Hi All,
I have been wrestling with the problem of getting my printers to work on OpenSuse Tumbleweed. I only installed it a couple of days ago so still finding my way around.
After a lot of searching in forums I finally tried turning my firewall off, and waddyaknow, I got them both working with a minimum of fuss. So my question now is; what do I have to set in my firewall config to allow the printers to work? And still have the firewall active.
When I open the firewall utility I see that the āhomeā zone (which makes the most sense for me, Iām the only one using this computer) the allowed services are dhcpv6-client, mdns, samba-client, and ssh. None of these, apparently, will let my PC talk to my Brother hl-l2305w laser printer or my Epson Expression 442 printer. Both are using ipp I believe, but when I put ipp in the home zone services it still wonāt print. These are the details.
ian@OpenSusian:~> sudo firewall-cmd --zone=home --list-all
home (active)
target: default
ingress-priority: 0
egress-priority: 0
icmp-block-inversion: no
interfaces: enp5s0
sources:
services: dhcpv6-client ipp ipp-client mdns
ports:
protocols:
forward: yes
masquerade: no
forward-ports:
source-ports:
icmp-blocks:
rich rules:
ian@OpenSusian:~>
Well that seems to have done it! A print that was waiting printed as soon as I added mdns.
Thanks!
;-) Ian
I thought Iād solved this problem with @deano_ferrari 's help, but now itās occurring again. Iāv had to completely reinstall OpenSuse since I posted this, so not sure if Iāve missed something else. Anyway, same problem, my printer wonāt print unless I disable the firewall.
Iām assuming thatās what the yast firewall gui does when I click āacceptā. Iāve restarted since making the changes too so it should all be there. But when I print a test page the status is shown as āunable to locate printerā
But if I turn off the firewall it prints immediately.
<30 minutes later>
So I did a bit of RTFMing and I think, even though I changed the zone in the yast firewall app to āhomeā, I think it wasnāt actually using that zone, but the default zone, āpublicā. So I changed the zone to public in the yast app (to associate it with esp5s0(?) ) , which is the default zone, and added ipp, ipp-client, and mdns to the public zone, and it now seems to be working. No idea what the yast app is doing (and very confusing to use I have to say, for us mere mortals who are not experts on firewalls and how they work) but it seems Iāve stumbled on the/a solution.
I donāt use the YaST app for firewall management, but in any case your firewall-cmd output showed the enp5s0 interface was assigned to the āhomeā zone. Maybe that wasnāt the interface that is connected to your LAN? Always good to check the relevant zones and interfaces first.
If it can help, I struggled with the same kind of issue on TW for a long time, and ultimately gave up on relying on the Yast firewall module since changes done there donāt seem to be persisted as they should.
I run a script like this one whenever I need to reinstall my system:
You probably wonāt need all of it, skip the first two blocks if not interested in casting to Google Home/TV devices, and in the third block keep only mdns (ipp can also be useful for printing, IIRC).
And definitely keep the last command.
BTW I wonder if Chromecast service in the firewall settings could be shipped by default in new opensuse installs. I found those two blocks somewhere on the web, but wouldāve been nice to find It pre-defined in the list of available fw servicesā¦
