Cannot use scanner with firewall enabled
Forum rules
Before you post read how to get help. Topics in this forum are automatically closed 6 months after creation.
Before you post read how to get help. Topics in this forum are automatically closed 6 months after creation.
Cannot use scanner with firewall enabled
I dunno, do I need firewall enabled for everyday work in my home?
Anyway, currently I have gufw set to Deny incoming, Allow outgoing. This causes no troubles for most part... except one thing.
I cannot use my scanner unless I connect it to my laptop with a USB cable.
Whenever gufw is enabled and the scanner is not connected to my laptop with a USB cable, SimpleScan gives me the error that "No scanners detected. Please check your scanner is connected and powered on.". However, whenever gufw is disabled, I can easily scan even if I don't connect the scanner to my laptop with a usb cable and Simple Scan gives me no errors.
As a result, whenever I need to scan something, I first open gufw, enter the administrator password, disable firewall, scan, enable firewall. This is tedious. Are all these steps really necessary?
Would it be a good idea to simply disable firewall at all and work without it enabled?
Would it be a better idea to add some rules to enable scanning without having to disable firewall each time? What rules should I add?
If this matters, the device is Epson L365 multi-function printer. I downloaded the necessary Linux drivers from here.
Anyway, currently I have gufw set to Deny incoming, Allow outgoing. This causes no troubles for most part... except one thing.
I cannot use my scanner unless I connect it to my laptop with a USB cable.
Whenever gufw is enabled and the scanner is not connected to my laptop with a USB cable, SimpleScan gives me the error that "No scanners detected. Please check your scanner is connected and powered on.". However, whenever gufw is disabled, I can easily scan even if I don't connect the scanner to my laptop with a usb cable and Simple Scan gives me no errors.
As a result, whenever I need to scan something, I first open gufw, enter the administrator password, disable firewall, scan, enable firewall. This is tedious. Are all these steps really necessary?
Would it be a good idea to simply disable firewall at all and work without it enabled?
Would it be a better idea to add some rules to enable scanning without having to disable firewall each time? What rules should I add?
If this matters, the device is Epson L365 multi-function printer. I downloaded the necessary Linux drivers from here.
Last edited by LockBot on Wed Dec 28, 2022 7:16 am, edited 1 time in total.
Reason: Topic automatically closed 6 months after creation. New replies are no longer allowed.
Reason: Topic automatically closed 6 months after creation. New replies are no longer allowed.
- JoeFootball
- Level 13
- Posts: 4673
- Joined: Tue Nov 24, 2009 1:52 pm
- Location: /home/usa/mn/minneapolis/joe
Re: Cannot use scanner with firewall enabled
Yes.kmph wrote:Would it be a better idea to add some rules to enable scanning without having to disable firewall each time?
Joe
Re: Cannot use scanner with firewall enabled
Yes, you need to put a rule in allowing scanner access. You may need the IP address. I'm sort of surprised the printer works without a rule also.
Easy tips : https://easylinuxtipsproject.blogspot.com/ Pjotr's Great Linux projects page.
Linux Mint Installation Guide: http://linuxmint-installation-guide.rea ... en/latest/
Registered Linux User #462608
Linux Mint Installation Guide: http://linuxmint-installation-guide.rea ... en/latest/
Registered Linux User #462608
-
- Level 1
- Posts: 39
- Joined: Wed Aug 24, 2016 3:21 pm
- Location: España
Re: Cannot use scanner with firewall enabled
I had some similar problems with my Epson scanner some months ago. You can read the workaround at the end of the post.
viewtopic.php?f=51&t=228387
viewtopic.php?f=51&t=228387
Re: Cannot use scanner with firewall enabled
And what rule should I put?
How do I know which port should I allow?
How do I know which IP address should I allow?
I made the printer print out its wireless network info. Let me post excerpts from what the printer spitted out:
I don't understand all of this, but the way I get it (correct me if I'm wrong), this means that the router assigns IPv4 address to the printer dynamically (randomly?), and the printer asks the router to be assigned IPv6 address; but either way, I cannot trust that these addresses don't change in time and especially not in between nights, where both printer and router are being switched off.
Either address I configure ufw to allow it is likely to soon become obsolete, is this correct?
So could I kindly ask, how should I configure my firewall?
PS. As strange as it may be, printing works fine, whether firewall is on or off.
How do I know which port should I allow?
How do I know which IP address should I allow?
I made the printer print out its wireless network info. Let me post excerpts from what the printer spitted out:
Code: Select all
<TCP/IP IPv4>
IPV4 Enable
Obtain IP Address Auto(DHCP)
IP Address 192.168.blah.blah
<TCP/IP IPv6>
IPv6 Enable
IP Address blah:blah:blah:blah:blah:blah:blah:blah/64 (Stateless)
fe80::blah:blah:blah:blah (Link Local)
Either address I configure ufw to allow it is likely to soon become obsolete, is this correct?
So could I kindly ask, how should I configure my firewall?
PS. As strange as it may be, printing works fine, whether firewall is on or off.
Re: Cannot use scanner with firewall enabled
Oops, sorry arrababiski, you posted your answer while I was typing my reply, let me read what is under your link now.
Re: Cannot use scanner with firewall enabled
These are the rules that works here
sudo ufw allow to 192.168.xxx.x
sudo ufw allow from 192.168.xxx.x
Everything in life was difficult before it became easy.
Re: Cannot use scanner with firewall enabled
Many thanks all41! I'll try your rules in a second.
Since arrababiski posted his link:
But, but... Does this mean that I'm essentially allowing everything on local network, so from now on I'll have to be very careful never to connect my laptop to any WiFi network other than the one of my home? In particular, it'll be a bad idea to connect to the WiFi network of my university?
Since arrababiski posted his link:
May I have one more question? From the post arrababiski linked to:
Is this better or worse than simply allowing everything on local network? Not sure if this is relevant here, but from man 8 saned:chris2370 wrote: ⤴Wed Jul 26, 2017 11:07 am Step 1
sudo nano /etc/default/ufw
FIND:
IPT_MODULES="nf_conntrack_ftp nf_nat_ftp nf_conntrack_netbios_ns"
REPLACE WITH:
IPT_MODULES="nf_conntrack_ftp nf_nat_ftp nf_conntrack_netbios_ns nf_conntrack_sane"
Save file
Step 2
sudo nano /etc/ufw/sysctl.conf
FIND:
net/ipv4/tcp_syncookies=0
REPLACE WITH:
net/ipv4/tcp_syncookies=1
I'm sorry for there questions, as it is obvious I'm pretty oblivious when it comes to basic security practices, on account on me not being an evil hacker... And for obvious reasons, when it comes to security, I prefer to first ask rather than try things and see if they work.First and foremost: saned is not intended to be exposed to the internet or other non-trusted networks. Make sure that access is limited by tcpwrappers
and/or a firewall setup. Don't depend only on saned's own authentication. Don't run saned as root if it's not necessary. And do not install saned as setuid
root.
Re: Cannot use scanner with firewall enabled
@kmph
Use the printer address listed on your router page for connected devices. Your router will have a unique address assigned to your printer,
such as for example only 192.168.256.1
Substitute for the xxx.x using your printers actual address.But, but... Does this mean that I'm essentially allowing everything on local network, so from now on I'll have to be very careful never to connect my laptop to any WiFi network other than the one of my home? In particular, it'll be a bad idea to connect to the WiFi network of my university?
Use the printer address listed on your router page for connected devices. Your router will have a unique address assigned to your printer,
such as for example only 192.168.256.1
Everything in life was difficult before it became easy.
Re: Cannot use scanner with firewall enabled
One thing that you may also want to do is set a static ip address for your printer. Having a printer on DHCP is not good, because it may assign a new address any time you turn off or add a new piece of hardware to your network. This could be any other device. Set a static IP address out side the normal range say xxx.x.x.50 Where
x represent the ip address # used on your system such as 162.168.0.50 or as on mine it's 10.0.0.250. then write the rule with the new address.
The static address will have to be set on the printer in question. Look and the printer documentation to see how it's done on yours.
x represent the ip address # used on your system such as 162.168.0.50 or as on mine it's 10.0.0.250. then write the rule with the new address.
The static address will have to be set on the printer in question. Look and the printer documentation to see how it's done on yours.
Easy tips : https://easylinuxtipsproject.blogspot.com/ Pjotr's Great Linux projects page.
Linux Mint Installation Guide: http://linuxmint-installation-guide.rea ... en/latest/
Registered Linux User #462608
Linux Mint Installation Guide: http://linuxmint-installation-guide.rea ... en/latest/
Registered Linux User #462608