Firewall rules to share scanner with sane? Rêgle du firewall pour partage de scanner avec sane?

,

:uk:/:us: Message template (english)

My YunoHost server

Hardware: Raspberry Pi at home
YunoHost version: 3.6.4.6
I have access to my server : Through SSH and through the webadmin |
Are you in a special context or did you perform some particular tweaking on your YunoHost instance ? : no

Description of my issue

Hello all,

I’m trying to share locally a scanner plugged to my raspi3 working with yunohost 3.6.4.6.
I have followed all the explanation here : https://wiki.debian.org/SaneOverNetwork
By the way, it is a canon LIDE 210 so fully supported by debian and sane without additional drivers. I’m also connected to the server directly by wifi using the hotspot wifi of yunohost.
It works on the server. I mean I can scan through ssh.
systemctl status saned.socket is OK
I can ping as explain my yunohost from my computer.
However, from my computer, neither
sudo -u saned sane-find-scanner
nor
sudo -u saned scanimage -L
are working.
xsane net:IPwith the IP of my local yunohost server is not working.
I’m thinking that I would need to add a rule to the firewall as explain here https://feeding.cloud.geek.nz/posts/setting-up-a-network-scanner-using-sane/
and then opening the appropriate ports on your firewall (typically /etc/network/iptables in Debian):

-A INPUT -s IP -p tcp --dport 6566 -j ACCEPT
-A INPUT -s IP -p udp -j ACCEPT

However, before doing so, I preferred to ask you as I think that the firewall is not managed by iptables…

I don’t want to open the port on Internet but only to the range of IP on my local wifi network. Open 6566 TCP & UDP port on Wifi-IP-server/24 :slight_smile:

What do you think?


:fr: Modèle de message (français)

Mon serveur YunoHost

Matériel: Raspberry Pi à la maison /
Version de YunoHost: 3.6.4.6
J’ai accès à mon serveur : En SSH et Par la webadmin
Êtes-vous dans un contexte particulier ou avez-vous effectué des modificiations particulières sur votre instance ? : non

Description du problème

Bonjour tout le monde,

J’essaye de partager mon scanner localement branché en USB à mon raspi3 qui tourne sous yunohost 3.6.4.6.
J’ai suivi le tutoriel suivant : https://wiki.debian.org/SaneOverNetwork
Au fait, il s’agit d’un Canon LIDE 210 complètement supporté par Debian et Sane sans pilotes additionnel nécessaire.
Je suis connecté à mon raspi3 en wifi via le hotspot wifi de yunohost.

Le scanner fonctionne sur le serveur en ssh.
systemctl status saned.socket fonctionne
Je peux envoyer un ping à mon yunohost depuis mon ordinateur comme expliqué dans le tutoriel.
Cependant, depuis mon ordinateur, les commandes suivantes ne répondent pas comme escompté.
sudo -u saned sane-find-scanner
ni
sudo -u saned scanimage -L

xsane net:IPavec l’IP local de mon yunohost ne fonctionne pas.
Je pense que c’est parce qu’il manque une rêgle dans le parfeu comme expliqué ici : https://feeding.cloud.geek.nz/posts/setting-up-a-network-scanner-using-sane/
and then opening the appropriate ports on your firewall (typically /etc/network/iptables in Debian):

-A INPUT -s IP -p tcp --dport 6566 -j ACCEPT
-A INPUT -s IP -p udp -j ACCEPT

Cependant, avant de toucher à ça, je préfèrr vous demander car il me semble que le parefeu n’est pas géré par iptables…

Je ne voudrais pas ouvrir le port à l’ensemble de l’Internet mais seulement aux block d’IP du wifi local. Open 6566 TCP & UDP port on Wifi-IP-server/24 :slight_smile:

Qu’en pensez-vous?

Yes, you should use yunohost firewall to do this (you can use --help to display the help about it and its actions). Basically you’re looking for something like yunohost firewall allow TCP -p 6566 (though really not sure about the exact syntax, you should double check it using the help)

Thank you. I’m just afraid that doing so the port 6566 will be widely open to all internet and not just for the IP range of my local wifi network 10.x.x.x/24

What do you think?

If you are on a local / private network (e.g. at home behind an internet box) then the port will only be exposed on the private network. For the port to be reachable from outside, you would need to configure port forwarding for it (except if UPnP is enabled on your router, or if you are in DMZ)

1 Like

thank you for reminding me that.

It works.
Well almost, the scanner works but nothing comes to my screen but that is not a network issue at least.
Thank you,

1 Like

This topic was automatically closed 15 days after the last reply. New replies are no longer allowed.