i see nmap and:
Starting Nmap 6.40 ( http://nmap.org ) at 2020-11-12 14:01 -04
Nmap scan report for localhost (127.0.0.1)
Host is up (0.000039s latency).
Not shown: 989 closed ports
PORT STATE SERVICE
21/tcp open ftp
25/tcp open smtp
53/tcp open domain
80/tcp open http
111/tcp open rpcbind
139/tcp open netbios-ssn
443/tcp open https
445/tcp open microsoft-ds
631/tcp open ipp
3128/tcp open squid-http
9090/tcp open zeus-admin
But still the port 515 is blocked, any ideas?
I hace installed
System version
NethServer release 7.8.2003 (final)
Kernel release
3.10.0-1127.19.1.el7.x86_64
I don’t know how cups-lpd needs to be configured with the ports, but for port 515 you can try creating a local firewall rule for the printer service (take care when opening ports to RED interface):
You may need to remove the service you created earlier:
config show printer
config delete printer
But if cups-lpd service needs to be associated with a port, you can recreate the service with the proper service name (I guess either printer or cups-lpd) and enable/activate the service (if it is a systemd service, if it uses xinetd or init the service might not show up on the server-manager).
You need to discover why cups is not listening on port 515. This has nothing to do with the firewall or nethserver. I’m no expert, a quick search found this, but it may be not relevant for your system.
Can you share the steps that worked?
By “this version” do you refer to NethServer release 7.8.2003 (final) or to something else like a specific package/kernel version?
Some security notes from cups-lpd manual
cups-lpd currently does not perform any access control based on the settings in cupsd.conf(5) or in the hosts.allow(5) or hosts.deny(5) files used by TCP wrappers. Therefore, running cups-lpd on your server will allow any computer on your network (and perhaps the entire Internet) to print to your server.
You should use configure the firewall to limit TCP port 515 access to only those computers that should be able to print through your server.
Some configuration notes from cups-lpd manual
cups-lpd is not enabled by the standard CUPS distribution. Please consult with your operating system vendor to determine whether it is enabled on your system.
CUPS includes configuration files for systemd(8). Simply enable the cups-lpd socket using the corresponding control program. systemctl enable cups-lpd.socket systemctl start cups-lpd.socket
I did some tests just to help figure out the problem, but have no printer to test if it works:
# yum install cups-lpd
# systemctl list-unit-files cups-lpd\*
UNIT FILE STATE
cups-lpd@.service static
cups-lpd.socket disabled
# systemctl enable cups-lpd.socket
Created symlink from /etc/systemd/system/sockets.target.wants/cups-lpd.socket to /usr/lib/systemd/system/cups-lpd.socket.
# systemctl start cups-lpd.socket
# systemctl is-active cups-lpd.socket # or `systemctl status cups-lpd.socket`
active
Port status
# fuser -vn tcp 515
USER PID ACCESS COMMAND
515/tcp: root 1 F.... systemd
# netstat -putan |grep 515
tcp6 0 0 :::515 :::* LISTEN 1/systemd
# nmap -p 515 localhost
Starting Nmap 6.40 ( http://nmap.org ) at 2020-11-13 22:11 UTC
Nmap scan report for localhost (127.0.0.1)
Host is up (0.000057s latency).
PORT STATE SERVICE
515/tcp open printer
~$ nmap -p 515 192.168.0.11 # external scan to RED interface
Starting Nmap 7.80 ( https://nmap.org ) at 2020-11-13 22:11 CET
Nmap scan report for server.domain.tld (192.168.0.11)
Host is up (0.00037s latency).
PORT STATE SERVICE
515/tcp filtered printer
~$ nmap -p 515 10.0.0.1 # from LAN to GREEN interface
Starting Nmap 7.60 ( https://nmap.org ) at 2020-11-13 22:12 CET
Nmap scan report for homepage.home.intern (10.0.0.1)
Host is up (0.00043s latency).
PORT STATE SERVICE
515/tcp closed printer
Creating a custom service by your example:
config set printer service status enabled TCPPort 515 access red,green
signal-event firewall-adjust
On the server-manager the service is shown, but from what I recall the running status is not represented correctly due to custom service not matching the corresponding systemd service name.
Port status
~$ nmap -p 515 10.0.0.1 # from LAN to GREEN interface
Starting Nmap 7.60 ( https://nmap.org ) at 2020-11-13 22:15 CET
Nmap scan report for homepage.home.intern (10.0.0.1)
Host is up (0.00050s latency).
PORT STATE SERVICE
515/tcp open printer
~$ nmap -p 515 192.168.0.11 # external scan to RED interface
Starting Nmap 7.80 ( https://nmap.org ) at 2020-11-13 22:15 CET
Nmap scan report for server.domain.tld (192.168.0.11)
Host is up (0.00028s latency).
PORT STATE SERVICE
515/tcp open printer
# netstat -tunap |grep 515
tcp6 0 0 :::515 :::* LISTEN 1/systemd