[sane-devel] iptables and saned network scanner / xinetd saned groups

Jelle de Jong jelledejong at powercraft.nl
Wed Sep 24 10:05:22 UTC 2008 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Jelle de Jong wrote:
> Dear list members,
> 
> This is my first email to this specific list, so let me say hello to you
> all and thank you for your work on the sane-project.
> 
> I am trying to build a saned network scanner. I figured out a lot of
> things on my own, but got stuck on the required secure iptable rules.
> 
> Would somebody be willing to take a look at my iptable setup and add the
> required setup rules? The system is in production, so it needs to be as
> secure as possible. I also attached my setup documentation with
> debugging info and the reported iptable denyal.
> 
> Any help would be appreciated,
> 
> Best regards,
> 
> Jelle de Jong

I finally fixed the actual issue, and documented everything extensively
(see attachment) I strongly advice the sane-project to update there
documentation.

The behind problem was that the 'groups = yes' option was not
documentation in man saned or the web pages. If this option is not given
xinetd will strip the scanner group and everything seems to be working
but the scaned process started by xinetd cant access the device ...

# IMPORTANT: add 'groups = yes' to the configuration, else xinetd strips
the scanner group and is unable to access the device!
# see -> man xinetd.conf

Thanks to everybody trying to help.

Kind regards,

Jelle de Jong
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iJwEAQECAAYFAkjaEOAACgkQ1WclBW9j5HkK/gP/Qb0SSVRvWN8uGqBCXyID5dTe
bpOzZjRGtZzMDOGjgtlgsDqkrwVrWpxFFdrcMzNiieT92ec/ZC9TZYtMd5LmbHu6
hgjOHg6DGRFcqCaAZ6JOfSwDSJOJM7k4ClLoI1SPMCQLo4NMoJB8JxwkBTykvdvf
paI0FW2FZfBps9jGNFI=
=V3Gc
-----END PGP SIGNATURE-----
-------------- next part --------------
An embedded and charset-unspecified text was scrubbed...
Name: saned-network-scanner.txt
Url: http://lists.alioth.debian.org/pipermail/sane-devel/attachments/20080924/e67a5e7f/attachment-0001.txt

More information about the sane-devel mailing list