Koozali.org: home of the SME Server
Obsolete Releases => SME Server 9.x => Topic started by: DanB35 on June 25, 2015, 05:36:29 PM
-
I've played around with using a Raspberry Pi to act as an Airprint server (Google Cloud Print as well) for my LAN, and it's worked reasonably well, but it's slow. SME is supposed to act as a print server (though I've never used it in that application), and all the relevant software runs under Linux. Has anyone worked on getting Airprint to work on SME 9? The only thing I find on the forums dates back to SME 7 (http://forums.contribs.org/index.php?topic=47255.0), and I question how relevant it is any more. If not, I can take a crack at it.
-
I'd start searching the web for "airprint centos6", find how it works/is done and try to apply to SME
-
Yep, that's what I'm working on. Just wanted to see if someone had already done it on SME first. Doesn't look like it should be too tough though.
Isn't CUPS installed by default? I'd thought it was, and that it was used for the print server functions, but 'rpm -qa | grep cups' only shows cups-libs installed, not cups.
-
no, cups is not a default package
search the wiki
-
Surprise, surprise, it isn't quite as simple as I'd thought. Installing cups is easy enough--just "yum install cups"; don't even need to enable any other repos. A few edits to the config file and it's up and running, and I can configure my printer and print a test page. Need to manually create the symlinks to start and stop the service, but that's easy enough.
Then it comes to trying to set up Airprint. On the Raspberry Pi (using a Debian-based OS), "apt-get install avahi-discover" was all that was necessary, no further configuration was needed. CentOS doesn't seem to have an avahi-discover package. According to http://rpm.pbone.net/index.php3/stat/3/limit/3/srodzaj/1/dl/40/search/avahi-discover/field[]/1/field[]/2, avahi-discover can be found in avahi-ui-tools. Installing that brings in a number of dependencies, which install without error, but with the services all started, neither my iPad nor my iPhone find an Airprint printer.
Next option, then, is to use a script to generate the Avahi service file for the printer; a script can be found at https://github.com/tjfontaine/airprint-generate. That creates the file I'm supposed to need, but the devices still don't see the printer.
Stopped here for the moment, but I'll work on it further as I have time.
-
You'll probably need to open some ports in the firewall to make the avahi stuff accessible from the network:
http://wiki.contribs.org/Firewall#Additional_information_on_customizing_iptables
A quick search for avahi firewall ports produced this:
https://wiki.archlinux.org/index.php/Avahi
So maybe this will get your airprint working:
config set avahi service UDPPort 5353 status enabled access public
signal-event remoteaccess-update
If this works, you probably want to add an appropriate value for 'AllowHosts' to restrict access to your local network.
-
Thanks for the pointer--I'd forgotten about the firewall configuration. However, I'm still not able to get it to work. The avahi daemon is listening on 5353, but when I scan that port with my phone, it isn't open. The VM I'm using to test is running in server-only mode; not sure if that's relevant. Here's the netstat and iptables output:
[root@sme-test ~]# netstat -nap | grep avahi
udp 0 0 0.0.0.0:52791 0.0.0.0:* 2472/avahi-daemon
udp 0 0 0.0.0.0:5353 0.0.0.0:* 2472/avahi-daemon
unix 2 [ ACC ] STREAM LISTENING 17610 2472/avahi-daemon /var/run/avahi-daemon/socket
unix 3 [ ] STREAM CONNECTED 17612 2472/avahi-daemon
unix 3 [ ] STREAM CONNECTED 17607 2473/avahi-daemon
unix 3 [ ] STREAM CONNECTED 17606 2472/avahi-daemon
unix 2 [ ] DGRAM 17604 2472/avahi-daemon
[root@sme-test ~]# config set avahi service UDPPort 5353 status enabled access public
[root@sme-test ~]# signal-event remoteaccess-update
[root@sme-test ~]# iptables -L
Chain INPUT (policy DROP)
target prot opt source destination
state_chk all -- anywhere anywhere
local_chk all -- anywhere anywhere
PPPconn all -- anywhere anywhere
denylog all -- base-address.mcast.net/4 anywhere
denylog all -- anywhere base-address.mcast.net/4
InboundICMP icmp -- anywhere anywhere
denylog icmp -- anywhere anywhere
InboundTCP tcp -- anywhere anywhere tcp flags:FIN,SYN,RST,ACK/SYN
denylog tcp -- anywhere anywhere tcp flags:FIN,SYN,RST,ACK/SYN
InboundUDP udp -- anywhere anywhere
denylog udp -- anywhere anywhere
gre-in gre -- anywhere anywhere
denylog gre -- anywhere anywhere
denylog all -- anywhere anywhere
Chain FORWARD (policy DROP)
target prot opt source destination
state_chk all -- anywhere anywhere
SMTPProxy tcp -- anywhere anywhere tcp dpt:smtp
local_chk all -- anywhere anywhere
ForwardedTCP tcp -- anywhere anywhere tcp flags:FIN,SYN,RST,ACK/SYN
ForwardedUDP udp -- anywhere anywhere
denylog all -- anywhere anywhere
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
PPPconn all -- anywhere anywhere
denylog all -- base-address.mcast.net/4 anywhere
denylog all -- anywhere base-address.mcast.net/4
ACCEPT all -- anywhere anywhere
Chain ForwardedTCP (1 references)
target prot opt source destination
ForwardedTCP_2505 all -- anywhere anywhere
denylog tcp -- anywhere anywhere tcp flags:FIN,SYN,RST,ACK/SYN
Chain ForwardedTCP_2505 (1 references)
target prot opt source destination
Chain ForwardedUDP (1 references)
target prot opt source destination
ForwardedUDP_2505 all -- anywhere anywhere
denylog udp -- anywhere anywhere
Chain ForwardedUDP_2505 (1 references)
target prot opt source destination
Chain InboundICMP (1 references)
target prot opt source destination
InboundICMP_2505 all -- anywhere anywhere
denylog icmp -- anywhere anywhere
Chain InboundICMP_2505 (1 references)
target prot opt source destination
ACCEPT icmp -- anywhere anywhere icmp echo-request
ACCEPT icmp -- anywhere anywhere icmp echo-reply
ACCEPT icmp -- anywhere anywhere icmp destination-unreachable
ACCEPT icmp -- anywhere anywhere icmp source-quench
ACCEPT icmp -- anywhere anywhere icmp time-exceeded
ACCEPT icmp -- anywhere anywhere icmp parameter-problem
denylog all -- anywhere anywhere
Chain InboundTCP (1 references)
target prot opt source destination
InboundTCP_2505 all -- anywhere anywhere
denylog tcp -- anywhere anywhere tcp flags:FIN,SYN,RST,ACK/SYN
Chain InboundTCP_2505 (1 references)
target prot opt source destination
denylog all -- anywhere !sme-test.familybrown.org
REJECT tcp -- anywhere sme-test.familybrown.org tcp dpt:auth reject-with tcp-reset
SSH_Autoblock tcp -- anywhere anywhere tcp dpt:ssh state NEW
ACCEPT tcp -- anywhere sme-test.familybrown.org tcp dpt:http
ACCEPT tcp -- anywhere sme-test.familybrown.org tcp dpt:https
ACCEPT tcp -- anywhere sme-test.familybrown.org tcp dpt:smtp
ACCEPT tcp -- anywhere sme-test.familybrown.org tcp dpt:ssh
ACCEPT tcp -- anywhere sme-test.familybrown.org tcp dpt:smtps
Chain InboundUDP (1 references)
target prot opt source destination
InboundUDP_2505 all -- anywhere anywhere
denylog udp -- anywhere anywhere
Chain InboundUDP_2505 (1 references)
target prot opt source destination
denylog all -- anywhere !sme-test.familybrown.org
ACCEPT udp -- anywhere sme-test.familybrown.org udp dpt:5353
Chain PPPconn (2 references)
target prot opt source destination
PPPconn_1 all -- anywhere anywhere
Chain PPPconn_1 (1 references)
target prot opt source destination
Chain SMTPProxy (1 references)
target prot opt source destination
denylog tcp -- anywhere anywhere tcp dpt:smtp
Chain SSH_Autoblock (1 references)
target prot opt source destination
all -- anywhere anywhere recent: SET name: SSH side: source
denylog all -- anywhere anywhere recent: CHECK seconds: 900 hit_count: 4 TTL-Match name: SSH side: source
Chain denylog (22 references)
target prot opt source destination
DROP udp -- anywhere anywhere udp dpt:router
DROP udp -- anywhere anywhere udp dpts:netbios-ns:netbios-ssn
DROP tcp -- anywhere anywhere tcp dpts:netbios-ns:netbios-ssn
ULOG all -- anywhere anywhere ULOG copy_range 0 nlgroup 1 prefix `denylog:' queue_threshold 1
DROP all -- anywhere anywhere
Chain gre-in (1 references)
target prot opt source destination
denylog all -- anywhere !sme-test.familybrown.org
denylog all -- anywhere anywhere
Chain local_chk (2 references)
target prot opt source destination
local_chk_2505 all -- anywhere anywhere
Chain local_chk_2505 (1 references)
target prot opt source destination
ACCEPT all -- anywhere anywhere
ACCEPT all -- 192.168.1.0/24 anywhere
Chain state_chk (2 references)
target prot opt source destination
ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED
-
You'll need to open firewall ports for CUPs, too.
-
Makes sense, but CUPS is responding without a problem--I can browse to http://serverip:631 and it comes up without any firewall changes, and the port scan from my phone shows that port as open. Not so for 5353, though.
-
/var/log/iptables/current has some entries for port 5353, but they look to me like they're attempted outbound traffic to port 5353 on a remote host:
@40000000558d6462259909c4 Jun 26 10:40:24 sme-test denylog: IN= OUT=eth0 MAC= SRC=192.168.1.25 DST=224.0.0.251 LEN=118 TOS=00 PREC=0x00 TTL=255 ID=0 DF PROTO=UDP SPT=5353 DPT=5353 LEN=98
@40000000558d64622d35e01c Jun 26 10:40:24 sme-test denylog: IN= OUT=eth0 MAC= SRC=192.168.1.25 DST=224.0.0.22 LEN=40 TOS=00 PREC=0xC0 TTL=1 ID=0 DF PROTO=2
@40000000558d6463256883e4 Jun 26 10:40:25 sme-test denylog: IN= OUT=eth0 MAC= SRC=192.168.1.25 DST=224.0.0.251 LEN=276 TOS=00 PREC=0x00 TTL=255 ID=0 DF PROTO=UDP SPT=5353 DPT=5353 LEN=256
@40000000558d6464342338ac Jun 26 10:40:26 sme-test denylog: IN= OUT=eth0 MAC= SRC=192.168.1.25 DST=224.0.0.251 LEN=134 TOS=00 PREC=0x00 TTL=255 ID=0 DF PROTO=UDP SPT=5353 DPT=5353 LEN=114
@40000000558d646533e73d34 Jun 26 10:40:27 sme-test denylog: IN= OUT=eth0 MAC= SRC=192.168.1.25 DST=224.0.0.251 LEN=276 TOS=00 PREC=0x00 TTL=255 ID=0 DF PROTO=UDP SPT=5353 DPT=5353 LEN=256
-
I must be doing something wrong with the firewall setup. Even when I also try to open TCP port 5353:
[root@sme-test ~]# config show avahi
avahi=service
TCPPort=5353
UDPPort=5353
access=public
status=enabled...and post-upgrade and reboot, it doesn't seem to open. Nmap from another machine shows:
[root@e-smith ~]# nmap -p 5353 192.168.1.25
Starting Nmap 6.25 ( http://nmap.org ) at 2015-06-26 11:13 EDT
Nmap scan report for pc-00025.familybrown.org (192.168.1.25)
Host is up (0.095s latency).
PORT STATE SERVICE
5353/tcp closed mdns
MAC Address: 60:33:4B:1F:47:1E (Apple)
Nmap done: 1 IP address (1 host up) scanned in 0.22 seconds
Edit: Well, I may have jumped the gun on that conclusion:
[root@e-smith ~]# nmap -sU 192.168.1.25
Starting Nmap 6.25 ( http://nmap.org ) at 2015-06-26 11:17 EDT
Nmap scan report for pc-00025.familybrown.org (192.168.1.25)
Host is up (0.039s latency).
Not shown: 992 closed ports
PORT STATE SERVICE
53/udp open|filtered domain
123/udp open ntp
137/udp open netbios-ns
138/udp open|filtered netbios-dgm
631/udp open|filtered ipp
1812/udp open|filtered radius
1813/udp open|filtered radacct
5353/udp open zeroconf
MAC Address: 60:33:4B:1F:47:1E (Apple)
Nmap done: 1 IP address (1 host up) scanned in 1082.60 secondsSo, 5353/udp is open. Still not sure why 5353/tcp isn't, with the TCPPort setting above, but it's progress.
-
It's amazing what you can find on Google... The excerpt from my iptables logs above appears to show traffic from my server's IP to 224.0.0.251, which I believed to be a remote host. Turns out I was mistaken; that's the multicast address reserved for the mDNS service. It's also looking like that traffic was blocked, which could well be causing the failure of my devices to see the printer.
-
I'm sorry I can't help you (no Apple devices here)
It's amazing what you can find on Google...
google knows almost everything.. you just need the right keywords and (sometimes) a good patience ;-)