[sane-devel] iptables and saned network scanner / xinetd saned groups
Jelle de Jong
jelledejong at powercraft.nl
Wed Sep 24 10:05:22 UTC 2008
-----BEGIN PGP SIGNED MESSAGE-----
Jelle de Jong wrote:
> Dear list members,
> This is my first email to this specific list, so let me say hello to you
> all and thank you for your work on the sane-project.
> I am trying to build a saned network scanner. I figured out a lot of
> things on my own, but got stuck on the required secure iptable rules.
> Would somebody be willing to take a look at my iptable setup and add the
> required setup rules? The system is in production, so it needs to be as
> secure as possible. I also attached my setup documentation with
> debugging info and the reported iptable denyal.
> Any help would be appreciated,
> Best regards,
> Jelle de Jong
I finally fixed the actual issue, and documented everything extensively
(see attachment) I strongly advice the sane-project to update there
The behind problem was that the 'groups = yes' option was not
documentation in man saned or the web pages. If this option is not given
xinetd will strip the scanner group and everything seems to be working
but the scaned process started by xinetd cant access the device ...
# IMPORTANT: add 'groups = yes' to the configuration, else xinetd strips
the scanner group and is unable to access the device!
# see -> man xinetd.conf
Thanks to everybody trying to help.
Jelle de Jong
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
-----END PGP SIGNATURE-----
-------------- next part --------------
An embedded and charset-unspecified text was scrubbed...
More information about the sane-devel