Firewall / iptables help

PabloAbonia

Regular Contributor
Need to open ports for HP printer to work with eprint. Ports 5222 and 5223.

The following firewall-start script runs, and the changes are applied but the ports still remain blocked.

Code:
#!/bin/sh
logger -t $(basename $0) "Firewall-start script started."

iptables -A INPUT -m state --state NEW -m tcp -p tcp --dport 5222 -j ACCEPT
iptables -A INPUT -m state --state NEW -m tcp -p tcp --dport 5223 -j ACCEPT
iptables -A FORWARD -m state --state NEW -m tcp -p tcp --dport 5222 -j ACCEPT
iptables -A FORWARD -m state --state NEW -m tcp -p tcp --dport 5223 -j ACCEPT

logger -t $(basename $0) "Firewall-start script complete."

Any help would be appreciated.

Thanks,

Pablo
 

sfx2000

Part of the Furniture
Doesn't Hp ePrint do the hole punch by initiating a connection to HP's backend?
 

PabloAbonia

Regular Contributor
Doesn't Hp ePrint do the hole punch by initiating a connection to HP's backend?

It may, but it doesn't matter if the hole isn't opening.

The software for the printer won't install properly if that eprint communications fails during the installation process.

Pablo
 

ColinTaylor

Part of the Furniture
Why don't you just use the routers GUI to forward those ports rather than using a script?

BTW the script won't work because you need to DNAT the incoming traffic to the destination IP address.

UPDATE: Further reading on the HP site suggests that ports 5222 and 5223 are used for outgoing connections rather than incoming. In which case there is no need to create any firewall rules as all outgoing connections are allowed by default.
 
Last edited:

sfx2000

Part of the Furniture
That's what I was getting at - it should just work unless custom iptables config breaks it.
 

RMerlin

Asuswrt-Merlin dev
Outbound connections are unrelated to port forwarding. You don't need to forward a port if the printer is initiating an outbound connection to HP's servers. The firmware does not prevent any outbound connections.
 

PabloAbonia

Regular Contributor
The bottom line is that this printer installation software always fails with an error indicating that the internet connection is down.

HP's fix (which failed for me) recommends the use of a static ip outside of the dhcp-range used by the router, set static IP address, and static dns addresses 8.8.8.8 & 8.8.8.4, followed by printer and router reboots.

It doesn't matter if the printer is on wifi or wired. The printer simply cannot get out to its internet connection and the software fails to install as a consequence. I know the printer won't connect, as the enable eprint button on the printer's webgui fails with an Internet connectivity error.

As a consequence I'm trying to open the ports at least temporarily to get a good initial installation of the printer software on the computer.

Thoughts, thanks. JPA
 

Similar threads

Latest threads

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!
Top