David Beecher
0c37e466a9
This is a complete overview of the process. Signed-off-by: David Beecher <dbeecher@tekops.com> |
||
|---|---|---|
| README.md | ||
README.md
✅ Fixed: VueScan Can't Detect Brother Network Scanners on Linux Mint 22.1 — "ICMP admin prohibited filter" Solved
Body:
Solved: VueScan Cannot Detect Brother Network Scanners on Linux Mint 22.1 / Ubuntu 24.04
✅ TL;DR
If VueScan doesn’t detect your Brother network scanners unless your firewall is disabled, the issue is likely caused by firewalld zone policies silently rejecting traffic.
Fix: Move your network interface into the trusted zone.
🔧 Background
- OS: Linux Mint 22.1 “Xia” (Ubuntu 24.04 base)
- Scanner: Brother MFC and similar network models
- Software: VueScan
- Firewall: firewalld (nftables backend)
🐛 The Problem
Even with the correct ports open and Brother drivers installed, VueScan couldn’t see the scanner.
Running tcpdump showed:
ICMP host unreachable - admin prohibited filter
Despite:
- Opening all documented Brother ports (UDP 54925, TCP 54926)
- Adding direct rules, rich rules, and nftables manual rules
VueScan still couldn’t discover any scanners.
🧠 Root Cause
Firewalld’s zone chain system (e.g., filter_OUTPUT_POLICIES, filter_OUT_home) overrides direct rules unless placed in the exact right spot. Traffic was still being rejected in a deep subchain.
✅ The Fix
Move your interface to the trusted zone to allow discovery without disabling the firewall.
sudo firewall-cmd --zone=trusted --change-interface=eno1 --permanent
sudo firewall-cmd --reload
Replace eno1 with your actual network interface (use ip a to check)
Then verify:
sudo firewall-cmd --get-active-zones
🎉 Result
VueScan now detects all Brother scanners on the network — no reboots required.
🔐 Security Note
This is safe if you're on a trusted home network behind a router. If you need more fine-grained access, you can create a custom firewalld zone to only allow specific IPs and ports.