Hello, I’m trying to use my Epson XP-200 printer/scanner with OpenSUSE Tumblweed.

  • /etc/sane.d/dll.conf has the “epson2” line uncommented.
  • /etc/sane.d/epson2.conf has “net autodiscovery” as its last line
  • My user is part of the “lp” group, which seems to be required for finding printers/scanners

If I disable the firewall completely (using YaST2 firewall program), it works – the Skanlite software detects my scanner and connects to it. With the firewall enabled, however, Skanlite says SANE cannot find any scanners. I have tried allowing TCP and UDP ports 8610, 8612 (based on suggestions from https://wiki.debian.org/SaneOverNetwork), and 631 (for CUPS) in the “public” zone, and added the “sane” service to “Allowed” services (didn’t see a “cups” service option), but Skanlite still says SANE cannot find the scanner.

Is there a way for “net autodiscovery” to work without completely disabling my firewall? What ports/services should I allow? It seems the alternative is to manually specify the printer’s IP address in /etc/sane.d/epson2.conf instead of “net autodiscovery”, but I would prefer to not hardcode this.

Thank you in advance for any suggestions!

EDIT: Based on suggestions below, I turned on firewall logging with the instructions https://www.cyberciti.biz/faq/enable-firewalld-logging-for-denied-packets-on-linux/):

  • sudo vi /etc/firewalld/firewalld.conf
  • Set LogDenied=all
  • sudo firewall-cmd --reload

To find lines related to my printer (known to be at 192.168.1.57):

  • dmseg | grep 192.168.1.57

Here is a sample of the output (192.168.1.105 is my OpenSUSE computer):

[30974.673679] filter_IN_public_REJECT: IN=wlp0s20f0u3 OUT= MAC= SRC=192.168.1.57 DST=192.168.1.105 LEN=104 TOS=0x00 PREC=0x00 TTL=30 ID=37923 PROTO=UDP SPT=3289 DPT=48375 LEN=84 MARK=0x3214

[30976.299712] filter_IN_public_REJECT: IN=wlp0s20f0u3 OUT= MAC= SRC=192.168.1.57 DST=192.168.1.105 LEN=104 TOS=0x00 PREC=0x00 TTL=30 ID=37924 PROTO=UDP SPT=3289 DPT=52415 LEN=84 MARK=0x3214

[31139.093164] filter_IN_public_REJECT: IN=wlp0s20f0u3 OUT= MAC= SRC=192.168.1.57 DST=192.168.1.105 LEN=104 TOS=0x00 PREC=0x00 TTL=30 ID=38084 PROTO=UDP SPT=3289 DPT=46833 LEN=84 MARK=0x3214

Looks like 3289 UDP is the port of interest, and it shows up on an EPSON website (https://epson.com/faq/SPT_C11CG18201~faq-0000525-shared?faq_cat=faq-8796127635532). I tried adding it to “public” and “home” zones and it still doesn’t work. Is there a different zone I should be using?

  • SheeEttin@programming.dev
    link
    fedilink
    English
    arrow-up
    3
    ·
    9 months ago

    Surely your firewall has an audit log for denied traffic.

    Or, turn off the firewall and run Wireshark while you print something.

    • iggames@lemmy.worldOP
      link
      fedilink
      arrow-up
      2
      ·
      9 months ago

      Added “mdns” service to allowed list for public zone, still get the SANE error. (Previously added 5353 UDP per another suggestion – sounds like this is the port for mDNS)

  • lemmyvore@feddit.nl
    link
    fedilink
    English
    arrow-up
    1
    ·
    9 months ago

    Are you using Avahi for the auto discovery? If so you need to open port 5353 UDP.

    • iggames@lemmy.worldOP
      link
      fedilink
      arrow-up
      1
      ·
      9 months ago

      No change with allowing 5353 UDP through the firewall, unfortunately. But thank you for the suggestion!

      • lemmyvore@feddit.nl
        link
        fedilink
        English
        arrow-up
        1
        ·
        9 months ago

        You may also need to allow multicast. Look into it a bit more.

        You can also enable debugging on the firewall and see what exactly gets blocked.

        • iggames@lemmy.worldOP
          link
          fedilink
          arrow-up
          1
          ·
          9 months ago

          Added some info to the post. Firewall is blocking 3289 UDP from my printer, so I added 3289 UDP to open ports for “home”, “public”, and “internal” zones. However, I’m still seeing filter_IN_public_REJECT entries in dmesg, so it seems the firewall is still blocking these. Is there a different way I should be telling it to allow requests on this port?

          Firewall also allows mdns service (again, in “home”, “public”, and “internal” zones), but I also see entries like this:

          [41951.119486] filter_IN_public_REJECT: IN=wlp0s20f0u3 OUT= MAC= SRC=192.168.1.1 DST=224.0.0.1 LEN=36 TOS=0x00 PREC=0x00 TTL=1 ID=10725 DF PROTO=2 MARK=0x3214

          It sounds like 224.0.0.1 is related to mdns broadcasts, so it seems firewall is also still blocking these (despite mdns being allowed service).

          Am I specifying these in the wrong place? (Per Connections - System Settings, my wifi is in Firewall zone “home”).