----- Original Message ----
From: Andrew Joakimsen
... Has anyone used the networked form of sane? I notice that it is seriously firewall unfriendly, opening a data connection on a random port. Since my local network is wireless, it does not suit me to run without a firewall on my machines, so this need for wide-openness really won't work.
It looks like this is currently a fixed part of the behavior of saned right now, but does anyone have a workaround, or patch to make it use a fixed port or anything that would actually work on a firewalled system?
It can not be on "random ports" as you say. Or are you saying the client does a portscan of the server each time you want to scan? Does the server then change its listening port after each scanjob? Please do explain what you mean be "random ports."
OK, not "random" in the security sense, but "random" in the sense of "not predictable, not controllable by configuration, instead chosen and negotiated between sender and receiver at runtime" From man saned: In addition to the control connection (port 6566) saned also uses a data connection. The port of this socket is selected by the operating system and can't be specified by the user currently. This may be a problem if the connection must go through a firewall (packet filter). If you must use a packet filter, make sure that all ports > 1024 are open on the server for connections from the client. This is the kind of behavior that traditional ftp used to use for its data connection, of course, ftp has since learned to be firewall friendly (the "passive" mode), and I was rather hoping someone might have done the same for saned, but maybe it's not being used in enough "sensitive" environments. Any thoughts? Cheers, Simon "You can tell whether a man is clever by his answers. You can tell whether a man is wise by his questions." — Naguib Mahfouz -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org