Reaffirming my previous post, I remind you that Debian is better integrated from the start than CentOS. Not bug-free, but fewer problems. Naturally I’m running my preferred desktop environment, XFCE. It lacks some of the bells and whistles, but it’s far more comfortable and less troublesome.
As part of one of my lessons today I was running some system checks on an XTerm (virtual console). At one point I issued the command
dmesg — basically the informative stuff about how the OS is wading through discovery of the hardware, followed by standard system alerts in time sequence. Among those alerts is firewall stuff (UFW): I noticed the firewall was blocking some unusual activity. Of course, it made reference to IPV6, which has a totally different IP address format. So I had to look up first what were the reserved network addresses in IPV6, and sure enough the problem was something on my system trying to get out past the firewall every few minutes.
[UFW BLOCK] IN=eth0 OUT= MAC= SRC=fe80:0000:0000:0000:021e:c9ff:fe29:2927 DST=ff02:0000:0000:0000:0000:0000:0000:0001 LEN=64 TC=0 HOPLIMIT=1 FLOWLBL=0 PROTO=UDP SPT=8612 DPT=8612 LEN=2
The “SRC” is the source of the activity and that turns out to be the same thing as 127.0.0.1 in IPV4 (the address for localhost, the machine on which you are working). The “DST” part is the reserved code for a form of open broadcast. In effect, my machine was asking if anybody on the LAN had a certain thing. The ports (SPT and DPT) were 8612, a telltale number used by Canon printers. But this wasn’t some activity coming from the printer spool (AKA “CUPS” in Linux). So I kept searching until I found references to “Pixma” — a product line from Canon. It almost had to do with some kind of Pixma driver somewhere. Eventually I discovered this was activity from the SANE service on my computer, the Linux implementation of scanner drivers; lots of Canon Pixma devices are “all-in-one” printer, fax and scanner. So all this time I was getting a sort of ping signal from the SANE service looking for any Canon Pixma machines on the network.
I have no intention of using such a thing and don’t own a Canon printer. So I killed the SANE service:
systemctl stop saned.service
systemctl disable saned.service
Oh, and just to make sure, I edited
/etc/sane.d/dll.conf to turn off the network searching function. The first line after all the explanation at the top of the file is “net” and I just commented it out so:
#net. No more firewall pings on that port. Naturally this triggered a scripted complaint that I was violating some LSB standard (Linux Standard Base) — big whoop-de-doo.
One small victory on the way to figuring out this stuff.
Update: That didn’t work. Can’t learn anything if I don’t fail sometimes. It was a good thing to shut down the SANE service because I have no intention of using it, but that didn’t stop the pings. A couple of hours later they came again. More research. I stopped a service called “cups-browse” and that seems to have worked:
systemctl stop cups-browsed.service
systemctl disable cups-browsed.service
Since the firewall activity shows it’s periodic over the day, I’ll have to check again in the morning. I can’t just shut down CUPS itself because I do print to PDF regularly from my browser. It’s the best way to save documents without wasting paper.
Update 2: 24 hours later and not a peep from my firewall. Killing cups-browse (recently deprecated in CUPS development) will stop the LAN noise on port 8612.