Update README with full details
This is a complete overview of the process. Signed-off-by: David Beecher <dbeecher@tekops.com>
This commit is contained in:
parent
92a57e3256
commit
0c37e466a9
66
README.md
66
README.md
|
|
@ -1,3 +1,65 @@
|
||||||
# VueScan-Mint-Firewall-Fix
|
✅ Fixed: VueScan Can't Detect Brother Network Scanners on Linux Mint 22.1 — "ICMP admin prohibited filter" Solved
|
||||||
|
|
||||||
How I solved VueScan not detecting Brother network scanners behind firewalld (Linux Mint 22.1)
|
Body:
|
||||||
|
|
||||||
|
# Solved: VueScan Cannot Detect Brother Network Scanners on Linux Mint 22.1 / Ubuntu 24.04
|
||||||
|
|
||||||
|
## ✅ TL;DR
|
||||||
|
If VueScan doesn’t detect your Brother network scanners unless your firewall is disabled, the issue is likely caused by firewalld zone policies silently rejecting traffic.
|
||||||
|
|
||||||
|
**Fix:** Move your network interface into the `trusted` zone.
|
||||||
|
|
||||||
|
---
|
||||||
|
|
||||||
|
## 🔧 Background
|
||||||
|
|
||||||
|
- **OS:** Linux Mint 22.1 “Xia” (Ubuntu 24.04 base)
|
||||||
|
- **Scanner:** Brother MFC and similar network models
|
||||||
|
- **Software:** VueScan
|
||||||
|
- **Firewall:** firewalld (nftables backend)
|
||||||
|
|
||||||
|
---
|
||||||
|
|
||||||
|
## 🐛 The Problem
|
||||||
|
|
||||||
|
Even with the correct ports open and Brother drivers installed, VueScan couldn’t see the scanner.
|
||||||
|
|
||||||
|
Running `tcpdump` showed:
|
||||||
|
|
||||||
|
ICMP host <hostname> unreachable - admin prohibited filter
|
||||||
|
|
||||||
|
|
||||||
|
Despite:
|
||||||
|
- Opening all documented Brother ports (UDP 54925, TCP 54926)
|
||||||
|
- Adding direct rules, rich rules, and nftables manual rules
|
||||||
|
|
||||||
|
VueScan still couldn’t discover any scanners.
|
||||||
|
|
||||||
|
---
|
||||||
|
|
||||||
|
## 🧠 Root Cause
|
||||||
|
|
||||||
|
Firewalld’s zone chain system (e.g., `filter_OUTPUT_POLICIES`, `filter_OUT_home`) overrides direct rules unless placed in the exact right spot. Traffic was still being rejected in a deep subchain.
|
||||||
|
|
||||||
|
---
|
||||||
|
|
||||||
|
## ✅ The Fix
|
||||||
|
|
||||||
|
Move your interface to the trusted zone to allow discovery without disabling the firewall.
|
||||||
|
|
||||||
|
```bash
|
||||||
|
sudo firewall-cmd --zone=trusted --change-interface=eno1 --permanent
|
||||||
|
sudo firewall-cmd --reload
|
||||||
|
|
||||||
|
Replace eno1 with your actual network interface (use ip a to check)
|
||||||
|
|
||||||
|
Then verify:
|
||||||
|
|
||||||
|
sudo firewall-cmd --get-active-zones
|
||||||
|
|
||||||
|
🎉 Result
|
||||||
|
|
||||||
|
VueScan now detects all Brother scanners on the network — no reboots required.
|
||||||
|
🔐 Security Note
|
||||||
|
|
||||||
|
This is safe if you're on a trusted home network behind a router. If you need more fine-grained access, you can create a custom firewalld zone to only allow specific IPs and ports.
|
||||||
Loading…
Reference in New Issue