Printer, printer setup, multifunction printer, HP laserjet

I use different printer:
DELL 3100CN via LAN - no problem at all. Dell is very easy get work

HP LaserJet 700 MFP 775dn: multifuction document center run via LAN. This has been a nightmare over weeks.
I had tried different driver. SUSE support tried to help, HP support tried to help…
I found out, the printer work fine with USB. So driver must be ok.

The trick (this is valid for many HP printer and other modern printer with communication)

is here:

[HTML]http://hplipopensource.com/node/375[/HTML]

OpenSUSE

Avahi
Go to Yast Control Center and click on Firewall.
Select Allowed Services on left hand side pane.
Click on Service to Allow drop down which will show list of services we can enable using this firewall utility.
To allow avahi to discover the devices through hp-setup utility select Zeroconf/Bonjour Multicast DNS and select Add from drop down.and click on Next at the bottom right corner.
The OpenSuse Firewall Utility will display Firewall Conguration Summary. Click on Finish to compelete the process.

mDNS/Bonjour
Go to Yast Control Center and click on Firewall
Select Custom Rules on left pane, select Zone as External and then select Add at the bottom. A pop up will appear . Provide the values of the parameter as : Source Network 0/0, Protocol UDP, Ports 5353
Click on Add at the bottom right.
The OpenSuSe rewall utility will display Firewall Conguration Summary Click on Finish to complete the process.

SLP
Go to Yast Control Center and click on Firewall.
Select Custom Rules on left pane, select Zone as External and then select Add at the bottom. A pop up will appear . Provide the values of the parameter as : Source Network 0/0, Protocol UDP, Ports 427
Click on Add at the bottom right.
The OpenSuSe rewall utility will display Firewall Conguration Summary Click on Finish to complete the process.

Open these ports in internal zone, the printer works.

hcp dk wrote:
[color=blue]

The trick (this is valid for many HP printer and other modern printer
with communication)

IS HERE:

http://hplipopensource.com/node/375
[/color]

Different protocols use different ports. If your firewalls
(workstations and/or servers) block these ports, communication fails
and things don’t work.

This is a good reminder for those who may have forgotten to check…

–
Kevin Boyle - Knowledge Partner
If you find this post helpful and are logged into the web interface,
please show your appreciation and click on the star below this post.
Thank you.

Yes, but I’m user only. SUSE Service and HP Service have not be able to find the solution. However: I still have a problem:

a) printer: DELL - no issues at all
b) HP LaserJet 700 MFP 755 from Windows: No problem wherever in network. (5min setup, ready). Access via LAN solved as I wrote here (from SLES + WE) At least it seems to work.

Problem: Setup on SLED Laptop same as on SLES.
Connection via WLAN ASUS RT-AC66U as Accesspoint. But I can see, the HPLIP has problems get communication in place. Some data are not available, print not possible.

How to solve it?

[QUOTE=hcp_dk;36632]Yes, but I’m user only. SUSE Service and HP Service have not be able to find the solution. However: I still have a problem:

a) printer: DELL - no issues at all
b) HP LaserJet 700 MFP 755 from Windows: No problem wherever in network. (5min setup, ready). Access via LAN solved as I wrote here (from SLES + WE) At least it seems to work.

Problem: Setup on SLED Laptop same as on SLES.
Connection via WLAN ASUS RT-AC66U as Accesspoint. But I can see, the HPLIP has problems get communication in place. Some data are not available, print not possible.

How to solve it?[/QUOTE]
Hi
Is the cups service enabled and running on SLED?

systemctl status cups
systemctl start cups
systemctl status cups

hp-setup -i <ip_address_of_printer>

Hi, yes, is running. The problem are open ports. Dell printer works fine.
HP demand more open ports. HPLIP should either open the ports, maybe ask before, or at least make clear ports are not open.
I checked router, But router is open.
I think I found out. But I need to test tomorrow.

[QUOTE=hcp_dk;36646]Hi, yes, is running. The problem are open ports. Dell printer works fine.
HP demand more open ports. HPLIP should either open the ports, maybe ask before, or at least make clear ports are not open.
I checked router, But router is open.
I think I found out. But I need to test tomorrow.[/QUOTE]
Hi
Maybe Zeroconfig/Bonjour in YaST Firewall/Users and under allowed services, but by default I’ve never had to open a port from a desktop to access a HP printer, just add via hostname/ip address which I usually add to my hosts file.

Yes, my Dell do need neither. But all new HP printer, typical document center, LaserJet Series need these ports and are quite difficult to get handled. Only via HPLIP and manual adaption.

hcp dk wrote:
[color=blue]

Yes, my Dell do need neither. But all new HP printer, typical document
center, LaserJet Series need these ports and are quite difficult to
get handled. Only via HPLIP and manual adaption.[/color]

I have again read this thread. Please confirm:

• Your Dell and HP printers are network connected.
• You can print from your workstation to your Dell printer.
• You can’t print from your workstation to your HP printer.
• You can print to your HP printer when it is connected via USB.
• You think the issue is caused required ports being blocked.

Some more details would be helpful.

• Is your workstation and printer(s) on the same subnet?
• Do you have any port conflicts, perhaps between the two printers?
• Are there other firewalls or routers between your workstation and
  your printers?

Have you tried to shutdown your workstation firewall just to eliminate
that as the cause of the problem?

Is your printer configured correctly?

• Valid IP address, Subnet mask, default gateway?
• Are you using a static IP address or DHCP?
• If you are using DHCP, where is the DHCP server?
• Can you ping your printer?

Please report back what you learn.

–
Kevin Boyle - Knowledge Partner
If you find this post helpful and are logged into the web interface,
please show your appreciation and click on the star below this post.
Thank you.

Hi, thanks for your effort. I have worked with it more - and HP and SUSE would like to know what the problem is

let’s count together:
All Printer are network connected.
They are all in same subnet, even connected via a Zyxtel switch. It’s an AD Windows Domaine.
The firewall is outside - a Trusgate. Even the WLAN is accesspoint only.
I setup the open ports acc. to HP. I think I wrote abut this note?
Static IP for printer and server, rest DHCP via Trustgate, AD Server.
I can ping the printer, see, the printer…

I can print

• via USB
• via Windows in a KVM virtual box !!
• on Dell printer
• sometimes - randomly it happens

I can’t print on HP LaserJet

• from SLED
• from SLES
• from Leap 42.1 (tried yesterday)
  The analysis show the print file is not send complete - only a part of it. That I can show (SUSE service supported here)

I just did as suggested an disabled firewall:
SLES: no change, don’t print
SLED: printing fine. even after reboot

Then I tired enable the firewall again:

AS you can see, there is another firewall in the system I have no idea about.
How can I find out what that is?

Hi
So what system is the ‘other’ firewall running on, SLES or SLED?

Hard to say, you would need to ask the person who setup the system, looks at ps -ef output or list the systemd services.

Lets look at the results:

Summery:
[LIST]
[]When the firewall is enabled, it doesn’t print.
[]When the firewall is disabled, it does print.
[/LIST]
This tells me it’s a SLED firewall issue. The firewall is blocking traffic on required ports.
[LIST]
[]Check the firewall configuration.
[]Verify that all required ports are configured correctly.
[/LIST]
I would work on this first as it appears to be the easiest to resolve and what you learn here will help in resolving your SLES issues.

Remember to restart the firewall service after making changes.

I assume the message about “Another Firewall Active” is from SLES?

I suspect the “other” firewall, whatever it may be, is still blocking the ports needed for printing.

FYI, here’s a brief description how your firewall configuration is implemented.

[LIST]
[]When you use YaST Firewall, it saves the configuration in /etc/sysconfig/SEfirewall2.
[]If you prefer and if you know what you are doing, you can use a text editor to change /etc/sysconfig/SEfirewall2 yourself.
[]When you start the firewall (rcSuSEfirewall2 start) the configuration is read from /etc/sysconfig/SEfirewall2 and used to create a set of “iptables” rules.
These rules are what really control access to your system.
[]When you stop the firewall (rcSuSEfirewall2 stop) the rules are removed from “iptables”
[/LIST]

When there is no firewall active, this is what you should see:

[CODE]server:~ # iptables -L
Chain INPUT (policy ACCEPT)
target prot opt source destination

Chain FORWARD (policy ACCEPT)
target prot opt source destination

Chain OUTPUT (policy ACCEPT)
target prot opt source destination
server:~ # [/CODE]

Please run these commands on your SLES system so we can see what might still be blocked after your firewall is shut down.

server:~ # rcSuSEfirewall2 stop server:~ # iptables -L

Please reply and paste the output from the commands between code tags. Use the “[SIZE=3]#[/SIZE]” at the top of the posting box.

…Awaiting your reply.

Hi
thanks for reply and info. I had been very busy the last days and not time to do much more than work.
OK. I did this on the SLES + WE system.

[CODE][CODE]#
linuxSLES:/etc/sysconfig # iptables -L
Chain INPUT (policy DROP)
target prot opt source destination
ACCEPT all – anywhere anywhere
ACCEPT all – anywhere anywhere ctstate ESTABLISHED
ACCEPT icmp – anywhere anywhere ctstate RELATED
input_int all – anywhere anywhere
input_ext all – anywhere anywhere
LOG all – anywhere anywhere limit: avg 3/min burst 5 LOG level warning tcp-options ip-options prefix "SFW2-IN-ILL-TARGET "
DROP all – anywhere anywhere

Chain FORWARD (policy DROP)
target prot opt source destination
LOG all – anywhere anywhere limit: avg 3/min burst 5 LOG level warning tcp-options ip-options prefix "SFW2-FWD-ILL-ROUTING "

Chain OUTPUT (policy ACCEPT)
target prot opt source destination
ACCEPT all – anywhere anywhere

Chain forward_ext (0 references)
target prot opt source destination

Chain forward_int (0 references)
target prot opt source destination

Chain input_ext (1 references)
target prot opt source destination
ACCEPT udp – anywhere anywhere PKTTYPE = broadcast udp dpt:mdns
ACCEPT udp – anywhere anywhere PKTTYPE = broadcast udp dpt:bootps
DROP all – anywhere anywhere PKTTYPE = broadcast
ACCEPT icmp – anywhere anywhere icmp source-quench
ACCEPT icmp – anywhere anywhere icmp echo-request
ACCEPT udp – anywhere anywhere udp dpt:mdns
ACCEPT udp – anywhere anywhere udp dpt:mdns
ACCEPT udp – anywhere anywhere udp dpt:bootps
LOG udp – anywhere anywhere udp spt:svrloc dpt:svrloc ctstate NEW limit: avg 3/min burst 5 LOG level warning tcp-options ip-options prefix "SFW2-INext-ACC "
ACCEPT udp – anywhere anywhere udp spt:svrloc dpt:svrloc
LOG udp – anywhere anywhere udp spt:mdns dpt:mdns ctstate NEW limit: avg 3/min burst 5 LOG level warning tcp-options ip-options prefix "SFW2-INext-ACC "
ACCEPT udp – anywhere anywhere udp spt:mdns dpt:mdns
DROP all – anywhere anywhere PKTTYPE = multicast
DROP all – anywhere anywhere PKTTYPE = broadcast
LOG tcp – anywhere anywhere limit: avg 3/min burst 5 tcp flags:FIN,SYN,RST,ACK/SYN LOG level warning tcp-options ip-options prefix "SFW2-INext-DROP-DEFLT "
LOG icmp – anywhere anywhere limit: avg 3/min burst 5 LOG level warning tcp-options ip-options prefix "SFW2-INext-DROP-DEFLT "
LOG udp – anywhere anywhere limit: avg 3/min burst 5 ctstate NEW LOG level warning tcp-options ip-options prefix "SFW2-INext-DROP-DEFLT "
DROP all – anywhere anywhere

Chain input_int (1 references)
target prot opt source destination
ACCEPT all – anywhere anywhere

Chain reject_func (0 references)
target prot opt source destination
REJECT tcp – anywhere anywhere reject-with tcp-reset
REJECT udp – anywhere anywhere reject-with icmp-port-unreachable
REJECT all – anywhere anywhere reject-with icmp-proto-unreachable
linuxSLES:/etc/sysconfig # rcSuSEfirewall2 stop
linuxSLES:/etc/sysconfig # iptables -L
Chain INPUT (policy ACCEPT)
target prot opt source destination

Chain FORWARD (policy ACCEPT)
target prot opt source destination

Chain OUTPUT (policy ACCEPT)
target prot opt source destination
linuxSLES:/etc/sysconfig # [/CODE]

I made som analysis of ports with nmap both for TCP and UDP. I can’t see any open port 9100 for the SLES. But printer has open ports.

I can send the results - but per mail since these are many print screens.

What you mean by “+ WE”?

Here’s what I see:

Chain INPUT (policy DROP) Chain FORWARD (policy DROP)
When the firewall is enabled, these directives cause all packets to be DROPped unless there are exceptions configured and I don’t see any configured exceptions so I’m not surprised that the ports you need for printing are blocked.

[CODE]linuxSLES:/etc/sysconfig # rcSuSEfirewall2 stop
linuxSLES:/etc/sysconfig # iptables -L
Chain INPUT (policy ACCEPT)
target prot opt source destination

Chain FORWARD (policy ACCEPT)
target prot opt source destination

Chain OUTPUT (policy ACCEPT)
target prot opt source destination
linuxSLES:/etc/sysconfig #[/CODE]

This shows that when you stopped your firewall, all packets are ACCEPTed so there should be no ports that are blocked.

Based on the information you provided:
[LIST]
[]Printing should work when the firewall is disabled.
[]Printing should not work when the firewall is enabled.
[*]
[/LIST]
But… you say you still can’t print when the firewall is disabled so we have to keep looking.

In your post on 2017-02-25 you say:

[QUOTE]AS you can see, there is another firewall in the system I have no idea about.
How can I find out what that is?[/QUOTE]
[LIST]
[]Is the message you posted on 2017-02-25 from SLES or SLED?
[]Did you click on “Continue” after reading the warning? I assume you did?
[/LIST]
If it is from your SLES system,
[LIST]
[]What additional non-SUSE software has been installed on the system?
[]What additional device drivers have been installed on the system?
[/LIST]

[QUOTE=hcp_dk;36740]I just did as suggested an disabled firewall:
SLES: no change, don’t print
SLED: printing fine. even after reboot[/QUOTE]

SLED:
[LIST]
[]Have you opened the required ports in you firewall?
[]Is printing from SLED now working?
[*]
[/LIST]

Is that message from SLES or SLED?

Hi
The new SLE acronym; W(orkstation) E(xtension)…

–
Cheers Malcolm °¿° SUSE Knowledge Partner (Linux Counter #276890)
openSUSE Leap 42.1|GNOME 3.16.2|4.1.36-44-default
If you find this post helpful and are logged into the web interface,
please show your appreciation and click on the star below… Thanks!

Oh yes. i can see I’m still not good enough to interpret the messages. (but get better )

See: I have SLED and SLES with Work Extension. It is basically SLED running on SLES.
The firewall has not bee modified.
As tested when firewall is disabled, it worked one day. (see some answers before)

Since SUSE not supply sufficient software, I used LEAP42.2 repository (same kernel) to get few software I need to work:
Shutter (really good program)
FreeCad (3D Cad software)
Adobe Flash
Teamviewer - need help my 80 years parents remote with their PC
Acrobat reader (only for some prints with several layers needed)
VLC player (needed for any play of multimedia)
BleachBit (HD cleaning program)
Skype
Driver for Dell Printer

I have exact the same “Drop” in firewall on SLED (means both on SLES and SLED)
So either there is software that change firewall or there is a failure already when installed the system.

I can’t print with firewall.
How can I change this “chain drop”?

I would like to change this setup. See here:
http://unix.stackexchange.com/questions/227972/how-to-set-up-a-clear-suse-firewall
…seems I’m not the only on who face this problem?

https://www.suse.com/communities/blog/basic-iptables-tutorial/
Using this tutorial i can open firewall using

linux-w2mu:~ # iptables -P INPUT DROP

Then,

[CODE]# iptables -L
Chain INPUT (policy ACCEPT)
target prot opt source destination
ACCEPT all – anywhere anywhere
ACCEPT all – anywhere anywhere ctstate ESTABLISHED
ACCEPT icmp – anywhere anywhere ctstate RELATED
input_int all – anywhere anywhere
input_ext all – anywhere anywhere
LOG all – anywhere anywhere limit: avg 3/min burst 5 LOG level warning tcp-options ip-options prefix "SFW2-IN-ILL-TARGET "
DROP all – anywhere anywhere

Chain FORWARD (policy ACCEPT)
target prot opt source destination
LOG all – anywhere anywhere limit: avg 3/min burst 5 LOG level warning tcp-options ip-options prefix "SFW2-FWD-ILL-ROUTING "

Chain OUTPUT (policy ACCEPT)
target prot opt source destination
ACCEPT all – anywhere anywhere [/CODE]

Ports are open.
But i can’t print from SLES anyway and it seems as soon as I touch yast Firewall2 GUI or restart firewall, the old setup comes up.

[QUOTE=hcp_dk;36860]See: I have SLED and SLES with Work Extension. It is basically SLED running on SLES.
The firewall has not bee modified.
As tested when firewall is disabled, it worked one day. (see some answers before)
[/QUOTE]

If you can print to your HP printer from SLES and SLED when the firewall is disabled, then this is just a firewall issue.

When your firewall is enabled, it blocks (almost) everything. This is normal.
You have to configure the firewall to permit communication
[LIST]
[]on specific ports
[]between specific sources and destinations
[*]etc.
[/LIST]

As I suggested in an earlier post:
[LIST]
[]Find out what ports need to be open to print to your HP Printer
[]Using YaST - Firewall, open the necessary ports.
[/LIST]

After you have configured your firewall, please confirm you can print to your HP printer from your SLED system with the firewall enabled.