Results 1 to 7 of 7

Thread: Firewall blocking network scanner - is there a way out

  1. #1

    Default Firewall blocking network scanner - is there a way out

    I recently acquired a Brother DCP9020 all-in-one printer/scanner.
    I want to use the printer/scanner from various PCs in my home network.
    Hence I want to use it in networked mode, not via USB.

    The printer works nicely from various PCs.
    For scanning I use Vuescan.

    Vuescan cannot see the scanner when the Suse Firewall is active.
    When I switch off the firewall, Vuescan can communicate with the Brother without problems.
    I had the same issues with an HP All in One printer.

    I suspect the issue is caused by the firewall blocking responses from the scanner.

    This is what I see in dmesg when I fire up Vuescan a couple of times.
    The firewall blocks responses from the scanner (ip=192.168.1.20) to the host (ip=192.168.1.13).
    The port numbers being used by the scanner seem to be different each time (DPT=41592, DPT=58945).

    Is there a way out - I would rather not switch off the firewall.

    Code:
    SFW2-INext-DROP-DEFLT IN=eth0 OUT= MAC=6c:62:6d:c9:e0:4e:44:1c:a8:38:50:d0:08:00 SRC=192.168.1.20 DST=192.168.1.13 LEN=1260 TOS=0x00 PREC=0x00 TTL=0 ID=21 PROTO=UDP SPT=5353 DPT=41592 LEN=1240 
    SFW2-INext-DROP-DEFLT IN=eth0 OUT= MAC=6c:62:6d:c9:e0:4e:44:1c:a8:38:50:d0:08:00 SRC=192.168.1.20 DST=192.168.1.13 LEN=1260 TOS=0x00 PREC=0x00 TTL=0 ID=22 PROTO=UDP SPT=5353 DPT=41592 LEN=1240 
    SFW2-INext-DROP-DEFLT IN=eth0 OUT= MAC=6c:62:6d:c9:e0:4e:44:1c:a8:38:50:d0:08:00 SRC=192.168.1.20 DST=192.168.1.13 LEN=1260 TOS=0x00 PREC=0x00 TTL=0 ID=23 PROTO=UDP SPT=5353 DPT=41592 LEN=1240 
    SFW2-INext-DROP-DEFLT IN=eth0 OUT= MAC=6c:62:6d:c9:e0:4e:44:1c:a8:38:50:d0:08:00 SRC=192.168.1.20 DST=192.168.1.13 LEN=1260 TOS=0x00 PREC=0x00 TTL=0 ID=25 PROTO=UDP SPT=5353 DPT=58945 LEN=1240 
    SFW2-INext-DROP-DEFLT IN=eth0 OUT= MAC=6c:62:6d:c9:e0:4e:44:1c:a8:38:50:d0:08:00 SRC=192.168.1.20 DST=192.168.1.13 LEN=1260 TOS=0x00 PREC=0x00 TTL=0 ID=26 PROTO=UDP SPT=5353 DPT=58945 LEN=1240 
    SFW2-INext-DROP-DEFLT IN=eth0 OUT= MAC=6c:62:6d:c9:e0:4e:44:1c:a8:38:50:d0:08:00 SRC=192.168.1.20 DST=192.168.1.13 LEN=1260 TOS=0x00 PREC=0x00 TTL=0 ID=27 PROTO=UDP SPT=5353 DPT=58945 LEN=1240
    Thanks in advance for your observations

    Suse Leap 42.1 Kernel~4.1.27-27-default x86_64

  2. #2
    Join Date
    Jun 2008
    Location
    Auckland, NZ
    Posts
    20,371
    Blog Entries
    1

    Default Re: Firewall blocking network scanner - is there a way out

    If you're behind a router, and operating within your LAN, then the network interfaces really only need to be treated as internal interfaces, and thus behind the firewall. You must have yours configured as external. Port 5353 is used for Avahi (network discovery), and it is likely this port that needs to be opened to allow the discovery process. The response communication from the network scanner should not be impacted by the firewall, so don't worry about that.

    HPLIP has a page explaining what is required with respect to firewall configuration when needed
    http://hplipopensource.com/node/375

  3. #3
    Join Date
    Jun 2008
    Location
    Miami, OK
    Posts
    64

    Default Re: Firewall blocking network scanner - is there a way out

    Thanks so much for this link!!! I've been trying to figure it out for ages....have just been running with the firewall off, due to the scanner. This info fixed the problem and the scanner is now working with the firewall active.
    MSI K9NGM4-V V2
    AMD Athlon 64 X2 4600+(4GB RAM)
    NVIDIA GT218
    Acer P215H
    OpenSUSE Tumbleweed (64 Bit)

  4. #4
    Join Date
    Jun 2008
    Location
    Auckland, NZ
    Posts
    20,371
    Blog Entries
    1

    Default Re: Firewall blocking network scanner - is there a way out

    Quote Originally Posted by zenarcher View Post
    Thanks so much for this link!!! I've been trying to figure it out for ages....have just been running with the firewall off, due to the scanner. This info fixed the problem and the scanner is now working with the firewall active.
    Glad to have been of help.

  5. #5
    Join Date
    Jun 2008
    Location
    Miami, OK
    Posts
    64

    Default Re: Firewall blocking network scanner - is there a way out

    Quote Originally Posted by deano_ferrari View Post
    Glad to have been of help.
    And I saved the info as a text file....along with the many other wonderful tips I get here, so in the future, I don't have to try to search for them again!
    MSI K9NGM4-V V2
    AMD Athlon 64 X2 4600+(4GB RAM)
    NVIDIA GT218
    Acer P215H
    OpenSUSE Tumbleweed (64 Bit)

  6. #6

    Default Re: Firewall blocking network scanner - is there a way out

    Quote Originally Posted by deano_ferrari View Post
    If you're behind a router, and operating within your LAN, then the network interfaces really only need to be treated as internal interfaces, and thus behind the firewall. You must have yours configured as external. Port 5353 is used for Avahi (network discovery), and it is likely this port that needs to be opened to allow the discovery process. The response communication from the network scanner should not be impacted by the firewall, so don't worry about that.

    HPLIP has a page explaining what is required with respect to firewall configuration when needed
    http://hplipopensource.com/node/375
    Excellent advice. I did have the 5353 port open, but not the other bits. Thanks a lot.

  7. #7
    Join Date
    Jun 2008
    Location
    Auckland, NZ
    Posts
    20,371
    Blog Entries
    1

    Default Re: Firewall blocking network scanner - is there a way out

    Quote Originally Posted by u20380 View Post
    Excellent advice. I did have the 5353 port open, but not the other bits. Thanks a lot.
    Thanks or the update. Pass the knowledge along!

Tags for this Thread

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •