Hello, I’m trying to use my Epson XP-200 printer/scanner with OpenSUSE Tumblweed.

  • /etc/sane.d/dll.conf has the “epson2” line uncommented.
  • /etc/sane.d/epson2.conf has “net autodiscovery” as its last line
  • My user is part of the “lp” group, which seems to be required for finding printers/scanners

If I disable the firewall completely (using YaST2 firewall program), it works – the Skanlite software detects my scanner and connects to it. With the firewall enabled, however, Skanlite says SANE cannot find any scanners. I have tried allowing TCP and UDP ports 8610, 8612 (based on suggestions from https://wiki.debian.org/SaneOverNetwork), and 631 (for CUPS) in the “public” zone, and added the “sane” service to “Allowed” services (didn’t see a “cups” service option), but Skanlite still says SANE cannot find the scanner.

Is there a way for “net autodiscovery” to work without completely disabling my firewall? What ports/services should I allow? It seems the alternative is to manually specify the printer’s IP address in /etc/sane.d/epson2.conf instead of “net autodiscovery”, but I would prefer to not hardcode this.

Thank you in advance for any suggestions!

EDIT: Based on suggestions below, I turned on firewall logging with the instructions https://www.cyberciti.biz/faq/enable-firewalld-logging-for-denied-packets-on-linux/):

  • sudo vi /etc/firewalld/firewalld.conf
  • Set LogDenied=all
  • sudo firewall-cmd --reload

To find lines related to my printer (known to be at 192.168.1.57):

  • dmseg | grep 192.168.1.57

Here is a sample of the output (192.168.1.105 is my OpenSUSE computer):

[30974.673679] filter_IN_public_REJECT: IN=wlp0s20f0u3 OUT= MAC= SRC=192.168.1.57 DST=192.168.1.105 LEN=104 TOS=0x00 PREC=0x00 TTL=30 ID=37923 PROTO=UDP SPT=3289 DPT=48375 LEN=84 MARK=0x3214

[30976.299712] filter_IN_public_REJECT: IN=wlp0s20f0u3 OUT= MAC= SRC=192.168.1.57 DST=192.168.1.105 LEN=104 TOS=0x00 PREC=0x00 TTL=30 ID=37924 PROTO=UDP SPT=3289 DPT=52415 LEN=84 MARK=0x3214

[31139.093164] filter_IN_public_REJECT: IN=wlp0s20f0u3 OUT= MAC= SRC=192.168.1.57 DST=192.168.1.105 LEN=104 TOS=0x00 PREC=0x00 TTL=30 ID=38084 PROTO=UDP SPT=3289 DPT=46833 LEN=84 MARK=0x3214

Looks like 3289 UDP is the port of interest, and it shows up on an EPSON website (https://epson.com/faq/SPT_C11CG18201~faq-0000525-shared?faq_cat=faq-8796127635532). I tried adding it to “public” and “home” zones and it still doesn’t work. Is there a different zone I should be using?

  • iggames@lemmy.worldOP
    link
    fedilink
    arrow-up
    1
    ·
    10 months ago

    No change with allowing 5353 UDP through the firewall, unfortunately. But thank you for the suggestion!

    • lemmyvore@feddit.nl
      link
      fedilink
      English
      arrow-up
      1
      ·
      10 months ago

      You may also need to allow multicast. Look into it a bit more.

      You can also enable debugging on the firewall and see what exactly gets blocked.

      • iggames@lemmy.worldOP
        link
        fedilink
        arrow-up
        1
        ·
        10 months ago

        Added some info to the post. Firewall is blocking 3289 UDP from my printer, so I added 3289 UDP to open ports for “home”, “public”, and “internal” zones. However, I’m still seeing filter_IN_public_REJECT entries in dmesg, so it seems the firewall is still blocking these. Is there a different way I should be telling it to allow requests on this port?

        Firewall also allows mdns service (again, in “home”, “public”, and “internal” zones), but I also see entries like this:

        [41951.119486] filter_IN_public_REJECT: IN=wlp0s20f0u3 OUT= MAC= SRC=192.168.1.1 DST=224.0.0.1 LEN=36 TOS=0x00 PREC=0x00 TTL=1 ID=10725 DF PROTO=2 MARK=0x3214

        It sounds like 224.0.0.1 is related to mdns broadcasts, so it seems firewall is also still blocking these (despite mdns being allowed service).

        Am I specifying these in the wrong place? (Per Connections - System Settings, my wifi is in Firewall zone “home”).