Date: Sat, 08 Dec 2007 19:17:21 -0700 From: Predrag Punosevac <punosevac@math.arizona.edu> To: Pollywog <lists-fbsd@shadypond.com> Cc: freebsd-questions@freebsd.org Subject: Re: SANE Network Daemon question Message-ID: <475B5031.9050000@math.arizona.edu> In-Reply-To: <200712082203.28758.lists-fbsd@shadypond.com> References: <475B00EA.2000208@math.arizona.edu> <200712082203.28758.lists-fbsd@shadypond.com>
next in thread | previous in thread | raw e-mail | index | archive | help
Pollywog wrote: > On Saturday 08 December 2007 20:39:06 Predrag Punosevac wrote: > >> I was just looking at the documentation on SANE web-site about network >> scanning >> and I noticed that /etc/services on my i386 does not include line like >> >> sane-port 6566/tcp # SANE network scanner daemon >> >> which is used by saned (Sane Network Daemon to enable scanning over the >> network). >> The /etc/inetd.conf file is also missing line (of course should be >> commented by default) >> >> sane-port stream tcp nowait saned.saned /usr/local/sbin/saned saned >> >> The handbook is also mute about the scanning over the network. >> >> Is anybody using scanners on the network on FreeBSD? Handbook article >> should also be appended. >> I might try to play with it and see how it goes. I could contribute the >> documentation if the community has interest in it. >> >> > > I wanted to do this but I could not find a package for it. In Linux, I use > sane-utils to do this. > Saned (Sane Daemon) is included in the standard distribution of sane-backhands. I checked sane-utils on the Debian web-site and seems it is just idiotic GUI. I have to go very carefully through sane documentation and all files that come with the sane-backhands. My hunch would be that one needs to do at least following steps for network scanning. For the purposes of this example I will assume that scanner already works properly on a machine which we will refer as server. Our goal is to make this scanner usable to other machines which we call clients on our local network. The following scenario looks likely. We have a small computer lab of 10 machines running FreeBSD, 2 printers and a scanner. We want people who use these work stations to be able to use any of these two printers and the scanner regardless of the fact if the printer or a scanner is physically attached to a particular workstation. Step 1 Edit /etc/services with (probably both on server and on the client machine) sane-port 6566/tcp # SANE network scanner daemon Step 2 Edit /etc/inetd.conf as (on the server and on the client machine) sane-port stream tcp nowait saned.saned /usr/local/sbin/saned saned Step 3 Edit /etc/rc.conf with (on the server and on the client machine) inetd_enable="YES" saned_enable="YES" Step 4 One probably also needs to edit /etc/hosts to add the host server to which sane is attached. (this is probably only on the client machine) Step 5 Edit file /usr/local/etc/sane.d/net.conf which as default looks like # This is the net config file. Each line names a host to attach to. # If you list "localhost" then your backends can be accessed either # directly or through the net backend. Going through the net backend # may be necessary to access devices that need special privileges. # localhost on the client side. Maybe on the server side too. Step 6 Edit file /usr/local/etc/sane.d/saned.conf which as default looks like # # saned.conf # # The contents of the saned.conf file is a list of host names, IP # addresses or IP subnets (CIDR notation) that are permitted to use local # SANE devices. IPv6 addresses must be enclosed in brackets, and should # always be specified in their compressed form. # # The hostname matching is not case-sensitive. # #scan-client.somedomain.firm #192.168.0.1 #192.168.0.1/29 #[2001:7a8:185e::42:12] #[2001:7a8:185e::42:12]/64 # # NOTE: /etc/inetd.conf (or /etc/xinetd.conf) and # /etc/services must also be properly configured to start # the saned daemon as documented in saned(8), services(4) # and inetd.conf(4) (or xinetd.conf(5)). probably both on local and server side. I probably skipped some steps both on the client and on the server side. Step 7 Reboot server and clients for daemons to start. I do not know of the web configuration utility to do this like the one for Samba (which also uses inetd) and it will probably make system administration just less transparent. I do not fully understand the security implication of the running daemon. It looks to me that the daemon is running around as a supper user and that might be very serious thing. Probably above should be tried only behind the PF but how to configure the PF so that the daemon is invisible to anybody who is outside of our local network? I have more questions at this point than the answers and I just thought of this for half an hour. I will play with my local network after the Christmas holidays and report on the results. Cheers, Predrag > freebsd-questions@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-questions > To unsubscribe, send any mail to "freebsd-questions-unsubscribe@freebsd.org" >
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?475B5031.9050000>