Posted by: reformedmusings | May 8, 2010

Sharing printers with Ubuntu Lucid 10.04 LTS and a firewall

When I upgraded to Ubuntu Lucid 10.04 LTS as described in this earlier post, I also had to ensure that the wireless laptop could print on our printers which directly attach to the desktop. I ran into problems because I forgot that I had the firewall active on the desktop machine. I thought that I’d pass along the lessons learned.

Printer sharing is simple in Ubuntu. That’s because the Linux CUPS (Common Unix Print System) server installed on every machine has networking ability built into it. It’s ridiculously easy to set up. On the computer to which the printer(s) are directly connected, just go to System -> Administration -> Printing. Right click on the printers that you wish to share:

It should already be Enabled, so click on Shared as in the screenshot and ensure that the check mark appears in front of Shared. That will make it available for the network. Next, go to Server -> Settings in the Printing window menu:

In this dialog, ensure that the second box, “Publish shared printers connected to this system” in the dialog is checked. If you will print on other printers not connected to this computer, then also check the top box so that you can see those printers. Next click OK, then Server -> Quit to close the Printing window. That’s it on the computer to which the printer(s) is(are) connected.

Now go to the other computers that will print to these printers, go to System -> Administration -> Printing. Use the procedure immediately above to get to Server -> Settings and click the the top box as illustrated above, then OK, Server -> Quit.

If you don’t have a software firewall running, you are done! It’s that simple. If the printers don’t show up on the networked computer, there’s one more thing go try. Open a terminal, and in Lucid or Karmic type:

sudo service cups restart

In older version of Ubuntu, type:

sudo /etc/init.d/cupsys restart

Let’s distinguish between firewalls for a second. Most folks with broadband have a hardware firewall. It’s built into your router or cable modem. That protects your entire home network against the outside world to the extent that you’ve intelligently configured it. It does not normally interfere with traffic on your home network, although some routers do have that ability.

A software firewall runs on your computer. It restricts access to that single machine on which it runs. Some say that you don’t need a software firewall on your computer if you have a hardware firewall. I respectfully dissent from that view. Hardware firewalls can be compromised. When they are, it is usually en mass by manufacturer, model, and internal operating system so you’ll never know until you read about it on a tech site. Multiple layers of protection seem prudent in these dangerous times.

What do firewalls do? Amongst other things, they control access to the ports on your system. Ports are used by services and protocols to communicate between machines. If you stealth all your external ports, as you should, then anyone probing your system will not find anything – you’ll essentially be invisible. A great test for this is ShieldsUp! by Gibson Research. On your internal network, though, you’ll probably want your computers to talk to each other. To do so, you’ll have to open up the correct ports ONLY on their software firewalls to allow that. The hardware firewall should remain stealthed!

CUPS communicates on port 631. The Printers tool provides a GUI for you to set your printers. You can also access the CUPS server directly in your browser by typing http://localhost:631 into the address bar. In any event, you must open port 631 on all computers that will share printers.

The built-in firewall in Linux is iptables. If you are a glutton for punishment, it can be configured manually by editing the /etc/network/interfaces configuration file. Ubuntu provides ufw (uncomplicated firewall) to help with that in a terminal, and there’s also a GUI version for Gnome called gufw which claims to be intuitive. Somebody has a different definition of “intuitive” than I do.

A good firewall program for Gnome that is pretty intuitive is Firestarter. I considered writing another post on Firestarter, but ubuntugeek has an excellent tutorial. For KDE, I used Guarddog which is equally as good. They may be installed directly from the Ubuntu repositories.

To enable access to port 631 in Firestarter, open the application:

Click on the Policy tab:

I already have the necessary line added in the screenshot. In addition to the highlighted CUPS server access, you can also see the policies for Samba file sharing and Activesync connections. In order to add the rule for CUPS, click on Add at the top and make the resultant dialog look like this except for the name:

The name will add itself after you click Add. That’s it. Click on Firewall -> Quit to exit the GUI. The firewall will still be running if you left it active in the GUI because it runs in the background as a service. Do this on all of the computers on which you have activated a software firewall and wish to share printers.

I’ll note that Samba will share printers as well as files, but I only use it for files. I like the fast and easy CUPS servers for print sharing. It works great with a minimum of hassle.

Advertisements

Responses

  1. […] Thunderbird 3 picked up the TBird 2 profile and imported all the mail flawlessly. I reenabled print sharing, and the printers came right up. We are largely mission capable, with only the Samba profile to […]

  2. […] Firestarter, which truly makes it easy to setup the ufw. I talked a little about Firestarter in this post on printer sharing. I’ve learned a lot more about its options when working with network file […]

  3. […] CPMPSU-650TX 650 watt power supply I run my PC 24/7. I use Ubuntu Lucid 10.04 to serve up the household printers and network the Dell Ubuntu laptop for backup purposes, so turning off my PC isolates the laptop. […]


Categories

%d bloggers like this: