://groups.google.com/d/optout.

raah...@gmail.com

unread,

Dec 22, 2016, 10:34:55 PM12/22/16

to qubes-users, randomf...@gmail.com

you will have to print from a sys-usb qubes then most likely if using usb. the template you install printer drivers to is that one. You can try to add single usb device instead if using latest qubes. https://www.qubes-os.org/doc/usb/

Scroll to "Attaching a single USB device to a qube (USB passthrough)"

Then you can attach the single usb device to an appvm and possibly print to it? No idea though I've never tried it, maybe someone with more experience can chime in. Actually I have dont it with an android phone and its worked. Before I would have to transfer files from the usbvm. So maybe it works for printers too I would give it a shot.

Though, most people use network printer from a disposable vm using a whole separate template. cause printer drivers is untrusted. first virus i ever got as a young child was from a printer driver disk straight from factory.

Andrew David Wong

unread,

Dec 23, 2016, 3:08:05 AM12/23/16

to superlative, qubes-users

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

On 2016-12-22 15:48, superlative wrote:
> On Sunday, December 18, 2016 at 9:18:53 PM UTC-8, Andrew David Wong
> wrote:
>> If it's a network printer, then you probably want to allow access
>> to whichever IP address it has on your local network, e.g.,
>> 192.168.1.102.
>>

> It is a USB printer, not a network printer. So I assume I don't
> need to mess with the firewall, and it should show up in the
> attach/detatch context menu on Qubes VM Manager. But it doesn't!
> What do I do if it doesn't show up there?
>

No, a device will show up in that menu only if it's a *block* device
(e.g., flash drive, external hard drive). Since a USB printer is not a
block device, you should either print directly from the USB qube or
attempt USB passthrough, as raahelps said.

- --
Andrew David Wong (Axon)
Community Manager, Qubes OS
https://www.qubes-os.org

higgin...@gmail.com

unread,

Dec 24, 2016, 11:16:25 AM12/24/16

to qubes-users

You may be having similar problems to me a week or two ago. See my thread headed "HP PRINTER PROBLEM" starting 10 DEC. I eventually solved it for both network and USB options - on Fedora-23 and DEBIAN-8 templates. Hope this helps.

raah...@gmail.com

unread,

Dec 24, 2016, 5:02:25 PM12/24/16

to qubes-users, higgin...@gmail.com

I don't see your thread can you link it?

superlative

unread,

Dec 28, 2016, 4:46:07 PM12/28/16

to qubes-users, randomf...@gmail.com

Thanks for suggesting a network printer. That might be what I have to end up doing. But before I try that, I want to keep trying USB printer.

I'll try the USB passthrough method as soon as I figure out how to install qubes-usb-proxy on my Fedora-23 template VM Software app. I created a new thread in this forum to figure that out. It's called "Fedora-23 Software only shows already installed apps".

superlative

unread,

Dec 29, 2016, 6:13:34 PM12/29/16

to qubes-users, randomf...@gmail.com, raah...@gmail.com

On Thursday, December 22, 2016 at 7:34:55 PM UTC-8, raah...@gmail.com wrote:
> you will have to print from a sys-usb qubes then most likely if using usb. the template you install printer drivers to is that one. You can try to add single usb device instead if using latest qubes. https://www.qubes-os.org/doc/usb/
>
> Scroll to "Attaching a single USB device to a qube (USB passthrough)"
>
> Then you can attach the single usb device to an appvm and possibly print to it? No idea though I've never tried it, maybe someone with more experience can chime in. Actually I have dont it with an android phone and its worked. Before I would have to transfer files from the usbvm. So maybe it works for printers too I would give it a shot.
>
> Though, most people use network printer from a disposable vm using a whole separate template. cause printer drivers is untrusted. first virus i ever got as a young child was from a printer driver disk straight from factory.

That worked. I opened a terminal on Fedora-23 template VM, ran "sudo dnf install qubes-usb-proxy" without quotes, opened a XTerm from the System Tools Xfce start menu, ran "qvm-usb", found my printer listed, then ran "qvm-usb -a disp[#] sys-usb:[#-#]" replacing # with whatever number the disposable app VM I had open that I wanted to print from and the other #s replaced with the numbers listed next to my printer with the previous command "qvm-usb" and no brackets or quotes. Printed just fine. I wish qvm-usb was available through the GUI Qubes VM Manager. Since it's not I have to save a Firefox bookmark to the page https://www.qubes-os.org/doc/usb/ so I don't forget the commands I need to use to attach my printer to another disposable VM next time I need to print.

Thanks for all your help you guys. My printer now works!

Andrew David Wong

unread,

Dec 29, 2016, 11:13:58 PM12/29/16

to superlative, qubes-users, raah...@gmail.com

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

On 2016-12-29 15:13, superlative wrote:
I wish qvm-usb was available through the GUI Qubes
> VM Manager. Since it's not I have to save a Firefox bookmark to the
> page https://www.qubes-os.org/doc/usb/ so I don't forget the commands
> I need to use to attach my printer to another disposable VM next time
> I need to print.
>

Added a note about that here:
https://github.com/QubesOS/qubes-issues/issues/2132#issuecomment-269730375

- --
Andrew David Wong (Axon)
Community Manager, Qubes OS
https://www.qubes-os.org

superlative

unread,

Jan 16, 2017, 4:10:37 PM1/16/17

to qubes-users, randomf...@gmail.com, raah...@gmail.com

On Thursday, December 29, 2016 at 11:13:58 PM UTC-5, Andrew David Wong wrote:
> On 2016-12-29 15:13, superlative wrote:
> I wish qvm-usb was available through the GUI Qubes
> > VM Manager. Since it's not I have to save a Firefox bookmark to the
> > page https://www.qubes-os.org/doc/usb/ so I don't forget the commands
> > I need to use to attach my printer to another disposable VM next time
> > I need to print.
> >
>
> Added a note about that here:
> https://github.com/QubesOS/qubes-issues/issues/2132#issuecomment-269730375
>
> - --
> Andrew David Wong (Axon)
> Community Manager, Qubes OS
> https://www.qubes-os.org

Thank you Mr. Andrew. You're the best!

raah...@gmail.com

unread,

Jan 17, 2017, 11:15:52 PM1/17/17

to qubes-users, randomf...@gmail.com, raah...@gmail.com

in meantime you can use the up arrow in a terminal to use your last commands, instead of retyping.

Jarle Thorsen

unread,

Jan 20, 2017, 2:57:30 AM1/20/17

to qubes-users, randomf...@gmail.com, raah...@gmail.com

> in meantime you can use the up arrow in a terminal to use your last commands, instead of retyping.

or use the "history" command, followed by:
$!<number> to execute previous command corresponding to <number> in the output from history.

superlative

unread,

Mar 14, 2017, 7:50:02 PM3/14/17

to qubes-users, randomf...@gmail.com, raah...@gmail.com

Very good ideas, thanks!

Reply all

Reply to author

Forward