SANE Network Daemon question

Predrag Punosevac punosevac at
Sat Dec 8 18:17:57 PST 2007

Pollywog wrote:
> On Saturday 08 December 2007 20:39:06 Predrag Punosevac wrote:
>> I was just looking at the documentation on SANE web-site about network
>> scanning
>> and I noticed that /etc/services on my i386 does not include line like
>> sane-port          6566/tcp      # SANE network scanner daemon
>> which is used by saned (Sane Network Daemon to enable scanning over the
>> network).
>> The /etc/inetd.conf file is also missing line (of course should be
>> commented by default)
>> sane-port  stream  tcp  nowait  saned.saned  /usr/local/sbin/saned saned
>> The handbook is  also  mute  about  the  scanning over the network.
>> Is anybody using scanners on the network on FreeBSD? Handbook article
>> should also be appended.
>> I might try to play with it and see how it goes. I could contribute the
>> documentation if the community has interest in it.
> I wanted to do this but I could not find a package for it.  In Linux, I use 
> sane-utils to do this.

Saned (Sane Daemon)  is included in the standard distribution of 
sane-backhands. I checked sane-utils on the Debian web-site and seems it 
is just idiotic GUI.

I have to go very carefully through sane documentation and all files 
that come with the sane-backhands.
My hunch would be that one needs to do at least following steps  for  
network scanning.

For the purposes of this example I will assume that scanner already 
works properly on a machine which we will refer as server.
Our goal is to make this scanner usable to other machines which we call 
clients on our local network. The following scenario looks likely. We 
have a small computer lab of 10 machines running FreeBSD, 2 printers and 
a scanner. We want people who use these work stations to be able to use 
any of these two printers and the scanner regardless of the fact if the 
printer or a scanner is physically attached to
a particular workstation.

Step 1 Edit /etc/services with (probably both on server and on the 
client machine)

sane-port          6566/tcp      # SANE network scanner daemon

Step 2 Edit /etc/inetd.conf as    (on the server and on the client 

sane-port  stream  tcp  nowait  saned.saned  /usr/local/sbin/saned saned

Step 3 Edit /etc/rc.conf with (on the server and on the client machine)


Step 4 One probably also needs to edit /etc/hosts to add the host server 
to which sane is attached. (this is probably only on the client machine)

Step 5 Edit file /usr/local/etc/sane.d/net.conf which as default looks like

# This is the net config file.  Each line names a host to attach to.
# If you list "localhost" then your backends can be accessed either
# directly or through the net backend.  Going through the net backend
# may be necessary to access devices that need special privileges.
# localhost

on the client side. Maybe on the server side too.

Step 6 Edit file /usr/local/etc/sane.d/saned.conf which as default looks 

# saned.conf
# The contents of the saned.conf  file  is  a  list  of  host  names,  IP
# addresses or IP subnets (CIDR notation) that are permitted to use local
# SANE devices. IPv6 addresses must be enclosed in brackets,  and  should
# always  be specified in their compressed form.
# The hostname matching is not case-sensitive.
# NOTE: /etc/inetd.conf (or /etc/xinetd.conf) and
# /etc/services must also be properly configured to start
# the saned daemon as documented in saned(8), services(4)
# and inetd.conf(4) (or xinetd.conf(5)).

probably both on local and server side.

I probably skipped some steps both on the client and on the server side.

Step 7 Reboot server and clients for daemons to start.

I do not know of the web configuration utility to do this like the one 
for Samba (which also uses inetd) and it will probably  make
system administration just less transparent.

I do not fully understand the security implication of the running 
daemon. It looks to me that the daemon is running around as a supper user
and that might be very serious thing.

Probably above should be tried only behind the PF but how to configure 
the PF so that the daemon is invisible to anybody who is outside of our 
local network? I have more questions at this point than the answers and 
I just thought of this for half an hour.
I will play with my local network after the Christmas holidays and 
report on the results.



> freebsd-questions at mailing list
> To unsubscribe, send any mail to "freebsd-questions-unsubscribe at"

More information about the freebsd-questions mailing list