I’m trying to get hp-setup to discover a HP printer on wifi on Leap 15.0. I’m quite sure it is a problem with the firewall, but I’m unable to track it down. The aim is to get Vuescan to work which use hp-setup to search for printers/scanners.
If I turn off the firewall hp-setup is able to find the printer using mDNS/Bonjour only. SLP and Avahi returns no results. If I turn on the firewall it cannot discover the printer.
Wireshark gives the following which doesn’t show up when the firewall is off:
ISMP: Destination unreachable (Host administratively prohibited) from 192.168.1.10 (the desktop) to 192.168.1.129 (the printer)
But I’m not sure if this is related to the problem.
I’ve tried to enable/disable the following on the firewall:
mdns
slp
UDP ports 5353 and 427
Same result. So what can I do to find the problem?
In the hp-setup Device Discovery window, click the Network radio button, then the Show Advanced Options bar, then the Manual Discovery button. Put the printer’s IP address in the field and click Next. This works on my system, and hopefully will on yours.
Regards,
Seems that when the default zone is used the interface is not visible. Anyway eth0 is now set, but still same problem. Tried both using services mdns and slp and open ports:
ojt@zappa:~> firewall-cmd --list-all --zone=home
home (active)
target: default
icmp-block-inversion: no
interfaces: eth0
sources:
services: ssh samba-client dhcpv6-client mdns slp
ports:
protocols:
masquerade: no
forward-ports:
source-ports:
icmp-blocks:
rich rules:
ojt@zappa:~> firewall-cmd --list-all --zone=home
home (active)
target: default
icmp-block-inversion: no
interfaces: eth0
sources:
services: ssh samba-client dhcpv6-client
ports: 5353/udp 427/udp
protocols:
masquerade: no
forward-ports:
source-ports:
icmp-blocks:
rich rules:
That’s because you’re using the home zone, so no interface assigned to the default (public) zone. There’s nothing wrong with using a different zone though.
As an experiment, you could try allowing all traffic from the IP address assigned to the HP device. For example, let’s assume 192.168.2.8…
Save active runtime configuration and overwrite permanent configuration with it. The way this is supposed to work is that when configuring firewalld you do runtime changes only and once you're happy with the configuration and you tested that it works the way you want, you save the configuration to disk.
Within a LAN environment (and usually behind a firewall) it is acceptable IMHO. With more analysis (eg wireshark), you could probably determine what ports are being used for communication, and then adjust the firewall appropriately, but life is short and I would consider this firewall rule a pragmatic option for a trusted host on the network.