this post was submitted on 29 Jan 2024
27 points (96.6% liked)

Linux

48328 readers
85 users here now

From Wikipedia, the free encyclopedia

Linux is a family of open source Unix-like operating systems based on the Linux kernel, an operating system kernel first released on September 17, 1991 by Linus Torvalds. Linux is typically packaged in a Linux distribution (or distro for short).

Distributions include the Linux kernel and supporting system software and libraries, many of which are provided by the GNU Project. Many Linux distributions use the word "Linux" in their name, but the Free Software Foundation uses the name GNU/Linux to emphasize the importance of GNU software, causing some controversy.

Rules

Related Communities

Community icon by Alpár-Etele Méder, licensed under CC BY 3.0

founded 5 years ago
MODERATORS
 

Hello, I'm trying to use my Epson XP-200 printer/scanner with OpenSUSE Tumblweed.

  • /etc/sane.d/dll.conf has the "epson2" line uncommented.
  • /etc/sane.d/epson2.conf has "net autodiscovery" as its last line
  • My user is part of the "lp" group, which seems to be required for finding printers/scanners

If I disable the firewall completely (using YaST2 firewall program), it works -- the Skanlite software detects my scanner and connects to it. With the firewall enabled, however, Skanlite says SANE cannot find any scanners. I have tried allowing TCP and UDP ports 8610, 8612 (based on suggestions from https://wiki.debian.org/SaneOverNetwork), and 631 (for CUPS) in the "public" zone, and added the "sane" service to "Allowed" services (didn't see a "cups" service option), but Skanlite still says SANE cannot find the scanner.

Is there a way for "net autodiscovery" to work without completely disabling my firewall? What ports/services should I allow? It seems the alternative is to manually specify the printer's IP address in /etc/sane.d/epson2.conf instead of "net autodiscovery", but I would prefer to not hardcode this.

Thank you in advance for any suggestions!

EDIT: Based on suggestions below, I turned on firewall logging with the instructions https://www.cyberciti.biz/faq/enable-firewalld-logging-for-denied-packets-on-linux/):

  • sudo vi /etc/firewalld/firewalld.conf
  • Set LogDenied=all
  • sudo firewall-cmd --reload

To find lines related to my printer (known to be at 192.168.1.57):

  • dmseg | grep 192.168.1.57

Here is a sample of the output (192.168.1.105 is my OpenSUSE computer):

[30974.673679] filter_IN_public_REJECT: IN=wlp0s20f0u3 OUT= MAC= SRC=192.168.1.57 DST=192.168.1.105 LEN=104 TOS=0x00 PREC=0x00 TTL=30 ID=37923 PROTO=UDP SPT=3289 DPT=48375 LEN=84 MARK=0x3214

[30976.299712] filter_IN_public_REJECT: IN=wlp0s20f0u3 OUT= MAC= SRC=192.168.1.57 DST=192.168.1.105 LEN=104 TOS=0x00 PREC=0x00 TTL=30 ID=37924 PROTO=UDP SPT=3289 DPT=52415 LEN=84 MARK=0x3214

[31139.093164] filter_IN_public_REJECT: IN=wlp0s20f0u3 OUT= MAC= SRC=192.168.1.57 DST=192.168.1.105 LEN=104 TOS=0x00 PREC=0x00 TTL=30 ID=38084 PROTO=UDP SPT=3289 DPT=46833 LEN=84 MARK=0x3214

Looks like 3289 UDP is the port of interest, and it shows up on an EPSON website (https://epson.com/faq/SPT_C11CG18201~faq-0000525-shared?faq_cat=faq-8796127635532). I tried adding it to "public" and "home" zones and it still doesn't work. Is there a different zone I should be using?

you are viewing a single comment's thread
view the rest of the comments
[–] iggames 1 points 10 months ago (1 children)

No change with allowing 5353 UDP through the firewall, unfortunately. But thank you for the suggestion!

[–] [email protected] 1 points 10 months ago (1 children)

You may also need to allow multicast. Look into it a bit more.

You can also enable debugging on the firewall and see what exactly gets blocked.

[–] iggames 1 points 10 months ago

Added some info to the post. Firewall is blocking 3289 UDP from my printer, so I added 3289 UDP to open ports for "home", "public", and "internal" zones. However, I'm still seeing filter_IN_public_REJECT entries in dmesg, so it seems the firewall is still blocking these. Is there a different way I should be telling it to allow requests on this port?

Firewall also allows mdns service (again, in "home", "public", and "internal" zones), but I also see entries like this:

[41951.119486] filter_IN_public_REJECT: IN=wlp0s20f0u3 OUT= MAC= SRC=192.168.1.1 DST=224.0.0.1 LEN=36 TOS=0x00 PREC=0x00 TTL=1 ID=10725 DF PROTO=2 MARK=0x3214

It sounds like 224.0.0.1 is related to mdns broadcasts, so it seems firewall is also still blocking these (despite mdns being allowed service).

Am I specifying these in the wrong place? (Per Connections - System Settings, my wifi is in Firewall zone "home").