3

I could not find any clear answer through prior research.

Xsane fails to find the scanner with ufw enabled, works great with ufw off.

I have opened 6566 for both tcp and udp in ufw. Still no joy. I could not tell from watching the "listening report" in ufw which ports sane is using other than 6566.

If the ports are not standard but vary by scanner (this is a Canon) advice on how to locate the required ports would be most welcome.

Edit: I tried sudo ufw allow saned but I think this just opens port 6566 because the response back from the command was to the effect that it was already open.

Additional information: the port(s) that are being blocked seem to be related to scanner discovery and job status. If I disable the firewall and start xsane, then turn on the firewall and scan, a scan will take place, but it repeats over and over (apparently a job completion status is not being sent).

sudo netstat -lntp | grep saned showed port 6566 but no others. Perhaps the discovery/statuses are being sent too fast for me to see.

Organic Marble
  • 24,696

3 Answers3

3

I would use sudo netstat -lntp | grep saned to check.

But sane has a pre-defined application profile: sudo ufw allow saned should be all you need.

(xsane is the gui for sane)

Rinzwind
  • 309,379
3

Since my printer has a fixed IP address on the LAN, I was able to fix this by using the command

sudo ufw allow from <ip address>

Organic Marble
  • 24,696
0

I was able to reach my HP ENVY network attached scanner with (envy is device hostname):

$ xsane $(hp-makeuri envy 2>&1 | grep SANE | cut -d: -f2-)

No nf_conntrack_sane or special firewall configuration required:

# ufw status
Status: active

To                         Action      From
--                         ------      ----
443/tcp                    ALLOW       Anywhere                  
80/tcp                     ALLOW       Anywhere                  
22/tcp                     ALLOW       Anywhere                  
Anywhere/igmp              ALLOW       Anywhere/igmp             
32400                      ALLOW       192.168.1.0/24            
53                         ALLOW       192.168.1.0/24            
Samba                      ALLOW       192.168.1.0/24            
68/udp                     ALLOW       Anywhere                  
67/udp                     ALLOW       Anywhere                  
443/tcp (v6)               ALLOW       Anywhere (v6)             
80/tcp (v6)                ALLOW       Anywhere (v6)             
22/tcp (v6)                ALLOW       Anywhere (v6)             
32400                      ALLOW       xxxx:xxxx:xxxx:xxxx::/64   
53                         ALLOW       xxxx:xxxx:xxxx:xxxx::/64   
Samba (v6)                 ALLOW       xxxx:xxxx:xxxx:xxxx::/64   
68/udp (v6)                ALLOW       Anywhere (v6)             
67/udp (v6)                ALLOW       Anywhere (v6)
Wayne Vosberg
  • 808