-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Jelle de Jong wrote: > Dear list members, > > This is my first email to this specific list, so let me say hello to you > all and thank you for your work on the sane-project. > > I am trying to build a saned network scanner. I figured out a lot of > things on my own, but got stuck on the required secure iptable rules. > > Would somebody be willing to take a look at my iptable setup and add the > required setup rules? The system is in production, so it needs to be as > secure as possible. I also attached my setup documentation with > debugging info and the reported iptable denyal. > > Any help would be appreciated, > > Best regards, > > Jelle de Jong
I finally fixed the actual issue, and documented everything extensively (see attachment) I strongly advice the sane-project to update there documentation. The behind problem was that the 'groups = yes' option was not documentation in man saned or the web pages. If this option is not given xinetd will strip the scanner group and everything seems to be working but the scaned process started by xinetd cant access the device ... # IMPORTANT: add 'groups = yes' to the configuration, else xinetd strips the scanner group and is unable to access the device! # see -> man xinetd.conf Thanks to everybody trying to help. Kind regards, Jelle de Jong -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iJwEAQECAAYFAkjaEOAACgkQ1WclBW9j5HkK/gP/Qb0SSVRvWN8uGqBCXyID5dTe bpOzZjRGtZzMDOGjgtlgsDqkrwVrWpxFFdrcMzNiieT92ec/ZC9TZYtMd5LmbHu6 hgjOHg6DGRFcqCaAZ6JOfSwDSJOJM7k4ClLoI1SPMCQLo4NMoJB8JxwkBTykvdvf paI0FW2FZfBps9jGNFI= =V3Gc -----END PGP SIGNATURE----- -------------- next part -------------- An embedded and charset-unspecified text was scrubbed... Name: saned-network-scanner.txt Url: http://lists.alioth.debian.org/pipermail/sane-devel/attachments/20080924/e67a5e7f/attachment-0001.txt
