On 01/11/2014 11:08 AM, Jorge Fábregas wrote:
On 01/11/2014 02:45 PM, Sherman Grunewagen wrote:[root@neuron ~]# firewall-cmd --list-all public (default, active) interfaces: em1 sources: services: mdns ssh ports: masquerade: no forward-ports: icmp-blocks: rich rules:All right. This confirms that you're using the default zone called "public" and that indeed you have mdns enabled for that zone so I'm not sure why isn't working. You could install tcpdump and try to capture a few seconds while you try to access the scanner. This way you could see the traffic that is originating from your scanner (and that your firewall may be blocking). You could do this by: yum install tcpdump tcpdump -i em1 src IP-OF-YOUR-PRINTER I recognize this is kind of advanced stuff if you're not familiar with networking protocols so perhaps an easier way would be to white-list the ip address of your printer/scanner so that, any traffic coming from it, your firewall would allow it.
I'm know almost nothing about network protocols, but I can follow instructions. :-) I've posted the output of two invocations of tcpdump at: http://ur1.ca/ge1i9 In the 1st invocation I used the scanner IP number; in the 2nd the IP name. (For some reason, the lines before C-c are different.) For each invocation, I started tcpdump, then started vuescan (which failed to see the scanner), then quit vuescan, then C-c-ed out of tcpdump. I would enjoy learning what the output means.
If you trust your printer not to "hack" :) your computer you could do this: firewall-cmd --add-rich-rule 'rule family="ipv4" source address="IP-OF-YOUR-PRINTER" accept' Try it. If that works then make the above rule permanent with: firewall-cmd --permanent --add-rich-rule 'rule family="ipv4" source address="IP-OF-YOUR-RINTER" accept' Please let us know if it works.
I tried the temporary change and it worked. If you have the time I would appreciate learning how to make the more fine-tuned changes in the firewall. O'wise I'll make the change permanent. Question: In my original message, I mentioned that I was seeing lines like ACCEPT udp -- anywhere 224.0.0.251 udp dpt:mdns ctstate NEW in the output of `iptables -L'. One of these was in the "Chain IN_public_allow (1 references)" By goofing around in the firewall-config interface I was able to change the 224.0.0.251 to "anywhere". But that didn't let the scanner through. Would you please explain why? Thanks. Sherman -- users mailing list users@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe or change subscription options: https://admin.fedoraproject.org/mailman/listinfo/users Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines Have a question? Ask away: http://ask.fedoraproject.org
