[sane-devel] iptables and saned network scanner
Jelle de Jong
jelledejong at powercraft.nl
Wed Sep 24 08:52:05 UTC 2008
Jelle de Jong wrote:
> Julien BLACHE wrote:
>> Jelle de Jong <jelledejong at powercraft.nl> wrote:
>>
>> Hi,
>>
>>> I am trying to build a saned network scanner. I figured out a lot of
>>> things on my own, but got stuck on the required secure iptable rules.
>> You need connection tracking for the SANE network protocol as provided
>> by CONFIG_NF_CONNTRACK_SANE in recent 2.6 kernels.
>>
>> JB.
>>
>
> Thank you Julien for you quick reply,
>
> I changed my kernel to a stock debian lenny kernel that support the
> conntrack sane modules.
>
> I updated my firewall configuration, but I still got the message the
> ports are being blocked. I included more information as the mail attachment.
>
> How can I get the saned network scanner securely working?
>
> All help is appreciated.
>
> Kind regards,
>
> Jelle
>
Due to the great tip of Allan to check if saned was working if I brought
down the firewall, I got a bit further in my debugging.
So I took down the firewall and tried to access the scanner on my
client. It still did not work while I could not find any alarming things
in my logs.
I started the debug command to check things and now everything was
working. I have no idea what is wrong here... I guess it is something in
xinetd and the saned connecting but how could one debug such thing?
Please see my attachment for more information and specific command outputs.
Any help is appreciated,
ps. I am not trying to create a outside acceptable network scanner, it
is for local lan usage.
Best regards,
Jelle
-------------- next part --------------
An embedded and charset-unspecified text was scrubbed...
Name: saned-network-scanner.txt
Url: http://lists.alioth.debian.org/pipermail/sane-devel/attachments/20080924/57b57151/attachment-0001.txt
More information about the sane-devel
mailing list