Hello, I'm trying to use my Epson XP-200 printer/scanner with OpenSUSE Tumblweed.
- /etc/sane.d/dll.conf has the "epson2" line uncommented.
- /etc/sane.d/epson2.conf has "net autodiscovery" as its last line
- My user is part of the "lp" group, which seems to be required for finding printers/scanners
If I disable the firewall completely (using YaST2 firewall program), it works -- the Skanlite software detects my scanner and connects to it. With the firewall enabled, however, Skanlite says SANE cannot find any scanners. I have tried allowing TCP and UDP ports 8610, 8612 (based on suggestions from https://wiki.debian.org/SaneOverNetwork), and 631 (for CUPS) in the "public" zone, and added the "sane" service to "Allowed" services (didn't see a "cups" service option), but Skanlite still says SANE cannot find the scanner.
Is there a way for "net autodiscovery" to work without completely disabling my firewall? What ports/services should I allow? It seems the alternative is to manually specify the printer's IP address in /etc/sane.d/epson2.conf instead of "net autodiscovery", but I would prefer to not hardcode this.
Thank you in advance for any suggestions!
EDIT: Based on suggestions below, I turned on firewall logging with the instructions https://www.cyberciti.biz/faq/enable-firewalld-logging-for-denied-packets-on-linux/):
- sudo vi /etc/firewalld/firewalld.conf
- Set LogDenied=all
- sudo firewall-cmd --reload
To find lines related to my printer (known to be at 192.168.1.57):
- dmseg | grep 192.168.1.57
Here is a sample of the output (192.168.1.105 is my OpenSUSE computer):
[30974.673679] filter_IN_public_REJECT: IN=wlp0s20f0u3 OUT= MAC= SRC=192.168.1.57 DST=192.168.1.105 LEN=104 TOS=0x00 PREC=0x00 TTL=30 ID=37923 PROTO=UDP SPT=3289 DPT=48375 LEN=84 MARK=0x3214
[30976.299712] filter_IN_public_REJECT: IN=wlp0s20f0u3 OUT= MAC= SRC=192.168.1.57 DST=192.168.1.105 LEN=104 TOS=0x00 PREC=0x00 TTL=30 ID=37924 PROTO=UDP SPT=3289 DPT=52415 LEN=84 MARK=0x3214
[31139.093164] filter_IN_public_REJECT: IN=wlp0s20f0u3 OUT= MAC= SRC=192.168.1.57 DST=192.168.1.105 LEN=104 TOS=0x00 PREC=0x00 TTL=30 ID=38084 PROTO=UDP SPT=3289 DPT=46833 LEN=84 MARK=0x3214
Looks like 3289 UDP is the port of interest, and it shows up on an EPSON website (https://epson.com/faq/SPT_C11CG18201~faq-0000525-shared?faq_cat=faq-8796127635532). I tried adding it to "public" and "home" zones and it still doesn't work. Is there a different zone I should be using?
Surely your firewall has an audit log for denied traffic.
Or, turn off the firewall and run Wireshark while you print something.