**** CUPS has problems after installing 2.6.14 ****

If lpstat gives the following strange error after installing kernel 2.6.14 :

dutind6:/opt 116 # lpstat -t
scheduler is running
lpstat: get-classes failed: client-error-forbidden
lpstat: get-printers failed: client-error-forbidden
lpstat: get-printers failed: client-error-forbidden
lpstat: get-printers failed: client-error-forbidden
lpstat: get-jobs failed: client-error-forbidden

and the problem can be solved by switching of the firewall (iptables) this
is - at least in my case ! - caused by a problematic NAT/MASQUERADING rule.

I had the following construct for masqueraded ip-forwarding :

==================================================================

LOCALNET="192.168.32.0/30"
iptables -A FORWARD -d $LOCALNET -s 0.0.0.0/0 -m state --state ESTABLISHED,\
RELATED -j ACCEPT
iptables -A FORWARD -s $LOCALNET -d 0.0.0.0/0 -j ACCEPT
iptables -t nat -A POSTROUTING -d 0.0.0.0/0 -j MASQUERADE

==================================================================

Turning of the last rule using :
iptables -t nat -D POSTROUTING -d 0.0.0.0/0 -j MASQUERADE

seemed to solve the problem and enabling the rule gave the problem again.

After some thinking it became obvious that the last rule was not very clear
: 1) the destination wasn't very interesting and could be omitted and 2) we
needed to tell from WHICH network we wanted masquerading.

So I changed the last line into :

iptables -t nat -D POSTROUTING -s $LOCALNET -j MASQUERADE

And everything was fixed again !

Kees Lemmens,
November 2005.