Update README with full details
This is a complete overview of the process. Signed-off-by: David Beecher <dbeecher@tekops.com>
This commit is contained in:
parent
92a57e3256
commit
0c37e466a9
66
README.md
66
README.md
|
|
@ -1,3 +1,65 @@
|
|||
# VueScan-Mint-Firewall-Fix
|
||||
✅ Fixed: VueScan Can't Detect Brother Network Scanners on Linux Mint 22.1 — "ICMP admin prohibited filter" Solved
|
||||
|
||||
How I solved VueScan not detecting Brother network scanners behind firewalld (Linux Mint 22.1)
|
||||
Body:
|
||||
|
||||
# Solved: VueScan Cannot Detect Brother Network Scanners on Linux Mint 22.1 / Ubuntu 24.04
|
||||
|
||||
## ✅ TL;DR
|
||||
If VueScan doesn’t detect your Brother network scanners unless your firewall is disabled, the issue is likely caused by firewalld zone policies silently rejecting traffic.
|
||||
|
||||
**Fix:** Move your network interface into the `trusted` zone.
|
||||
|
||||
---
|
||||
|
||||
## 🔧 Background
|
||||
|
||||
- **OS:** Linux Mint 22.1 “Xia” (Ubuntu 24.04 base)
|
||||
- **Scanner:** Brother MFC and similar network models
|
||||
- **Software:** VueScan
|
||||
- **Firewall:** firewalld (nftables backend)
|
||||
|
||||
---
|
||||
|
||||
## 🐛 The Problem
|
||||
|
||||
Even with the correct ports open and Brother drivers installed, VueScan couldn’t see the scanner.
|
||||
|
||||
Running `tcpdump` showed:
|
||||
|
||||
ICMP host <hostname> unreachable - admin prohibited filter
|
||||
|
||||
|
||||
Despite:
|
||||
- Opening all documented Brother ports (UDP 54925, TCP 54926)
|
||||
- Adding direct rules, rich rules, and nftables manual rules
|
||||
|
||||
VueScan still couldn’t discover any scanners.
|
||||
|
||||
---
|
||||
|
||||
## 🧠 Root Cause
|
||||
|
||||
Firewalld’s zone chain system (e.g., `filter_OUTPUT_POLICIES`, `filter_OUT_home`) overrides direct rules unless placed in the exact right spot. Traffic was still being rejected in a deep subchain.
|
||||
|
||||
---
|
||||
|
||||
## ✅ The Fix
|
||||
|
||||
Move your interface to the trusted zone to allow discovery without disabling the firewall.
|
||||
|
||||
```bash
|
||||
sudo firewall-cmd --zone=trusted --change-interface=eno1 --permanent
|
||||
sudo firewall-cmd --reload
|
||||
|
||||
Replace eno1 with your actual network interface (use ip a to check)
|
||||
|
||||
Then verify:
|
||||
|
||||
sudo firewall-cmd --get-active-zones
|
||||
|
||||
🎉 Result
|
||||
|
||||
VueScan now detects all Brother scanners on the network — no reboots required.
|
||||
🔐 Security Note
|
||||
|
||||
This is safe if you're on a trusted home network behind a router. If you need more fine-grained access, you can create a custom firewalld zone to only allow specific IPs and ports.
|
||||
Loading…
Reference in New Issue