HPLIP

Is there full docu regarding HPLIP and firewall available?

Asked by Johannes Meixner on 2011-04-20

I cannot find a complete documentation
regarding HPLIP and firewall.

What I found up to now is:

Regarding "network attached printer"
http://hplipopensource.com/node/216
which reads
-----------------------------------------------------------------
Make sure that
port 161 (udp and tcp),
port 162 (udp and tcp) and
port 9100 (udp and tcp) are open
through your firewall.
-----------------------------------------------------------------
and
regarding "Multicast DNS and Server Location"
in the HPIL sources init-iptables-firewall
which reads
-----------------------------------------------------------------
iptables -I INPUT 4 -p udp --sport 427 -j ACCEPT
...
iptables -I INPUT 4 -p udp --sport 5353 -j ACCEPT
-----------------------------------------------------------------

Is the above list of ports really complete
or are in whatever special cases perhaps
additional ports needed by HPLIP?

I think that
http://hplipopensource.com/node/216
is not exact - perhaps it is even wrong.

I wonder if the SNMP port 161
and the SNMPTRAP port 162
really need TCP?
As far as I know SNMP uses only UDP?

Furthermore
http://hplipopensource.com/node/216
does not describe if the ports 161, 162, and 9100
need to be open in the firewall as source-port
or as destination-port or parhaps even for both
directions?

Regarding SNMP:

As far as I know a SNMP manager can send requests
from any source-port to port 161 at the SNMP agent
in the device and the agent sends the response back
to the source-port on the manager.
If HPLIP does not use source-port 161 for SNMP queries
then a SNMP agent in a HP device would send its response
back to any port so that all UDP destination-ports would
have to be open in the firewall.

A SNMP agent can send SNMP Trap and SNMP InformRequest
notifications from any source port to port 162 on
the SNMP manager so that for SNMP notifications
only the UDP destination-port 162 would have to be open
in the firewall.

Regarding PDL Data Stream via port 9100:

I wonder if port 9100 is really used for both TCP and UDP
and if port 9100 is really used both as source-port and
as destination-port on the machine where HPLIP and
the firewall runs?

As far as I know port 9100 is only used as destination-port
on the device for a TCP channel where any source-port
on the machine where HPLIP and the firewall runs
can be used so that no destination-port 9100 would
have to be open in the firewall.

I would appreciate a full explanatory documentation
which source-ports and destination-ports on the
machine where HPLIP and the firewall runs
and source-ports and destination-ports on HP devices
and which network protocols (TCP, UDP, ICMP, ...)
are actually used by the whole HPLIP software.

Question information

Language:: English Edit question

Status:: Answered

For:: HPLIP Edit question

Assignee:: No assignee Edit question

Last query:: 2011-08-03

Last reply:: 2011-08-03

Link existing bug