Hi. I guess this is more like a general Linux question.
How can I find out on my Fedora 25 what port I have to open up for a program to work?
I recently purchased a Multifunction Canon Printer TS5000 series. They use a propetary program for scanning images called ScangearMP .
When I execute scangearmp2 it cannot find the printer on the wireless network. If I drop the firewall, then scangearmp2 indeed finds the printer.
How can I find out what firewall ports scangear is trying to use? I tried netstat but the listing I saw was kind of large and did not immediately make sense to me.
Thanks for any help
Le 05/05/2017 à 17:06, Javier Perez a écrit :
Hi. I guess this is more like a general Linux question.
How can I find out on my Fedora 25 what port I have to open up for a program to work?
I recently purchased a Multifunction Canon Printer TS5000 series. They use a propetary program for scanning images called ScangearMP .
When I execute scangearmp2 it cannot find the printer on the wireless network. If I drop the firewall, then scangearmp2 indeed finds the printer.
How can I find out what firewall ports scangear is trying to use? I tried netstat but the listing I saw was kind of large and did not immediately make sense to me.
printer: ipp protocol port 631
You have a list of ports and associated devices/protocols in /etc/serveces
On Fri, 2017-05-05 at 17:17 +0200, François Patte wrote:
Le 05/05/2017 à 17:06, Javier Perez a écrit :
Hi. I guess this is more like a general Linux question.
How can I find out on my Fedora 25 what port I have to open up for a program to work?
I recently purchased a Multifunction Canon Printer TS5000 series. They use a propetary program for scanning images called ScangearMP .
When I execute scangearmp2 it cannot find the printer on the wireless network. If I drop the firewall, then scangearmp2 indeed finds the printer.
How can I find out what firewall ports scangear is trying to use? I tried netstat but the listing I saw was kind of large and did not immediately make sense to me.
printer: ipp protocol port 631
Not necessarily. I have a problem with a Brother multifunction which has worked for 3 years and now will print but not scan. See:
https://lists.fedoraproject.org/archives/list/users@lists.fedoraproject.org/...
I have also reported it to BZ:
https://bugzilla.redhat.com/show_bug.cgi?id=1444619
I agree it may be a firewall problem, but opening port 631 makes no difference whatever (and as I say, the print function was already working).
poc
On Fri, 2017-05-05 at 16:57 +0100, Patrick O'Callaghan wrote:
On Fri, 2017-05-05 at 17:17 +0200, François Patte wrote:
Le 05/05/2017 à 17:06, Javier Perez a écrit :
Hi. I guess this is more like a general Linux question.
How can I find out on my Fedora 25 what port I have to open up for a program to work?
I recently purchased a Multifunction Canon Printer TS5000 series. They use a propetary program for scanning images called ScangearMP .
When I execute scangearmp2 it cannot find the printer on the wireless network. If I drop the firewall, then scangearmp2 indeed finds the printer.
How can I find out what firewall ports scangear is trying to use? I tried netstat but the listing I saw was kind of large and did not immediately make sense to me.
printer: ipp protocol port 631
Not necessarily. I have a problem with a Brother multifunction which has worked for 3 years and now will print but not scan. See:
https://lists.fedoraproject.org/archives/list/users@lists.fedoraproje ct.org/thread/UU7A5X3FBHTXJPJVDXLTTCCIGYTS7CSI/#ENSCQUXN5RSIIH6EITGXN K7DVHBJDHVQ
I have also reported it to BZ:
https://bugzilla.redhat.com/show_bug.cgi?id=1444619
I agree it may be a firewall problem, but opening port 631 makes no difference whatever (and as I say, the print function was already working).
Scangear most likely uses port 8612 (open it for TCP + UDP). For details see man sane-pixma under firewalling. /Louis
On Fri, 2017-05-05 at 18:04 +0200, Louis Lagendijk wrote:
I agree it may be a firewall problem, but opening port 631 makes no difference whatever (and as I say, the print function was already working).
Scangear most likely uses port 8612 (open it for TCP + UDP). For details see man sane-pixma under firewalling.
Nope, that didn't work (mine is a Brother, so the OP's may be OK).
poc
On Fri, 2017-05-05 at 17:13 +0100, Patrick O'Callaghan wrote:
On Fri, 2017-05-05 at 18:04 +0200, Louis Lagendijk wrote:
I agree it may be a firewall problem, but opening port 631 makes no difference whatever (and as I say, the print function was already working).
Scangear most likely uses port 8612 (open it for TCP + UDP). For details see man sane-pixma under firewalling.
Nope, that didn't work (mine is a Brother, so the OP's may be OK).
To clarify: mine still doesn't work even with the firewall disabled, so the problem (in my case at least) lies elsewhere.
poc
On 05/05/2017 11:17 AM, François Patte wrote:
Le 05/05/2017 à 17:06, Javier Perez a écrit :
Hi. I guess this is more like a general Linux question.
How can I find out on my Fedora 25 what port I have to open up for a program to work?
I recently purchased a Multifunction Canon Printer TS5000 series. They use a propetary program for scanning images called ScangearMP .
When I execute scangearmp2 it cannot find the printer on the wireless network. If I drop the firewall, then scangearmp2 indeed finds the printer.
How can I find out what firewall ports scangear is trying to use? I tried netstat but the listing I saw was kind of large and did not immediately make sense to me.
printer: ipp protocol port 631
You have a list of ports and associated devices/protocols in /etc/serveces
Tried the command from root in pclos and got permission denied. I don't know what if any ports are in use for anything, but I figured I might find out. --doug
users mailing list -- users@lists.fedoraproject.org To unsubscribe send an email to users-leave@lists.fedoraproject.org
On 05/05/2017 09:19 AM, Doug wrote:
On 05/05/2017 11:17 AM, François Patte wrote:
Le 05/05/2017 à 17:06, Javier Perez a écrit :
Hi. I guess this is more like a general Linux question.
How can I find out on my Fedora 25 what port I have to open up for a program to work?
I recently purchased a Multifunction Canon Printer TS5000 series. They use a propetary program for scanning images called ScangearMP .
When I execute scangearmp2 it cannot find the printer on the wireless network. If I drop the firewall, then scangearmp2 indeed finds the printer.
How can I find out what firewall ports scangear is trying to use? I tried netstat but the listing I saw was kind of large and did not immediately make sense to me.
printer: ipp protocol port 631
You have a list of ports and associated devices/protocols in /etc/serveces
Tried the command from root in pclos and got permission denied. I don't know what if any ports are in use for anything, but I figured I might find out.
You could use tcpdump to watch network I/O. In a nutshell:
1. Stop the firewall
2. In a terminal window, run (as the root user):
tcpdump -n host <scanner-ip> (ideal if you know it)
or
tcpdump -n src host <host-ip> (if scanner's IP is unknown)
3. Run the scangearmp2 program and watch the output of the tcpdump command. You should be able to see what ports are being used via that method.
4. Restart the firewall and open the ports you discovered.
5. Try the scangearmp2 program again and see if it works.
That's a pretty general idea of a way to find port usage. ---------------------------------------------------------------------- - Rick Stevens, Systems Engineer, AllDigital ricks@alldigital.com - - AIM/Skype: therps2 ICQ: 226437340 Yahoo: origrps2 - - - - Always remember you're unique, just like everyone else. - ----------------------------------------------------------------------
On Fri, May 5, 2017 at 11:33 AM, Rick Stevens ricks@alldigital.com wrote:
On 05/05/2017 09:19 AM, Doug wrote:
You could use tcpdump to watch network I/O. In a nutshell:
1. Stop the firewall
2. In a terminal window, run (as the root user):
tcpdump -n host <scanner-ip> (ideal if you know it)
or
tcpdump -n src host <host-ip> (if scanner's IP is unknown)
3. Run the scangearmp2 program and watch the output of the tcpdump command. You should be able to see what ports are being used via that method.
4. Restart the firewall and open the ports you discovered.
5. Try the scangearmp2 program again and see if it works.
That's a pretty general idea of a way to find port usage. ---------------------------------------------------------------------- - Rick Stevens, Systems Engineer, AllDigital ricks@alldigital.com - - AIM/Skype: therps2 ICQ: 226437340 Yahoo: origrps2 - - - - Always remember you're unique, just like everyone else. - ----------------------------------------------------------------------
users mailing list -- users@lists.fedoraproject.org To unsubscribe send an email to users-leave@lists.fedoraproject.org
Thanks. Will try it tonight. I know the ip of the printer therefore it is the first method. I know definitely that it is a firewall problema because everything works with the firewall down.
JP
François Patte wrote:
You have a list of ports and associated devices/protocols in /etc/serveces
Doug:
Tried the command from root in pclos and got permission denied. I don't know what if any ports are in use for anything, but I figured I might find out.
I'm surprised that root couldn't read that. Or do you mean you tried to execute that? Rather than trying to read the contents of the file /etc/services
I've always found netstat to be handy at seeing what services are trying to do on my computer. For example:
netstat -antu
If you drop the "n" option, you'll see the names of things, rather than the numerical IP addresses and port numbers. For example:
netstat -atu
Stick a "p" option onto the list, and you'll see the actual program associated with the activity.
Either way, you'll see a bunch of lines with some having "LISTEN" as their status. Those are services listening to those ports, whether or not anything is successfully communicating with them at the time.
But before you blindly allow anything that's listening, do some research into the port numbers that you find listening. Just open the ones actually related to what you're trying to resolve.
On 05/05/2017 01:16 PM, Tim wrote:
François Patte wrote:
You have a list of ports and associated devices/protocols in /etc/serveces
Doug:
Tried the command from root in pclos and got permission denied. I don't know what if any ports are in use for anything, but I figured I might find out.
Yes, it dawned on me that it is a file, and I did open the file--a very big one! --doug
I'm surprised that root couldn't read that. Or do you mean you tried to execute that? Rather than trying to read the contents of the file /etc/services
I've always found netstat to be handy at seeing what services are trying to do on my computer. For example:
netstat -antu
If you drop the "n" option, you'll see the names of things, rather than the numerical IP addresses and port numbers. For example:
netstat -atu
Stick a "p" option onto the list, and you'll see the actual program associated with the activity.
Either way, you'll see a bunch of lines with some having "LISTEN" as their status. Those are services listening to those ports, whether or not anything is successfully communicating with them at the time.
But before you blindly allow anything that's listening, do some research into the port numbers that you find listening. Just open the ones actually related to what you're trying to resolve.
Tried with tcdump -n host printer_ip and opened up all the ports I could see on the dump. Did not work out.
Ended up accepting all the traffic from the printer IP on the firewall.
Now it works.
Thanks
JP
On Fri, May 5, 2017 at 1:19 PM, Doug dmcgarrett@optonline.net wrote:
On 05/05/2017 01:16 PM, Tim wrote:
François Patte wrote:
You have a list of ports and associated devices/protocols in
/etc/serveces
Doug:
Tried the command from root in pclos and got permission denied. I don't know what if any ports are in use for anything, but I figured I might find out.
Yes, it dawned on me that it is a file, and I did open the file--a very
big one! --doug
I'm surprised that root couldn't read that. Or do you mean you tried to execute that? Rather than trying to read the contents of the file /etc/services
I've always found netstat to be handy at seeing what services are trying to do on my computer. For example:
netstat -antu
If you drop the "n" option, you'll see the names of things, rather than the numerical IP addresses and port numbers. For example:
netstat -atu
Stick a "p" option onto the list, and you'll see the actual program associated with the activity.
Either way, you'll see a bunch of lines with some having "LISTEN" as their status. Those are services listening to those ports, whether or not anything is successfully communicating with them at the time.
But before you blindly allow anything that's listening, do some research into the port numbers that you find listening. Just open the ones actually related to what you're trying to resolve.
users mailing list -- users@lists.fedoraproject.org To unsubscribe send an email to users-leave@lists.fedoraproject.org
Allegedly, on or about 06 May 2017, Javier Perez sent:
Tried with tcdump -n host printer_ip and opened up all the ports I could see on the dump. Did not work out.
Just being cautious, but did you write the IP of the printer, or did you actually type in "tcdump -n host printer_ip"?
It ought to be something like: tcdump -n 192.168.1.20 (assuming that was the IP for your printer).
I'm not familiar with tcdump, but at the moment I'm wonder if it only shows successful traffic?
Ended up accepting all the traffic from the printer IP on the firewall.
Now it works.
That can come back to byte you (pun intended). If anything comes onto your network using that same IP, it's allowed through your firewall. If anything can hack your printer, and that's possible with wireless enabled devices, your printer can a trojan gateway into your network. If your printer gets assigned a different IP, one day, printing stops working.
I recently had to fight may through to getting printing working properly on Fedora 25 (or was it 24?), in essence I had to set the firewall to allow ipp client and server (allowing TCP and UDP data on port 631), had to remember to make those permanent settings. Had to set a CUPS admin option to show printers shared by other systems, I did that through its web interface http://localhost:631/. And I can't remember having to do anything (years ago, I may have also had to set a SELinux option about printing).
Allegedly, on or about 06 May 2017, Javier Perez sent:
Ended up accepting all the traffic from the printer IP on the firewall.
Now it works.
Forgot to add: Now that it works, do a check on what traffic is going to and from the device, and see if you can figure out which particular ports need to be allowed through the firewall.
On 05/06/2017 06:28 AM, Tim wrote:
Allegedly, on or about 06 May 2017, Javier Perez sent:
Ended up accepting all the traffic from the printer IP on the firewall.
Now it works.
Forgot to add: Now that it works, do a check on what traffic is going to and from the device, and see if you can figure out which particular ports need to be allowed through the firewall.
That shows that it was a firewalling problem the whole time.
Tim is absolutely correct. Firewall rules *must* be written to account for *both* traffic directions although one is typically less specific than the other.
The following rule will allow traffic returning from the printer:
# pedantic iptables --table filter --append INPUT --source <printer_IP> --match conntrack --ctstate ESTABLISHED --jump ACCEPT
# shorthand iptables -A INPUT -s printer_IP -m conntrack --ctstate EST -j ACCEPT
Hi Mike. I always knew it was a firewall problem. I just did not want to open the firewall to the whole ip address, specially given the fact that I was already printing without problem. But I was not able myself to find out what ports I had to open on the firewall to make it work (yet!).
I will keep trying to find out how the traffic goes with tcdump and wireshark Thanks for the suggestion!
On Sat, May 6, 2017 at 10:35 AM, Mike Wright nobody@nospam.hostisimo.com wrote:
On 05/06/2017 06:28 AM, Tim wrote:
Allegedly, on or about 06 May 2017, Javier Perez sent:
Ended up accepting all the traffic from the printer IP on the firewall.
Now it works.
Forgot to add: Now that it works, do a check on what traffic is going to and from the device, and see if you can figure out which particular ports need to be allowed through the firewall.
That shows that it was a firewalling problem the whole time.
Tim is absolutely correct. Firewall rules *must* be written to account for *both* traffic directions although one is typically less specific than the other.
The following rule will allow traffic returning from the printer:
# pedantic iptables --table filter --append INPUT --source <printer_IP> --match conntrack --ctstate ESTABLISHED --jump ACCEPT
# shorthand iptables -A INPUT -s printer_IP -m conntrack --ctstate EST -j ACCEPT _______________________________________________ users mailing list -- users@lists.fedoraproject.org To unsubscribe send an email to users-leave@lists.fedoraproject.org
On Fri, May 5, 2017 at 10:17 AM, François Patte < francois.patte@mi.parisdescartes.fr> wrote:
Le 05/05/2017 à 17:06, Javier Perez a écrit :
printer: ipp protocol port 631
You have a list of ports and associated devices/protocols in /etc/serveces
Not really. My problem is not printing, but scanning. I can print fine.
Thanks
-
Doug -
François Patte -
Javier Perez -
Louis Lagendijk -
Mike Wright -
Patrick O'Callaghan -
Rick Stevens -
Tim