I found that the firewall in LEAP 15.0 (firewalld) was blocking connection to a wifi connected printer on the LAN provided by our domestic router.
I got it working again by adding the ‘mDNS’ service to the default ‘public’ zone.
N.B. the ‘difficult’ firewall configuration GUI doesn’t include any obvious ‘Accept’ or ‘Activate’ for changes, you just check a box next to the required service and ‘Changes applied’ appears in the notification area; this may happen for each checked box, but it’s not obvious.(I think this what is meant by ‘dynamically managed’ https://en.opensuse.org/Firewalld ).
I was lead to this via https://www.cups.org/doc/network.html, which states “Most network printers support a protocol known as Bonjour, which is a combination of zero-configuration networking (“ZeroConf”), multicast DNS (mDNS), and DNS service discovery (DNS-SD) standards published by the Internet Engineering Task Force (IETF), the same group that defined TCP/IP and all of the networking we use today.” I tried printing with the DNS service checked in the firewall GUI, and then mDNS
Yes, DNS-SD is used to ‘discover’ network-attached printers, which aids in the CUPS configuration process, but it’s not essential if you know the IP address of a given printer (or some other hostname resolution mechanism is in place).
Keep in mind also that there are many ways to set up a Printer, and using different protocols.
You’ve identified one way which is largely supported by Apple networks (and adopted by others).
Another way to open up the necessary ports is to evaluate your networking and appropriate security…
By default, your openSUSE sets up your firewall to be secure in a public network like a library or coffee shop, but if you are in your home network and your security blocks unauthorized Users, you can change your firewall settings to something more permissive like “trusted” or “internal” and if you leave your network (eg your machine is a laptop) you can go back to using the “public” zone.
The firewall setting should change anyway if you leave your home network, the port(s) you opened in yoru Public zone to support Bonjour should be closed if you leave your home network.
@deano - yup, but if you’re looking to let the printer wizard detect available local networked printers, and don’t have the tech savvy (or patience) to go looking for arcane IP addresses, then enabling mDNS seems to be a good first step.
@tsu2 - indeed, there are many options: that’s why I linked the reference to mDNS being popular/prevalent. I did this because I find the firewalld config to be unintuitive and infuriatingly complex, and the documentation impenetrably unhelpful. Have the authors not heard of the Plain English Campaign?
Sometimes I wonder if Linux is actually a nefarious plot to tie intelligent free-thinking idealists up in so much configuration overhead as to prevent them from overthrowing the capitalist machine…
I’ve found the firewalld documentation to be comprehensive and reasonably well-written, and the graphical interface is ok to use as well. As with most things technical, some time and effort may be needed, and as tsu2 mentioned there are a choice of zones available (eg home and internal have mdns enabled by default). Public is usually configured by default, and to me that is a sensible place to start from. The zones can then be configured as you like.
Sometimes I wonder if Linux is actually a nefarious plot to tie intelligent free-thinking idealists up in so much configuration overhead as to prevent them from overthrowing the capitalist machine…
Don’t over-think it. I know some who think M$ likes to obfuscate things to keep the enterprise IT industry alive.
Is why I suggested applying a different zone…
If you do this, there is no need to research and open/close ports and services manually, the pre-configured zones can do this for you without requiring detailed knowledge what is happening.
@deano/@tsu2:: I don’t want to get into an argument here, but we might have different ideas about good documentation. If you’re referring to this, this,and this, then I invite you to see how far you get with the GUI using just the information available from these links. I read these, and then created this post specifically because I wanted to highlight some key elements missing from the documentation, and present a quick guide to how to achieve something seemingly straightforward.
Picking up on the point about switching zones, which I agree is probably the better approach, yesterday, <connection> , Change Zone, resulted in no change in the GUI, and it required firewalld to be restarted to activate a change of zone - today, the connection’s zone changes in the GUI. I’m not aware of any updates having been applied today.
Picking up on the point about switching zones, which I agree is probably the better approach, yesterday, <connection> , Change Zone, resulted in no change in the GUI, and it required firewalld to be restarted to activate a change of zone - today, the connection’s zone changes in the GUI. I’m not aware of any updates having been applied today.
Hey thanks a lot for that tip. I just installed my brand-spankin’ new Epson XP-4200 on my Opensuse 15.4 laptop going wireless. It could not discover the printer nor print without "mDNS’ being added as a service. The Epson Printer Utility still can’t see the printer with the firewall on, but I guess I will live with it.
