How to use a network scanner

solene · July 13, 2023, 8:15pm

I wrote a guide explaining how to use a network scanner on Qubes OS

I’d be glad to read some feedback about it especially for about the use of sys-net for the task.

qubes-neurotic · March 26, 2024, 5:07pm

Hi - I tried it, no luck! My scanner isn’t detected. I’m on 4.2 Do I type to replace my network interface name into this command somewhere?

nft add rule qubes custom-input udp dport 5353 accept

?

I know this might be related to the other post I have about mDNS.

solene · March 26, 2024, 5:25pm

the nftables command allows this port on all interfaces

are you trying from sys-net?

Lace · March 26, 2024, 9:42pm

I will eventually be needing this tool

Thank you

qubes-neurotic · March 28, 2024, 8:33pm

Yes, I’m running in sys-net.

My sys-net qube uses the debian-12-xfce template. So instead of dnf I had to use apt to install:

install sane-airscan sane-backends sane-backends-drivers-cameras sane-backends-drivers-scanners

And the last 3 packages weren’t found. So I suppose thats my problem. I’m going to change my sys-net to a fedora and see what happens.

qubes-neurotic · March 28, 2024, 9:04pm

changing my sys-net template from debian to fedora fixed it. thanks!

and as for feedback on using sys-net: it just doesnt feel right for some reason. I don’t have the technical skills to judge it on any other basis. Seems like its a core qube that shouldn’t be tinkered with

solene · March 28, 2024, 9:12pm

you are using a network scanner anyway, it’s not encrypted on the network, if it’s disposable then all changes could be discarded with a reboot

it would be better to have this in an AppVM though but due to the broadcast method to discover devices (scanners or printers), I still haven’t figured a method to make it work.

solene · March 28, 2024, 9:13pm

indeed, you absolutely need sane-airscan, it’s curious it’s not packaged in debian

qubes-neurotic · March 28, 2024, 9:15pm

just to clarify - sane-airscan is in debian, but the other 3 aren’t apparently

qubes-neurotic · March 31, 2024, 2:37am

I actually got this to work, so in case anyone lands here due to the trouble I had:

Two main points that helped me figure it out:

Solene’s guide appears to assume fedora-based templates. Things are slightly different on debian
You only need to open port 5353 on sys-net, run avahi-daemon, and airscan-discover once (and maybe not at all if you’re savy). That whole process is to get the IP address and protocol of the network scanner you’re trying to reach. Once you put that into /etc/sane.d/airscan.conf then it seems the scanner can be reached via IP address alone without need for avahi.

What I did (from memory roughly, apologies I have no experience writing guides)

In Qubes Manager Gui

sys-net->right-click->Settings
Services tab
Select a service: (custom…)
+Add
“avahi” in dialog box->Ok
Apply-> Ok
sys-net->right-click->Restart

On sys-net terminal (based on debian-12-xfce template):

sudo apt install -y sane sane-utils
sudo systemctl enable avahi-daemon
sudo systemctl start avahi-daemon
sudo nft add rule qubes custom-input udp dport 5353 accept
airscan-discover
copied the output of airscan-discover.

On debian-12-xfce template:

sudo nano /etc/sane.d/airscan.conf
right under the [devices] section I pasted the output of airscan-discover from above and matched the format of the sample Kyocera scanner listed. Save/Exit.
sudo apt install -y simple-scan

And so now every AppVM based on my debian-12-xfce template can scan over the network using simple-scan. No need to scan with sys-net…although solene makes a convincing argument that wouldn’t matter, it just wouldn’t feel clean to me.

Hope that helps someone. Correct me anyone if I botched something! Thanks again to Solene: no way I could have figured it out without her guide.

Lace · April 2, 2024, 7:33am

Thank you for this update as I only have Debian, forgoing all Fedora Templating (for personal reasons and over vigilance)