Hide Forgot
Description of problem: I cannot access my HP all-in-one networked scanner through xsane because the mdns firewall rule is too strict Version-Release number of selected component (if applicable): How reproducible: use a fresh install, setup a HP jetdirect connected scanner, startup xsane, cannot connect to scanner Steps to Reproduce: 1. see above 2. 3. Actual results: cannot connect Expected results: connect Additional info: the rule iptables -L -n -v --linenumbers: 4 52 3240 ACCEPT udp -- * * 0.0.0.0/0 224.0.0.251 state NEW udp dpt:5353 is too strict. removing the mdns port rule in system-config-firewall and also adding the custom port 5353/udp makes it work. this is because the printer/scanner answers on its unicast ip address, mdns port, so the mdns port must be allowed for all address (at least on the local LAN) Aug 1 21:41:35 stinkpad kernel: [82379.884937] IN=wlan0 OUT= MAC=00:19:d2:97:60:4b:00:1a:4b:2e:18:17:08:00 SRC=192.168.163.1 DST=192.168.180.11 LEN=70 TOS=0x00 PREC=0x00 TTL=0 ID=13989 PROTO=UDP SPT=5353 DPT=5353 LEN=50
> Version-Release number of selected component (if applicable): system-config-firewall.noarch 1.2.29-3.fc15
ping this also prevents users from discovering/adding network printers.... please bump the severity
Currently there is no way to specify that port 5353 is open for everyone on the local lan only. This will change as soon as firewalld with the zone model will be part of Fedora. But a second mDNS service entry is then needed to support bad devices.
Created attachment 524947 [details] mdns query of HP 2840 (unicast response) you're right, this is a bad device: it sends a unicast response while it should have send a multicast response I made a wireshark trace, attached. I've submitted a bug to HP (which I expect they will never fix) I would be nice though to be somehow able to allow this to work ;-)
To make this work for now, please open 5353/udp using "Other Ports". This will open up the port for everyone.
This message is a notice that Fedora 15 is now at end of life. Fedora has stopped maintaining and issuing updates for Fedora 15. It is Fedora's policy to close all bug reports from releases that are no longer maintained. At this time, all open bugs with a Fedora 'version' of '15' have been closed as WONTFIX. (Please note: Our normal process is to give advanced warning of this occurring, but we forgot to do that. A thousand apologies.) Package Maintainer: If you wish for this bug to remain open because you plan to fix it in a currently maintained version, feel free to reopen this bug and simply change the 'version' to a later Fedora version. Bug Reporter: Thank you for reporting this issue and we are sorry that we were unable to fix it before Fedora 15 reached end of life. If you would still like to see this bug fixed and are able to reproduce it against a later version of Fedora, you are encouraged to click on "Clone This Bug" (top right of this page) and open it against that version of Fedora. Although we aim to fix as many bugs as possible during every release's lifetime, sometimes those efforts are overtaken by events. Often a more recent Fedora release includes newer upstream software that fixes bugs or makes them obsolete. The process we are following is described here: http://fedoraproject.org/wiki/BugZappers/HouseKeeping