For faxing I use HylaFAX on my home multipurpose linux server.

What does it do then?

It's a very powerful and fairly easy to use Open Source fax server that suits my modest needs:

• ability to receive incoming faxes as PDF email attachments, so I can retrieve my faxes from anywhere.
• ability to fax from your PC as you print, using a small print driver called WinPrint.
• ability to be notified of any failure or success by email, to make sure that the recipient actually received the fax, or to let someone trying to fax you know that there is an issue.
• ability to fax from anywhere through TCP requests on port 4559.

The problem

I wanted to be able to fax through my home server using my laptop at the office.This was a bit of an issue because of security concerns, but also because of a certain lack of information on how to do that properly and configure your firewall appropriately.

Firewall Configuration (HylaFAX Server)

In my case, I want to allow my home server to accept any incoming on Port 4559 (used by HylaFax), but only from my Office IP (I thankfully use fixed IPs):

• configure your firewall to accept incoming TCP on port 4559.
• Make sure that your hylaFAX configuration accepts requests from your server by editing the /var/spool/hylafax/etc/hosts.hfaxd file.
• Make sure your firewall accepts passive connections from this port: in Linux, use modprobe ip_conntrack_ftp ports=21,4559.

I use the strong firewall scripts from Linux IP Masquerade HOWTO and added the ports=21,4559 to the script in the appropriate section (just search for ip_conntrack_ftp in the script).

To allow incoming requests from my office (let's pretend it's 22.56.124.56), I would have the following entries in the Optional Input section of the firewall script:

echo -e " - Allowing INCOMING access to the FAX server from the Office only"
$IPTABLES -A INPUT -i $EXTIF -m state --state NEW,ESTABLISHED,RELATED \
-p tcp -d $EXTIP --dport 4559 -j ACCEPT -s 22.56.124.56

Windows XP configuration (Client)

To print, simply follow the instructions from the WinPrint page with these added comments:

• Go to Start->Coontrol Panel->Printers and Faxes and select the properties of the new HylaFax printer you just added.
• Select the Ports tab and press Configure Port.... Make sure that the information entered there is right: in my config, the modem is on ttyS1 for instance, and the username and password have to match those you set up in the hosts.hfaxd file above.Your Server adderss must also be right of course. If you want to be notified by email of the success of failures, make sure the default notify is set to a valid email address.
• If necessary, don't forget to configure the printer driver's properties to a minimum: disable any extra feeders or functionality offered by the print driver and make sure your paper size is correct.
• Don't forget that you have to do that configuration in the Device Settings page and in the Printing Defaults of the Advanced page and on the Printing Preferences of the General page.

Now you should be set and be able to print. If you encounter issues, you can check a few things from the HylaFAX website.

Resources

• Troubleshooting HylaFAX™ Problems
• WinPrint Sourceforge site
• A useful FAQ entry about firewall configuration for another HylaFAX client.