Connect. Communicate. Collaborate. Securely.

Home » Kerio User Forums » Kerio Control » No TCP/IP Printing possible with KWF startet
  •  
finsher

Messages: 9
Karma: 0
Send a private message to this user
Hi,

I have a strange problem with KWF 6.2.0 patch 1
Everything work flawless except one thing: I cannot print on the PC which hosts KWF.

Environment: Windows 2000 Server is used as Router, Firewall, Fileserver, Mailserver etc. (one Machine for all, no the best but for a small company good enough)
This PC ist also configured as a printserver and manages three printers. All connected via TCP/IP printserver. One printer uses the RAW format at port 9100 the others uses LPR on port 515. But you cannot print, neither from the server nor from the workstations. The printer which uses the RAW format prints from the server but not from the workstation.
If I shutdown KWF, everything works fine.

Any idea ?

Thanks.
  •  
winkelman

Messages: 2119
Karma: 3
Send a private message to this user
One word: Traffic Policies (ok, that's two words Smile

Is traffic allowed over the IP ports to/from the printers?
  •  
finsher

Messages: 9
Karma: 0
Send a private message to this user
Sorry, I forgot to mention.
Yes, internal traffic is allowed on the internal network card for 'Any' service. And as far as I understand 'Any' it includes printer ports as well.

By the way, I tried to create separate rules for port 515 and 9100 but without success. It is strange... Confused
  •  
winkelman

Messages: 2119
Karma: 3
Send a private message to this user

How about protocol inspectors? Are they turned on for local traffic? Maybe try making the special printer traffic policy without protocol inspectors and place it above the 'any service allowed locally' policy...
  •  
finsher

Messages: 9
Karma: 0
Send a private message to this user
There are no protocol inspectors installed over the appropriate ports.

But I tried you suggestion. I made a new service, with soure = any, destination port 515 (TCP) with no protocol inspector.

I add this rule/service under traffic policies and put it on the first place. But this also doesn't work.

  •  
finsher

Messages: 9
Karma: 0
Send a private message to this user
I found another interesting thing. I cannat telnet to the printserver box from the PC which hosts KWF. From all other PCs is it possible. It seems, that some service are generally blocked without showing it in the Traffic policies windows. Again, all internal communication is allowed with 'Any'.
  •  
feite

Messages: 523
Karma: 0
Send a private message to this user
Enable packet logging and check what is happening (filter log). If you need more debug info go to the debug log, right click there and select Messages... Select messages and analyse the debug log entries.
  •  
finsher

Messages: 9
Karma: 0
Send a private message to this user
Okay, meantime I get a little crazy...

I uncovered new things. I logged as you suggested all the traffic. First I disconnected from the internet Razz , the I created a special service/rule: I allowed any source any destination any port almost anything... then I logged the output:

----------------
[02/Jul/2006 22:47:52] [ID] 70 [Rule] Printing [Service] Test [Connection] TCP SERVER:3967 -> 192.168.1.52:515 [Duration] 16 sec [Bytes] 144/120/264 [Packets] 3/3/6
[02/Jul/2006 22:47:58] [ID] 71 [Rule] Printing [Service] Test [Connection] TCP SERVER:3968 -> 192.168.1.52:515 [Duration] 16 sec [Bytes] 144/120/264 [Packets] 3/3/6
[02/Jul/2006 22:48:04] [ID] 72 [Rule] Printing [Service] Test [Connection] TCP SERVER:3970 -> 192.168.1.52:515 [Duration] 16 sec [Bytes] 144/120/264 [Packets] 3/3/6
-------------------

and so on... basically good looking, Server starts printing to 192.168.1.52 on port 515.

Funny thing: No printing.... I shut down KWF and viola the printer is printing.

Then I tried to add the printer (connected to a tcp/ip printserver) to a local machine within the network and it prints...

??????? I don't understand anything....
  •  
Kerio_ktrumbull

Messages: 597
Karma: 2
Send a private message to this user
My guess is that the packets are being dropped due to the 3-way handshake not being properly completed.

Go to Logs -> Debug and right click anywhere in the right window. Go to Messages, then choose the option "packets dropped for some reason". Look to see if your packets are being dropped. My guess is because of the 3-way handshake checking.

Kevin Trumbull
Kerio Technical Support Team Leader
http://support.kerio.com
  •  
finsher

Messages: 9
Karma: 0
Send a private message to this user
Hmm, I'm not really understanding what 3-way handshalking means, but it seems that you are right. Sometime in the log the following line appears:

[03/Jul/2006 21:24:33] {pktdrop} packet dropped: 3-way handshake not completed (from Gbit-Team-Verbindung, proto:TCP, len:44, ip/port:192.168.1.52:515 -> 192.168.1.100:1346, flags: SYN ACK PSH , seq:31439681 ack:304863792, win:1024, tcplen:0)
[03/Jul/2006 21:24:38] {pktdrop} packet dropped: 3-way handshake not completed (from Gbit-Team-Verbindung, proto:TCP, len:44, ip/port:192.168.1.52:515 -> 192.168.1.100:1353, flags: SYN ACK PSH , seq:31494002 ack:1499763228, win:1024, tcplen:0)
[03/Jul/2006 21:24:54] {pktdrop} packet dropped: 3-way handshake not completed (from Gbit-Team-Verbindung, proto:TCP, len:44, ip/port:192.168.1.52:515 -> 192.168.1.100:1346, flags: SYN ACK PSH , seq:31439681 ack:304863792, win:1024, tcplen:0)

What does that mean and what can I do ?

  •  
finsher

Messages: 9
Karma: 0
Send a private message to this user
Are there anybody outside who can help with this problem ? It may now a problem of an uncompleted 3 way handshaking. How can I solve this problem ?

Thanks.
  •  
Pavel Dobry (Kerio)

Messages: 5245
Karma: 251
Send a private message to this user
A little search might help you:
http://forums.kerio.com/index.php?t=msg&goto=6592

There are several possible reasons and solutions.
  •  
finsher

Messages: 9
Karma: 0
Send a private message to this user
Yes, I know this topic. Unfortunately I cannot apply the ONLY possible solution (like this topic says): Disable the scurity check. I don't found anything like that neiter in the manual nor in the help or the program itself.
Where is this switch ?

I think, my network is well configured. I think, the problem occurs from the print server. They are approx 6 years old and uses an old protocol. But with Kerio 4 and an external firewall everything ran fine.
  •  
finsher

Messages: 9
Karma: 0
Send a private message to this user
Is there nobody out there who knows an answer to my request ?
sanketgroup

Messages: 1
Karma: 0
Send a private message to this user
same problem....pls help any one...
Previous Topic: VPN Client and IPX?
Next Topic: Local Area Connection
Goto Forum:
  


Disclaimer:
Kerio discussion forums are intended for open communication between forum members and may contain information and material posted by members which may be useful in learning about Kerio products. The discussion forums are not intended to provide technical support for any specific product. Any information implied or expressed in the discussion forums is that of the posting member. Kerio is in no way responsible for the information posted in the forums, or its accuracy. Kerio employees may participate in the discussions, but their postings do not represent an offical position of the company on any issues raised or discussed. Kerio reserves the right to monitor and maintain the forums to promote free and accurate exchange of information.

Current Time: Thu Nov 23 08:26:42 CET 2017

Total time taken to generate the page: 0.00519 seconds
.:: Contact :: Home ::.
Powered by: FUDforum 3.0.4.