localhost:631 printer problem (SOLVED)

[mark_j]

Ok, apologies I didn't see it in the top code box.

 

[Deleted member 30996]

How would I ever know that?? Is this a fairly common occurence? Is so, it defeats any attempt to avoid the mixed problem.

No, it is not a common occurrence for a port or pkg that does not come with the Base System to show up on your machine if you did not install it.

That's just not the way it works. Either you or someone with access to your machine installed that port or pkg.

That is the only way it could be installed because it does not come bundled with the Base System.

 

[dalpets]

You would know that because I told you?

What I meant was if you were not around to tell me Are these anomolies documented anywhere in FBSD, so I don't have to rely on you ie., if I really want to stick to packages not ports?

 

[mark_j]

I would focus on your problem at hand, personally.

But if you really must know, I made a mistake in that the original poster did tell you they were in packages. The only caveat I would have is that people directing you to install packages when you commonly use the port system is or can be potentially destructive. This is where my preference is to link the specified program to something like freshports, ie, security/nmap. Then you can decide port or package.

I guess, basically, any command someone asks you to enter and you get 'command not found', means one of two things:
1. The command does not exist (possibly can be found in ports/packages)
2. The command exists but you have no PATH to it.

Are they anomalies? No. You must have installed the sysutils/lsof package (or port) at one time, hence why it exists. You obviously never installed the package/port nmap, though.

 

[dalpets]

Hui. That's no command to execute - a "URL" is something you can f.e. use to feed a webbrowser with. Also note that "localhost" could mean you have to replace it by the IP address of that computer, and/or you might have to add "http://" in front of it (whoever knows what you're using as webbrowser); You've been asked to open the website of the computer cups is running on, and that in toplevel and port 631.

That is completely wrong. Please re-read my post. I explicitly said, become root, and:

[QUOTE="gpw928, post: 503841, member: 13095"]
The "nmap not found" diagnostic can't happen if the instructions provided above (become root, install the packages, execute /bin/sh, set PATH) were followed.

In any event, that's of no particular consequence, because [MAN=8]lsof[/MAN] has identified that [MAN=8]cupsd[/MAN] is running, and listening on port 631.

You must now determine why your web browser can't connect to the URL "http://localhost:631".

The impact of packet filtering must be addressed.  I would not normally expect to see packet filtering without a really good reason.   I suggest you follow the suggestions made by [USER=30996]Trihexagonal[/USER], though you may wish to consider removing the packet filtering completely as they may impact your network connections in ways that will be confounding.
[/QUOTE]

 

[dalpets]

pkg install lsof nmap

Updating FreeBSD repository catalogue...
FreeBSD repository is up to date.
All repositories are up to date.
Checking integrity... done (0 conflicting)
The most recent versions of packages are already installed
[root@Mistletoe ~]#  pkg install lsof nmap
Updating FreeBSD repository catalogue...
FreeBSD repository is up to date.
All repositories are up to

 

[dalpets]

Hui. That's no command to execute - a "URL" is something you can f.e. use to feed a webbrowser with. Also note that "localhost" could mean you have to replace it by the IP address of that computer, and/or you might have to add "http://" in front of it (whoever knows what you're using as webbrowser); You've been asked to open the website of the computer cups is running on, and that in toplevel and port 631.

All I meant, in shorthand, was that I executed the code at root

 

[dalpets]

Ok, here's a suggestion:
All output and all command you perform to diagnose this issue are to be wrapped in a program called script. This logs everything you do on the keyboard and output of the terminal screen so that you can then post this output to the forums and we can stop guessing at what you're seeing.

So, can you perform the following (as root, just in case):
Start up a terminal session (xterm, whatever).

cd ~

script output.txt

ps aux|grep cups

exit

This will change directory to your home, run script with output to output.txt and then run the ps command searching for cups in the output of ps.
Finally we exit the script program.

Then post the file output.txt to this forum.
Then we will move onto the next step in the solution.

Script started on Fri Apr 2 14:39:31 2021
root@Mistletoe:~ # ps aux |grep cups

root       1398   0.0  0.1   4812   2260  1  S+   14:40     0:00.00 grep cups


root@Mistletoe:~ # exit
Script done on Fri Apr  2 14:42:52 2021

I'm not sure how to execute the ps part of your instruction. Help please.

 

[dalpets]

If you didn't put them there, who did? Not me...

You have a spelling error in line 2:

pf_rules="/etc/pf.conf"

Here it is. Your network interface may be different. Run this to find out what it is:

jitte@bakemono:~ $ ifconfig -a
em0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500
options=81249b<RXCSUM,TXCSUM,VLAN_MTU,VLAN_HWTAGGING,VLAN_HWCSUM,LRO,WOL_MAGIC,VLAN_HWFILTER>
ether b0:0b:de:ad:b0:0b
inet 192.168.1.34 netmask 0xffffff00 broadcast 192.168.1.255
media: Ethernet autoselect (100baseTX <full-duplex>)
status: active
nd6 options=29<PERFORMNUD,IFDISABLED,AUTO_LINKLOCAL>
lo0: flags=8049<UP,LOOPBACK,RUNNING,MULTICAST> metric 0 mtu 16384
options=680003<RXCSUM,TXCSUM,LINKSTATE,RXCSUM_IPV6,TXCSUM_IPV6>
inet6 ::1 prefixlen 128
inet6 fe80::1%lo0 prefixlen 64 scopeid 0x2
inet 127.0.0.1 netmask 0xff000000
groups: lo
nd6 options=21<PERFORMNUD,AUTO_LINKLOCAL>
pflog0: flags=141<UP,RUNNING,PROMISC> metric 0 mtu 33160
groups: pflog
jitte@bakemono:~ $


Mine is em0. What's yours? Whatever it is use that on the 4th line of the following pf ruleset where it says:

ext_if = "em0"

Where mine shows:

inet 192.168.1.34

Use what yours shows in the table instead of 192.168.1.34

Fix your spelling error first. Then open your ruleset, save it as pf.conf.old somewhere of your choosing and replace it with this:

/etc/pf.conf

### CUPS_pf_rules_included
### Macro name for external interface
ext_if = "em0"
netbios_tcp = "{ 22, 23, 25, 110, 111, 123, 512, 513, 514, 515, 6000, 6010 }"
netbios_udp = "{ 123, 512, 513, 514, 515, 5353, 6000, 6010 }"

### Allow CUPS to use tcp ports 80 and udp port 631
cups_tcp = "{ 80, 631 }"
cups_udp = "{ 631 }"

### Allow CUPS to be accessible (change to your other machines ifconfig -a LAN designation )
table <local> { 192.168.0.34 }

### Reassemble fragmented packets
scrub in on $ext_if all fragment reassemble

### Default deny everything
block log all

### Pass loopback
set skip on lo0

### Allow LAN to talk to CUPS on your machine
pass in log quick from <local> to any keep state

### Block spooks
antispoof for lo0
antispoof for $ext_if inet
block in from no-route to any
block in from urpf-failed to any
block in quick on $ext_if from any to 255.255.255.255
block in log quick on $ext_if from { 10.0.0.0/8, 172.16.0.0/12, 192.168.0.0/16, 255.255.255.255/32 } to any

### Block all IPv6
block in quick inet6 all
block out quick inet6 all

### Block to and from port 0
block quick proto { tcp, udp } from any port = 0 to any
block quick proto { tcp, udp } from any to any port = 0

### Block specific ports
block in quick log on $ext_if proto tcp from any to any port $netbios_tcp
block in quick log on $ext_if proto udp from any to any port $netbios_udp

### Allow CUPS to talk to clients on LAN
pass out log on $ext_if proto tcp to any port $cups_tcp keep state
pass out log on $ext_if proto udp to any port $cups_udp keep state

### Keep and modulate state of outbound tcp, udp and icmp traffic
pass out on $ext_if proto { tcp, udp, icmp } from any to any modulate state

Then save that as /etc/pf.conf, reboot and tell us what happens next time you try.

Here is my output for ifconf -a but I can't find pf.config in the directories
root@Mistletoe:~ # ifconfig -a

em0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500
        options=81049b<RXCSUM,TXCSUM,VLAN_MTU,VLAN_HWTAGGING,VLAN_HWCSUM,LRO,VLAN_HWFILTER>
        ether 00:d8:61:58:00:d0
        inet [COLOR=rgb(44, 130, 201)]192.168.1.104 [/COLOR]netmask 0xffffff00 broadcast 192.168.1.255
        media: Ethernet autoselect (100baseTX <full-duplex>)
        status: active
        nd6 options=29<PERFORMNUD,IFDISABLED,AUTO_LINKLOCAL>
lo0: flags=8049<UP,LOOPBACK,RUNNING,MULTICAST> metric 0 mtu 16384
        options=680003<RXCSUM,TXCSUM,LINKSTATE,RXCSUM_IPV6,TXCSUM_IPV6>
        inet6 ::1 prefixlen 128
        inet6 fe80::1%lo0 prefixlen 64 scopeid 0x2
        inet 127.0.0.1 netmask 0xff000000
        groups: lo
        nd6 options=21<PERFORMNUD,AUTO_LINKLOCAL>
pflog0: flags=141<UP,RUNNING,PROMISC> metric 0 mtu 33184
        groups: pflog

 

[dalpets]

If you didn't put them there, who did? Not me...

You have a spelling error in line 2:

pf_rules="/etc/pf.conf"

Here it is. Your network interface may be different. Run this to find out what it is:

jitte@bakemono:~ $ ifconfig -a
em0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500
options=81249b<RXCSUM,TXCSUM,VLAN_MTU,VLAN_HWTAGGING,VLAN_HWCSUM,LRO,WOL_MAGIC,VLAN_HWFILTER>
ether b0:0b:de:ad:b0:0b
inet 192.168.1.34 netmask 0xffffff00 broadcast 192.168.1.255
media: Ethernet autoselect (100baseTX <full-duplex>)
status: active
nd6 options=29<PERFORMNUD,IFDISABLED,AUTO_LINKLOCAL>
lo0: flags=8049<UP,LOOPBACK,RUNNING,MULTICAST> metric 0 mtu 16384
options=680003<RXCSUM,TXCSUM,LINKSTATE,RXCSUM_IPV6,TXCSUM_IPV6>
inet6 ::1 prefixlen 128
inet6 fe80::1%lo0 prefixlen 64 scopeid 0x2
inet 127.0.0.1 netmask 0xff000000
groups: lo
nd6 options=21<PERFORMNUD,AUTO_LINKLOCAL>
pflog0: flags=141<UP,RUNNING,PROMISC> metric 0 mtu 33160
groups: pflog
jitte@bakemono:~ $


Mine is em0. What's yours? Whatever it is use that on the 4th line of the following pf ruleset where it says:

ext_if = "em0"

Where mine shows:

inet 192.168.1.34

Use what yours shows in the table instead of 192.168.1.34

Fix your spelling error first. Then open your ruleset, save it as pf.conf.old somewhere of your choosing and replace it with this:

/etc/pf.conf

### CUPS_pf_rules_included
### Macro name for external interface
ext_if = "em0"
netbios_tcp = "{ 22, 23, 25, 110, 111, 123, 512, 513, 514, 515, 6000, 6010 }"
netbios_udp = "{ 123, 512, 513, 514, 515, 5353, 6000, 6010 }"

### Allow CUPS to use tcp ports 80 and udp port 631
cups_tcp = "{ 80, 631 }"
cups_udp = "{ 631 }"

### Allow CUPS to be accessible (change to your other machines ifconfig -a LAN designation )
table <local> { 192.168.0.34 }

### Reassemble fragmented packets
scrub in on $ext_if all fragment reassemble

### Default deny everything
block log all

### Pass loopback
set skip on lo0

### Allow LAN to talk to CUPS on your machine
pass in log quick from <local> to any keep state

### Block spooks
antispoof for lo0
antispoof for $ext_if inet
block in from no-route to any
block in from urpf-failed to any
block in quick on $ext_if from any to 255.255.255.255
block in log quick on $ext_if from { 10.0.0.0/8, 172.16.0.0/12, 192.168.0.0/16, 255.255.255.255/32 } to any

### Block all IPv6
block in quick inet6 all
block out quick inet6 all

### Block to and from port 0
block quick proto { tcp, udp } from any port = 0 to any
block quick proto { tcp, udp } from any to any port = 0

### Block specific ports
block in quick log on $ext_if proto tcp from any to any port $netbios_tcp
block in quick log on $ext_if proto udp from any to any port $netbios_udp

### Allow CUPS to talk to clients on LAN
pass out log on $ext_if proto tcp to any port $cups_tcp keep state
pass out log on $ext_if proto udp to any port $cups_udp keep state

### Keep and modulate state of outbound tcp, udp and icmp traffic
pass out on $ext_if proto { tcp, udp, icmp } from any to any modulate state

Then save that as /etc/pf.conf, reboot and tell us what happens next time you try.

Here is my ifconfig -a, but I can't find the directory for pf.config

root@Mistletoe:~ # ifconfig -a

em0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500
        options=81049b<RXCSUM,TXCSUM,VLAN_MTU,VLAN_HWTAGGING,VLAN_HWCSUM,LRO,VLAN_HWFILTER>
        ether 00:d8:61:58:00:d0
        inet 192.168.1.104 netmask 0xffffff00 broadcast 192.168.1.255
        media: Ethernet autoselect (100baseTX <full-duplex>)
        status: active
        nd6 options=29<PERFORMNUD,IFDISABLED,AUTO_LINKLOCAL>
lo0: flags=8049<UP,LOOPBACK,RUNNING,MULTICAST> metric 0 mtu 16384
        options=680003<RXCSUM,TXCSUM,LINKSTATE,RXCSUM_IPV6,TXCSUM_IPV6>
        inet6 ::1 prefixlen 128
        inet6 fe80::1%lo0 prefixlen 64 scopeid 0x2
        inet 127.0.0.1 netmask 0xff000000
        groups: lo
        nd6 options=21<PERFORMNUD,AUTO_LINKLOCAL>
pflog0: flags=141<UP,RUNNING,PROMISC> metric 0 mtu 33184
        groups: pflog

 

[Deleted member 30996]

Here is my ifconfig -a, but I can't find the directory for pf.config

That is not the right spelling. FreeBSD won't be able to find it either if it's not spelled right.

You didn't have /etc/pf.conf spelled right so it wasn't even loading the firewall rules. Once you sort out your printing problem you can use that ruleset the way it is in my post.

I went ahead and put in your LAN designation so all you have to do is open a text editor, like editors/leafpad, copy & paste that firewall ruleset into it and save it in the /etc Directory as pf.conf. Here's what it looks like:

 

[mark_j]

Script started on Fri Apr 2 14:39:31 2021
root@Mistletoe:~ # ps aux |grep cups

root       1398   0.0  0.1   4812   2260  1  S+   14:40     0:00.00 grep cups


root@Mistletoe:~ # exit
Script done on Fri Apr  2 14:42:52 2021

I'm not sure how to execute the ps part of your instruction. Help please.

What? You ran "ps aux|grep cups", it says so above. Cupsd is not running or it would be listed.
Start cupsd, re-run the above and using the second column (after root), which is the PID, do the following:
Open a terminal session and type this:

script cups.txt
truss -p {pid_from_ps_command}

Then while that is running, from firefox or whatever, type: http://localhost:631
Wait for it. Refresh if need be.
Finally, go back to the terminal session running truss and exit.
Post the file cups.txt

 

[sidetone]

Buy a Mac. Then mark this thread as solved.

 

[dalpets]

If you didn't put them there, who did? Not me...

You have a spelling error in line 2:

pf_rules="/etc/pf.conf"

Here it is. Your network interface may be different. Run this to find out what it is:

jitte@bakemono:~ $ ifconfig -a
em0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500
options=81249b<RXCSUM,TXCSUM,VLAN_MTU,VLAN_HWTAGGING,VLAN_HWCSUM,LRO,WOL_MAGIC,VLAN_HWFILTER>
ether b0:0b:de:ad:b0:0b
inet 192.168.1.34 netmask 0xffffff00 broadcast 192.168.1.255
media: Ethernet autoselect (100baseTX <full-duplex>)
status: active
nd6 options=29<PERFORMNUD,IFDISABLED,AUTO_LINKLOCAL>
lo0: flags=8049<UP,LOOPBACK,RUNNING,MULTICAST> metric 0 mtu 16384
options=680003<RXCSUM,TXCSUM,LINKSTATE,RXCSUM_IPV6,TXCSUM_IPV6>
inet6 ::1 prefixlen 128
inet6 fe80::1%lo0 prefixlen 64 scopeid 0x2
inet 127.0.0.1 netmask 0xff000000
groups: lo
nd6 options=21<PERFORMNUD,AUTO_LINKLOCAL>
pflog0: flags=141<UP,RUNNING,PROMISC> metric 0 mtu 33160
groups: pflog
jitte@bakemono:~ $


Mine is em0. What's yours? Whatever it is use that on the 4th line of the following pf ruleset where it says:

ext_if = "em0"

Where mine shows:

inet 192.168.1.34

Use what yours shows in the table instead of 192.168.1.34

Fix your spelling error first. Then open your ruleset, save it as pf.conf.old somewhere of your choosing and replace it with this:

/etc/pf.conf

### CUPS_pf_rules_included
### Macro name for external interface
ext_if = "em0"
netbios_tcp = "{ 22, 23, 25, 110, 111, 123, 512, 513, 514, 515, 6000, 6010 }"
netbios_udp = "{ 123, 512, 513, 514, 515, 5353, 6000, 6010 }"

### Allow CUPS to use tcp ports 80 and udp port 631
cups_tcp = "{ 80, 631 }"
cups_udp = "{ 631 }"

### Allow CUPS to be accessible (change to your other machines ifconfig -a LAN designation )
table <local> { 192.168.1.104 }

### Reassemble fragmented packets
scrub in on $ext_if all fragment reassemble

### Default deny everything
block log all

### Pass loopback
set skip on lo0

### Allow LAN to talk to CUPS on your machine
pass in log quick from <local> to any keep state

### Block spooks
antispoof for lo0
antispoof for $ext_if inet
block in from no-route to any
block in from urpf-failed to any
block in quick on $ext_if from any to 255.255.255.255
block in log quick on $ext_if from { 10.0.0.0/8, 172.16.0.0/12, 192.168.0.0/16, 255.255.255.255/32 } to any

### Block all IPv6
block in quick inet6 all
block out quick inet6 all

### Block to and from port 0
block quick proto { tcp, udp } from any port = 0 to any
block quick proto { tcp, udp } from any to any port = 0

### Block specific ports
block in quick log on $ext_if proto tcp from any to any port $netbios_tcp
block in quick log on $ext_if proto udp from any to any port $netbios_udp

### Allow CUPS to talk to clients on LAN
pass out log on $ext_if proto tcp to any port $cups_tcp keep state
pass out log on $ext_if proto udp to any port $cups_udp keep state

### Keep and modulate state of outbound tcp, udp and icmp traffic
pass out on $ext_if proto { tcp, udp, icmp } from any to any modulate state

Then save that as /etc/pf.conf, reboot and tell us what happens next time you try.

I don't have any /etc/pf.conf to start with. Is that normal?

 

[dalpets]

What? You ran "ps aux|grep cups", it says so above. Cupsd is not running or it would be listed.
Start cupsd, re-run the above and using the second column (after root), which is the PID, do the following:
Open a terminal session and type this:

script cups.txt
truss -p {pid_from_ps_command}

Then while that is running, from firefox or whatever, type: http://localhost:631
Wait for it. Refresh if need be.
Finally, go back to the terminal session running truss and exit.
Post the file cups.txt

Unfortunately that didn't work. Why is the resultant output refering to pid 1367?
root@Mistletoe:~ # ps aux |grep cups

root       1362   0.0  0.1   4812   2260  0  S+   21:40    0:00.00 grep cups
root@Mistletoe:~ # script cups.txt
Script started, output file is cups.txt
root@Mistletoe:~ # truss 1362
truss: execvp 1362: No such file or directory
truss: Unable to enable LWP events for pid 1367: No such process
truss:: Too many arguments.

 

[scottro]

Don't worry too much about the pid numbers. We're still trying to figure out the very basic question of is cups running or not. My guess, and it's just a guess is that 1367 is some other process started when you run the command.

I'm sure it's really frustrating but you are at least trying, and not afraid to ask questions, which is the first step.
As for the question about pf.conf, no the file isn't there by default, you have to create it. This indicates that even if pf is running, it's not doing anything. I would stop it. (You can do this by just commenting out the line in /etc/rc.conf by putting a # in front of the line.)
As the saying goes, in Unix, there's always more than one way to do things, with the corollary that someone will think your way is bad, and there's lots of other ways to stop it from running. But, as you never know, you may want to use it as you get more experienced, for now, you can just comment out the lines referring to pf in /etc/rc.conf.

 

[dalpets]

.......and again but no 631 in the firefox browser. Am I correct to use the curly brackets for the truss pid;
root@Mistletoe:~ # ps aux |grep cups
root 1363 0.0 0.1 4456 1988 0 S+ 21:41 0:00.02 script cups
root 1397 0.0 0.1 4812 2260 2 S+ 21:52 0:00.00 grep cups
root@Mistletoe:~ # ps aux |grep cups
root 1363 0.0 0.1 4456 1988 0 S+ 21:41 0:00.02 script cups
root 1408 0.0 0.1 4812 2260 2 S+ 21:55 0:00.00 grep cups
root@Mistletoe:~ # script cups.txt
Script started, output file is cups.txt
root@Mistletoe:~ # truss -p {1363}

select(5,{ 0 4 },0x0,0x0,{ 24.000000 }) = 0 (0x0)
select(5,{ 0 4 },0x0,0x0,{ 30.000000 }) = 0 (0x0)
select(5,{ 0 4 },0x0,0x0,{ 30.000000 }) = 0 (0x0)
select(5,{ 0 4 },0x0,0x0,{ 30.000000 }) = 0 (0x0)
select(5,{ 0 4 },0x0,0x0,{ 30.000000 }) = 0 (0x0)
select(5,{ 0 4 },0x0,0x0,{ 30.000000 }) = 0 (0x0)
select(5,{ 0 4 },0x0,0x0,{ 30.000000 }) = 0 (0x0)select(5,{ 0 4 },0x0,0x0,{ 30.000000 }) = 0 (0x0)
select(5,{ 0 4 },0x0,0x0,{ 30.000000 }) = 0 (0x0)
select(5,{ 0 4 },0x0,0x0,{ 30.000000 }) = 0 (0x0)
select(5,{ 0 4 },0x0,0x0,{ 30.000000 }) = 0 (0x0)

 

[dalpets]

If you didn't put them there, who did? Not me...

You have a spelling error in line 2:

pf_rules="/etc/pf.conf"

Here it is. Your network interface may be different. Run this to find out what it is:

jitte@bakemono:~ $ ifconfig -a
em0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500
options=81249b<RXCSUM,TXCSUM,VLAN_MTU,VLAN_HWTAGGING,VLAN_HWCSUM,LRO,WOL_MAGIC,VLAN_HWFILTER>
ether b0:0b:de:ad:b0:0b
inet 192.168.1.34 netmask 0xffffff00 broadcast 192.168.1.255
media: Ethernet autoselect (100baseTX <full-duplex>)
status: active
nd6 options=29<PERFORMNUD,IFDISABLED,AUTO_LINKLOCAL>
lo0: flags=8049<UP,LOOPBACK,RUNNING,MULTICAST> metric 0 mtu 16384
options=680003<RXCSUM,TXCSUM,LINKSTATE,RXCSUM_IPV6,TXCSUM_IPV6>
inet6 ::1 prefixlen 128
inet6 fe80::1%lo0 prefixlen 64 scopeid 0x2
inet 127.0.0.1 netmask 0xff000000
groups: lo
nd6 options=21<PERFORMNUD,AUTO_LINKLOCAL>
pflog0: flags=141<UP,RUNNING,PROMISC> metric 0 mtu 33160
groups: pflog
jitte@bakemono:~ $


Mine is em0. What's yours? Whatever it is use that on the 4th line of the following pf ruleset where it says:

ext_if = "em0"

Where mine shows:

inet 192.168.1.34

Use what yours shows in the table instead of 192.168.1.34

Fix your spelling error first. Then open your ruleset, save it as pf.conf.old somewhere of your choosing and replace it with this:

/etc/pf.conf

### CUPS_pf_rules_included
### Macro name for external interface
ext_if = "em0"
netbios_tcp = "{ 22, 23, 25, 110, 111, 123, 512, 513, 514, 515, 6000, 6010 }"
netbios_udp = "{ 123, 512, 513, 514, 515, 5353, 6000, 6010 }"

### Allow CUPS to use tcp ports 80 and udp port 631
cups_tcp = "{ 80, 631 }"
cups_udp = "{ 631 }"

### Allow CUPS to be accessible (change to your other machines ifconfig -a LAN designation )
table <local> { 192.168.1.104 }

### Reassemble fragmented packets
scrub in on $ext_if all fragment reassemble

### Default deny everything
block log all

### Pass loopback
set skip on lo0

### Allow LAN to talk to CUPS on your machine
pass in log quick from <local> to any keep state

### Block spooks
antispoof for lo0
antispoof for $ext_if inet
block in from no-route to any
block in from urpf-failed to any
block in quick on $ext_if from any to 255.255.255.255
block in log quick on $ext_if from { 10.0.0.0/8, 172.16.0.0/12, 192.168.0.0/16, 255.255.255.255/32 } to any

### Block all IPv6
block in quick inet6 all
block out quick inet6 all

### Block to and from port 0
block quick proto { tcp, udp } from any port = 0 to any
block quick proto { tcp, udp } from any to any port = 0

### Block specific ports
block in quick log on $ext_if proto tcp from any to any port $netbios_tcp
block in quick log on $ext_if proto udp from any to any port $netbios_udp

### Allow CUPS to talk to clients on LAN
pass out log on $ext_if proto tcp to any port $cups_tcp keep state
pass out log on $ext_if proto udp to any port $cups_udp keep state

### Keep and modulate state of outbound tcp, udp and icmp traffic
pass out on $ext_if proto { tcp, udp, icmp } from any to any modulate state

Then save that as /etc/pf.conf, reboot and tell us what happens next time you try.

Thank you. With your recommended inclusions in /etc/pf/conf I now have access to localhost:631 version 2.3.3.
Is it always so difficult as this to get it running, or is it assumed that only experienced/professional operators would know how or should even try to? It would be a vast improvement if somehow the BSD installation software could, at least, make some acknowlegement by addressing it at the OS setup stage. Why not have a default proforma pf config file, but I guess that would only address cups installations, but why not have other options for alternative printer pathways.

Surely this is a minefield, it certainly has been for a newcomer like me, & on more than one occasion! For an outlier coming from the Window's environment & at 82 y.o. it has wasted a lot of peoples' time, but even so they have graciously helped me out.
I didn't want to take on croquet, that would be an admission of sorts & I expect this has been a much more exciting, mind exercising exploit.
Could you now finally give me help to setup localhost:631 on 2.3.3. I don't want to waste your time further with trial & error time wasting.

 

[Deleted member 30996]

That's alright. I don't mind helping.

I can't help you any further with CUPS as I have never used it.

 

[T-Daemon]

root@Mistletoe:~ # ps aux |grep cups
root 1363 0.0 0.1 4456 1988 0 S+ 21:41 0:00.02 script cups
root 1397 0.0 0.1 4812 2260 2 S+ 21:52 0:00.00 grep cups

If ps aux | grep cups doesn't return an output similar below, then cupsd isn't running.

root       1557   0.0  0.2    28680   8008  -  Is   11:14     0:00.01 /usr/local/sbin/cupsd -C /usr/local/etc/cups/cupsd.conf -s /usr/local/etc/cups/cups-files.conf

If the cupsd daemon is not running those actions with script(1) and truss(1) or looking into /etc/pf.conf are useless, above all no localhost:631.

Please execute following commands and post the output:

cat  /etc/rc.conf
file /etc/rc.conf

 

[dalpets]

SirDice said:
There is no difference between a port and a package. Ports build packages and a package is just a pre-compiled port.

So why is it said, in certain quarters, that mixing both might have a negative impact on upgrades? I suppose it's no big deal if you are competent to find errors on such occasions, upgrade errors that might be deep seated & hard to find.

 

[Deleted member 30996]

So why is it said, in certain quarters, that mixing both might have a negative impact on upgrades? I suppose it's no big deal if you are competent to find errors on such occasions, upgrade errors that might be deep seated & hard to find.

I have never upgraded from one RELEASE version to the next step and always do a full rebuild of the System from ground up. That way I know what I'm going to get every time and that's a rock-solid FreeBSD desktop.

 

[tingo]

Unfortunately, there will always some number of assumptions in a discussion / information exchange, simply because we are humans - we don't detail everything in every discussion, if we think that the people we are having the conversation with have a level of knowledge about the subject.

As for cups: you now have a working interface at http://localhost:631/ Open this in your favorite web browser (firefox, chromium or other). At the top row of that web page should be a number of clickable links "CUPS.org", "Home", "Administration", "Classes", "Help", "Jobs", "Printers".
What you need to do now is to add your printer to CUPS. Click "Administration", then "Add Printer" - at this point CUPS might pop up a dialog box asking for your username and password. Input that (note: the username of your regular user, not "root" or something else), then it will start asking questions about the printer you want to add. If you are lucky, it will be listed under "Discovered Network Printers" and you can select it and continue from there.

If you have more questions about this, write them in this thread.

 

[ct85711]

The reason that mixing ports and packages are discouraged (though is possible, but you have to carefully manage them), is more of a combination of things. Ports, you can change the default compilation settings where packages are only compiled by the defaults and you can't change them. Also while they do use the same sources, ports and packages do not interact with each other. So when you compile a port, it is going to compile/install all of the dependencies even though you may already have the package version installed. This is where they conflict with each other and where problems often arise. The key part is, on packages all packages use the assumption that everything has the default settings, so all of them can assume what compile settings are set for any package. Where as ports do NOT have that assumption, so they have to check the dependencies have the correct settings as necessary.

 

[dalpets]

I have never upgraded from one RELEASE version to the next step and always do a full rebuild of the System from ground up. That way I know what I'm going to get every time and that's a rock-solid FreeBSD desktop.

Can you give an insight of how you go about that?