Bug 1285504 - LAN scan of Epson scanners does not play well with firewalld
LAN scan of Epson scanners does not play well with firewalld
Product: Fedora
Classification: Fedora
Component: sane-backends (Show other bugs)
Unspecified Unspecified
unspecified Severity unspecified
: ---
: ---
Assigned To: Nils Philippsen
Fedora Extras Quality Assurance
Depends On:
  Show dependency treegraph
Reported: 2015-11-25 14:17 EST by Lorenzo Pistone
Modified: 2016-07-19 14:32 EDT (History)
1 user (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Last Closed: 2016-07-19 14:32:00 EDT
Type: Bug
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)
Network dump of scan failure (393 bytes, application/octet-stream)
2015-11-25 14:17 EST, Lorenzo Pistone
no flags Details

  None (edit)
Description Lorenzo Pistone 2015-11-25 14:17:01 EST
Created attachment 1098940 [details]
Network dump of scan failure

Description of problem:
sane-backends-drivers-scanners pings the LAN with broadcast UDP packets port 3289 to look for EPSON scanners, then a TCP connection to port 1865 is initiated. Replies cannot get through because there is no rule in firewalld that can allow the incoming reply to discovery. I believe that writing a rule for such pattern is problematic, as it is not just as "opening" a port. Probably a conntrack helper is needed. The impact of this issue is that scanning with epson does not work out of the box, unlike other OSes.

Version-Release number of selected component (if applicable):
firewalld, sane-backends-drivers-scanners 1.0.25

How reproducible:

Steps to Reproduce:
1. Open wireshark, attach an epson scanner, filter for LAN traffic && (icmp || udp.port == 3289 || tcp.port == 1865)
2. Execute scanimage -L

Actual results:
scanimage -L fails with timeout

Expected results:
scanimage -L prints scanner info.

Additional info:
disabling firewalld fixes the issue.
Comment 1 Fedora End Of Life 2016-07-19 14:32:00 EDT
Fedora 22 changed to end-of-life (EOL) status on 2016-07-19. Fedora 22 is
no longer maintained, which means that it will not receive any further
security or bug fix updates. As a result we are closing this bug.

If you can reproduce this bug against a currently maintained version of
Fedora please feel free to reopen this bug against that version. If you
are unable to reopen this bug, please file a new report against the
current release. If you experience problems, please add a comment to this

Thank you for reporting this bug and we are sorry it could not be fixed.

Note You need to log in before you can comment on or make changes to this bug.