Firewall blocks scanning from Epson Artisan 810

No, no checkbox for sharing a scanner and I'm not sure about the 5100 TCP thing you mentioned. That's a little out of my knowledge area. I did go the the Firewall prefs, clicked New, selected Other from the Port Name drop down menu and typed in 5100 in the TCP Port Number field but I still couldn't scan from the control panel on the Epson. Thanks anyway, though.

I've looked at the File Sharing, Printer/Fax and Firewall settings. Much if not most of that stuff I don't understand.

I ran a scan from the desktop with Network Utility open and the Netstat tab selected. While the scan was taking place I clicked the Netstat button and the window populated with what you see below. It makes no sense to me. Should all this be necessary to make a scanner from a major company such as Epson work properly? BTW, I tried adding Port 4 with in the TCP field of the Sharing dialog in the Firewall Prefs but still no go. Thanks for your help.


Active Internet connections (including servers)
Proto Recv-Q Send-Q Local Address Foreign Address (state)
tcp4 12 0 g5.49157 192.168.1.67.entp ESTABLISHED
tcp4 0 0 *.3851 . LISTEN
tcp4 0 0 *.enpp . LISTEN
tcp4 0 0 *.afpovertcp . LISTEN
tcp46 0 0 *.afpovertcp . LISTEN
tcp4 0 0 *.ipp . LISTEN
tcp4 0 0 *.49156 . LISTEN
tcp4 0 0 localhost.netinfo-loca localhost.1017 ESTABLISHED
tcp4 0 0 localhost.1017 localhost.netinfo-loca ESTABLISHED
tcp4 0 0 localhost.netinfo-loca localhost.1021 ESTABLISHED
tcp4 0 0 localhost.1021 localhost.netinfo-loca ESTABLISHED
tcp4 0 0 localhost.netinfo-loca . LISTEN
tcp4 0 0 *.microsoft-ds . LISTEN
tcp4 0 0 *.netbios-ssn . LISTEN
tcp4 0 0 *.printer . LISTEN
tcp6 0 0 *.515 . LISTEN
udp4 0 0 *.rockwell-csp2 .
udp4 0 0 g5.netbios-dgm .
udp4 0 0 g5.netbios-ns .
udp4 0 0 *.netbios-dgm .
udp4 0 0 *.enpp .
udp4 0 0 g5.ntp .
udp6 0 0 fe80:4::214:51ff.123 .
udp6 0 0 fe80:1::1.123 .
udp6 0 0 localhost.123 .
udp4 0 0 localhost.ntp .
udp6 0 0 *.123 .
udp4 0 0 *.ntp .
udp4 0 0 *.mdns .
udp4 0 0 localhost.49168 localhost.1022
udp4 0 0 localhost.49167 localhost.1022
udp4 0 0 localhost.1022 .
udp4 0 0 localhost.49165 localhost.1023
udp4 0 0 *.ipp .
udp4 0 0 localhost.1023 .
udp6 0 0 *.5353 .
udp4 0 0 *.mdns .
udp4 0 0 . .
udp4 0 0 localhost.netinfo-loca .
udp4 0 0 *.netbios-ns .
icm6 0 0 . .
Active LOCAL (UNIX) domain sockets
Address Type Recv-Q Send-Q Inode Conn Refs Nextref Addr
606f6e8 stream 0 0 0 606f660 0 0 /var/tmp/SCDynamicStoreNotifyFileDescriptor-16659
606f660 stream 0 0 0 606f6e8 0 0
606f7f8 stream 0 0 0 606f908 0 0 /var/run/mDNSResponder
606f908 stream 0 0 0 606f7f8 0 0
606f770 stream 0 0 0 606f990 0 0 /var/run/mDNSResponder
606f990 stream 0 0 0 606f770 0 0
606fb28 stream 0 0 0 606faa0 0 0 /var/run/mDNSResponder
606faa0 stream 0 0 0 606fb28 0 0
606fcc0 stream 0 0 0 606fd48 0 0 /var/run/mDNSResponder
606fd48 stream 0 0 0 606fcc0 0 0
606fdd0 stream 0 0 0 5ef1dd0 0 0 /var/run/mDNSResponder
5ef1dd0 stream 0 0 0 606fdd0 0 0
5ef1088 stream 0 0 0 606ff68 0 0 /var/run/mDNSResponder
606ff68 stream 0 0 0 5ef1088 0 0
5ef1c38 stream 0 0 6059084 0 0 0 /var/launchd/501/sock
5ef1220 stream 0 0 0 5ef12a8 0 0 /var/run/mDNSResponder
5ef12a8 stream 68 0 0 5ef1220 0 0
5ef13b8 stream 0 0 5fff5ac 0 0 0 /private/var/run/cupsd
5ef1440 stream 0 0 0 5ef14c8 0 0 /var/run/mDNSResponder
5ef14c8 stream 0 0 0 5ef1440 0 0
5ef1550 stream 0 0 0 5ef15d8 0 0 /var/run/mDNSResponder
5ef15d8 stream 0 0 0 5ef1550 0 0
5ef1660 stream 0 0 0 5ef16e8 0 0 /var/run/mDNSResponder
5ef16e8 stream 0 0 0 5ef1660 0 0
5ef1770 stream 0 0 0 5ef17f8 0 0 /var/run/mDNSResponder
5ef17f8 stream 0 0 0 5ef1770 0 0
5ef1880 stream 0 0 0 5ef1908 0 0 /var/run/mDNSResponder
5ef1908 stream 0 0 0 5ef1880 0 0
5ef1990 stream 0 0 0 5ef1a18 0 0 /var/run/mDNSResponder
5ef1a18 stream 0 0 0 5ef1990 0 0
59be110 stream 0 0 0 59be198 0 0 /var/run/mDNSResponder
59be198 stream 0 0 0 59be110 0 0
59be330 stream 0 0 5e20c60 0 0 0 /var/run/pppconfd
59be908 stream 0 0 0 59bea18 0 0 /var/run/asl_input
59bea18 stream 0 0 0 59be908 0 0
59be550 stream 0 0 5d84840 0 0 0 /var/run/asl_input
59be990 stream 0 0 5d84ad4 0 0 0 /var/run/mDNSResponder
59beaa0 stream 0 0 0 0 0 0
59be6e8 stream 0 0 0 59be880 0 0
59be880 stream 0 0 0 59be6e8 0 0
59bedd0 stream 0 0 5d31ce4 0 0 0 /var/run/usbmuxd
59bee58 stream 0 0 5d31d68 0 0 0 /var/run/portmap.socket
59beee0 stream 0 0 5d31dec 0 0 0 /var/run/com.bombich.ccc.socket
59bef68 stream 0 0 59b7420 0 0 0 /var/launchd/0/sock
606f880 dgram 0 0 0 606fa18 606fa18 0
606fa18 dgram 0 0 0 606f880 606f880 0
606fc38 dgram 0 0 0 606fbb0 606fbb0 0
606fbb0 dgram 0 0 0 606fc38 606fc38 0
606fe58 dgram 0 0 0 606fee0 606fee0 0
606fee0 dgram 0 0 0 606fe58 606fe58 0
5ef1000 dgram 0 0 0 59be4c8 0 5ef1ee0
5ef1ee0 dgram 0 0 0 59be4c8 0 5ef1d48
5ef1110 dgram 0 0 0 5ef1198 5ef1198 0
5ef1198 dgram 0 0 0 5ef1110 5ef1110 0
5ef1d48 dgram 0 0 0 59be4c8 0 5ef1330
5ef1330 dgram 0 0 0 59be4c8 0 5ef1cc0
5ef1aa0 dgram 0 0 0 5ef1b28 5ef1b28 0
5ef1b28 dgram 0 0 0 5ef1aa0 5ef1aa0 0
5ef1cc0 dgram 0 0 0 59be4c8 0 5ef1bb0
5ef1bb0 dgram 0 0 0 59be4c8 0 5ef1e58
5ef1e58 dgram 0 0 0 59be4c8 0 59bebb0
59bebb0 dgram 0 0 0 59be4c8 0 5ef1f68
5ef1f68 dgram 0 0 0 59be4c8 0 59be220
59be000 dgram 0 0 0 59be088 59be088 0
59be088 dgram 0 0 0 59be000 59be000 0
59be220 dgram 0 0 0 59be4c8 0 59beb28
59be5d8 dgram 0 0 0 59be7f8 59be7f8 0
59be7f8 dgram 0 0 0 59be5d8 59be5d8 0
59beb28 dgram 0 0 0 59be4c8 0 59bec38
59bec38 dgram 0 0 0 59be4c8 0 59be2a8
59becc0 dgram 0 0 0 59be660 59be660 0
59be660 dgram 0 0 0 59becc0 59becc0 0
59be2a8 dgram 0 0 0 59be4c8 0 59be3b8
59be3b8 dgram 0 0 0 59be4c8 0 59be440
59be440 dgram 0 0 0 59be4c8 0 0
59be4c8 dgram 0 0 5d84630 0 5ef1000 0 /var/run/syslog
59be770 dgram 0 0 0 59bed48 59bed48 0
59bed48 dgram 0 0 0 59be770 59be770 0

As an update. I contacted Epson and asked what port the 810 uses and they wrote back "The network port assignment is 3629". I went into the Sharing prefs, selected the Firewall tab, clicked New and then in the Sharing dialog box for Port Name I selected Other, for TCP Port Number I typed in 3629. I left UDP Port number blank and for Description I typed Epson 810. The Epson still wouldn't scan to the Mac. Then I put the port number in the UDP field too and that didn't help.

I have no idea if I'm doing any of this correctly. Do you?

Beyond that, none of this would be necessary if I could just turn off the Mac firewall and rely on the firewall of my router. I posed the question in my original post if doing this would be OK but nobody replied to that question so I'll ask it again. My 2wire 2701HG-B router has a firewall built in which is always on (cannot be turned off). Does it make sense to also have the Mac firewall turned on in the Sharing prefs or can I turn that off? If I can safely turn off the Mac firewall and rely on the router then the scanning problem goes away. So, should I have the Mac firewall on in addition to the router firewall or is it unnecessary?

Thanks much.

BDAqua wrote:

So, should I have the Mac firewall on in addition to the router firewall or is it unnecessary?

It would depend on if there were other Wifi/Airport computers within range, what services you have enabled, and form of encryption you use. The Router's Firewall would protect you on the Internet.

Well, there are several other wifi networks I can detect when, for example, I turn on my iPhone or iPad. They show a little lock icon meaning I can't use them without their pass phrase. I don't see that for my own network but that's because I've previously entered the password into my iPhone and iPad and they remember the pass phrase. I'm pretty sure other people see the lock icon and can't get onto my wifi network. As to the form of encryption I use, that's beyond my ken. All I know is that my wifi network requires a password; authentication is set to WEP-Open and that my wifi system has a name and pass phrase that I gave it at some previous time and that I had to enter those in my iPhone, iPad and now the Epson printer in order to access my wifi network.

As to what services I have enabled, I don't know too much about that as applied to the router's firewall. I don't know that enabling services is something I can do with the router. Maybe it's just that the router doesn't label things "services". I see for example the option to enable "Public Routed Subinterface", or "Public Proxied Subnet (NAT/Routed)". (These are disabled, BTW.) There is also an option to choose either "Maximum protection – Disallow unsolicited inbound traffic" or to "Allow individual application(s)" which is followed by a list of what look like games which can be enabled. I have it set to the former, Maximum protection."

In my Mac's Sharing control panel under the Services tab I have enabled Personal File Sharing, Windows Sharing (I run Windows on my MacBook at times), and Printer Sharing. Under the firewall tab those things are also selected (and grayed out) but I have also enabled Network Time. If I turn off the firewall on my Mac will I lose those services? Will my Mac not know what the correct time is anymore, for example?

Does that tell you enough to be able to say with certainty it's OK to turn off my Mac's software firewall in Prefs?

Thanks so much.

Thanks.

Based on your recommendation to change from WEP I found this page at Wikipedia about wifi best practices should anybody care to refer to it. <http://en.wikipedia.org/wiki/Wireless security#Wireless_Security_BestPractices>

I switched to WPA2-PSK which was a simple matter of making the choice in a drop down menu on my router's Home Network page. Then all I had to do was enter the router pas phrase on each of my wireless devices when logging on to the network the next time. It all only took a few minutes.

I think that for now at least I'll keep the software firewall of my Mac turned on in addition to the firewall built into my router. After all, the only problem it seems to be causing is to prevent me from scanning from the control panel on my all-in-one. I can still scan from the Mac, plus I have much more control when doing so from the desktop. If I can find a fix that would be the optimum situation. I'll continue pursuing that with Epson. I'll post it here if I find one.

Thanks again for all your help. You've been very generous.

skylab001 wrote:
Has any progress been made on this? I have the same problem, it's definitely a port issue, as it works fine when I have my firewall set to off on my PB G4 running 10.4. My other intel macbook pro works fine from the get go? It's frustrating because I bought this printer for this scan to computer function and included in the documentation was an addendum stating that it doesn't even work on 10.6, so now I can't upgrade.

I'm confused about your comment about upgrading. Upgrade what? From what to what and why can't you? Maybe that's for another thread. More pertinent information about the Artisan 810 Control Panel scanning problem follows...

I didn't see the note in the addendum until you mentioned it. It seems to say scanning from the Control Panel on the unit won't work in 10.6. That doesn't explain why it doesn't work in 10.4.11. Fortunately for me I don't really need to scan from the control panel on the all-in-one. I'm not sure about this, but I don't think you have any real control over the scan settings from the CP on the unit anyway. I'm only guessing that it will scan at whatever settings you've created on the Mac... but that's all another issue.

I did correspond with Epson about the problem and was told "The network port assignment is 3629". I couldn't figure out what to do with that information in order to make the unit scan from the CP. In a subsequent email Epson wrote to me "I'm sorry to hear about your firewall issue. Unfortunately we would not be able to help you with your firewall trouble as we are not sure what aspect of it is blocking the printer's functionality. What I can tell you is that typically when an application or service is launched, or tries to launch, the Firewall software will have some sort of control whether to allow the service or application to run or not. You will need to locate any configuration menu of the firewall and allow/grant permission of the Epson service or application (whatever is listed) to run. You may want to contact the firewall service provider for this."