I can connect in a wireless way to my Canon Pixma TS6251 printer/scanner if I disable the firewall or if I perform the following steps:
make sure the printer/scanner gets assigned a fixed IP address by the router (192.168.2.159 in my case)
add the following rule to the firewall via the command line interface (note that ‘home’ is the active zone):
firewall-cmd --zone=home --add-rich-rule=‘rule family=“ip v4” source address=“192.168.2.159” accept’
Before I tried to use the GUI (via yast2 - Firewall) and opened ports but I could not get that working although I opened all ports mentioned in the documentation and recommended by various websites (80, 161, 427, 443, 515, 631, 8000, 8610-8612, 9100).
So now that I have the scanner/printer working, the question is how to find out which ports are being used and how to best insert/open them in the GUI of the firewall.
So now that I have the scanner/printer working, the question is how to find out which ports are being used and how to best insert/open them in the GUI of the firewall.
Refer to the following for that information
man pixma
Firewalling For Networked Scanners
The sane pixma backend communicates with port 8612 on the scanner. So you will have to allow outgoing traffic TO port 8612 on the common subnet for scanning.
Scanner detection is slightly more complicated. The pixma backend sends a broadcast on all direct connected subnets it can find (provided your OS allows for enumeration of all interfaces). The broadcast is sent FROM port 8612 TO port 8612 on the broadcast address of each interface. The outgoing packets will be allowed by the rule described above. Responses from the scanner are sent back to the computer TO port 8612. Connection tracking however does not see a match as the response does not come from the broadcast address but from the scanners own address. You will therefore have to allow incoming packets TO port 8612 on your computer.
So in short: open the firewall for all traffic from your computer to port 8612 AND to port 8612 to your computer.
With the firewall rules above there is no need to add the scanner to the pixma.conf file, unless the scanner is on a network that is not directly connected to your computer.
Dear Deano, thank you for your reply. Actually I had already tried to open those ports via the default firewall GUI (via yast2), but that did not allow me to connect to the printer/scanner.
EDIT: I just noticed the existence of another GUI for the firewall: firewall-config
That allows to enter rich rules and even set ports next to IP addresses. So that should solve the issue.
No firewall rules should be needed for printing (since it only involves solicited traffic), but the scanner operation requires port 8612 to be open for the reasons already outlined.
EDIT: I just noticed the existence of another GUI for the firewall: firewall-config
That allows to enter rich rules and even set ports next to IP addresses. So that should solve the issue.
Yes, it’s the graphical firewalld front-end (firewall-cmd is the CLI utility).
I think the OP was referring to the fact that they’d tried configuring via the YaST Firewall utility, and had only just become aware of the firewall-config GUI.