Accessing Printer IP for web config

So I am back from my mom’s where I set up a new desktop with LM for her. One issue I am running into, though, I need help in understanding how to resolve.

I recently found in my LM that I could use a web config utility to manage my Epson printer online (firmware updates, etc.). All I had to do was input the printer ip address (which i got from my router) and the management website appeared (I may have had to say allow or something) and I was able to do the firmware update from there rather than the printer itself or from the Windows Epson software.

Now that my mom’s Epson printer is in Linux, I used:

sudo lpinfo -l -v

to find her printer ip address. So I tried entering that like I do mine in Opera,

https://192.168.132.148/presentation/ADVANCED/COMMON/TOP

replacing my IP address with hers, but it would not connect: err_unsafe_port. I have tried http vs https but nothing changed.

Then I tried Firefox…same thing.

I am using Opera for this web config address in my LM, so not sure why it is not working on her computer. I tried the settings for that address and told it to not block, etc., but still it will not connect.

I understand about not connecting to certain ports for safety from hackers, but seems if I can do it on my LM, I should be able to do it on hers. I am using Anydesk for RDP to her computer. I have full access and have had no trouble changing anything else as long as I enter my password. NOTE: In order for her not to mess anything up, I am the only admin account.

I do not know how to get into her router/gateway, which is provided by her ISP company, but am sure I could figure it out if I had to. Was just hoping to be able to do this simply in a browser.

Thanks,
Sheila Flanagan

You cannot detect connected printers via the Print Settings app? Another way would be asking cups by, pointing the browser to http://localhost:631/printers/. But this option might be disabled by default.

@abu I can detect the printers, but it uses the cups and ipp address as you said, localhost:631. I don’t think you can access Epson printer management in a browser without the actual ip address. The instructions specifically say to point the browser to the printer ip for management.

UPDATE: I did as you suggested and went to localhost:631 and management is possible there on everything you can do from within LM. But firware update was not there as that can only be done from Epson software. Thanks so much as I did not know you could even do that in a browser.

Sheila Flanagan

You could try maybe, in a terminal, “arp -a” (it should be installed by default - it is in Pop!_OS) - in your mum’s LM - if it’s connected to the printer, you should see that come up in the devices / IP addresses that “arp -a” will display… Guessing which one’s the printer may be tricky, just tried with with my Brother printer - and I can’t identify from “arp -a” - but just looked on my router’s DHCP lease page and it’s “BRN30055CB2C61F” with IP address x.x.x.x. Because Brother use avahi / zeroconf / bonjour, I can then “ping BRN30055CB2C61F.local”

Install nmap (e.g. “sudo apt install nmap”) and query the IP address for what ports it’s listening on.

nmap -v -A ip.address.of.printer
(or even the “Avahi” device name e.g. EpsonXXXX.local - whatever it is in your case, but I don’t know if Epson use Avahi / Zeroconf / Bonjour - I expect they would if they want it to work with Apple devices).

Where “x.x.x.x” is IP address of your mum’s printer :

╭─x@titan ~  
╰─➤  nmap -v -A x.x.x.x
Starting Nmap 7.80 ( https://nmap.org ) at 2023-12-07 09:18 AWST
NSE: Loaded 151 scripts for scanning.
NSE: Script Pre-scanning.
Initiating NSE at 09:18
Completed NSE at 09:18, 0.00s elapsed
Initiating NSE at 09:18
Completed NSE at 09:18, 0.00s elapsed
Initiating NSE at 09:18
Completed NSE at 09:18, 0.00s elapsed
Initiating Ping Scan at 09:18
Scanning x.x.x.x [2 ports]
Completed Ping Scan at 09:18, 0.02s elapsed (1 total hosts)
Initiating Parallel DNS resolution of 1 host. at 09:18
Completed Parallel DNS resolution of 1 host. at 09:18, 0.10s elapsed
Initiating Connect Scan at 09:18
Scanning x.x.x.x [1000 ports]
Discovered open port 23/tcp on x.x.x.x
Discovered open port 21/tcp on x.x.x.x
Discovered open port 443/tcp on x.x.x.x
Discovered open port 80/tcp on x.x.x.x
Discovered open port 25/tcp on x.x.x.x
Discovered open port 515/tcp on x.x.x.x
Discovered open port 9100/tcp on x.x.x.x
Discovered open port 631/tcp on x.x.x.x
Completed Connect Scan at 09:18, 0.36s elapsed (1000 total ports)
Initiating Service scan at 09:18
Scanning 7 services on x.x.x.x

I usually hit CTRL+C here - but if you let it finish (it can take a while - e.g. 5 mins to complete) - and if you let it finish it should tell you more information about the device - e.g. :

PORT     STATE SERVICE    VERSION
21/tcp   open  ftp        Brother/HP printer ftpd 1.13
| ftp-anon: Anonymous FTP login allowed (FTP code 230)
| total 1
| -r--r--r--   1 root     printer   4096 Sep 28  2001 CFG-PAGE.TXT
|_----------   1 root     printer      0 Sep 28  2001 Sleep-----------
23/tcp   open  telnet     Brother/HP printer telnetd
25/tcp   open  smtp       Brother printer smtpd
|_smtp-commands: SMTP: EHLO 500 Syntax error \x0D
80/tcp   open  http       Debut embedded httpd 1.20 (Brother/HP printer http admin)
| http-methods: 
|_  Supported Methods: GET
| http-robots.txt: 1 disallowed entry 
|_/
|_http-server-header: debut/1.20
| http-title: Brother MFC-9335CDW
|_Requested resource was /general/status.html
443/tcp  open  ssl/https?
|_ssl-date: 1970-01-11T08:03:30+00:00; -53y329d17h16m47s from scanner time.
515/tcp  open  printer
631/tcp  open  ipp?
9100/tcp open  jetdirect?
Service Info: Device: printer

Host script results:
|_clock-skew: -19687d17h16m47s

NSE: Script Post-scanning.
Initiating NSE at 09:21
Completed NSE at 09:21, 0.00s elapsed
Initiating NSE at 09:21
Completed NSE at 09:21, 0.00s elapsed
Initiating NSE at 09:21
Completed NSE at 09:21, 0.00s elapsed
Read data files from: /usr/bin/../share/nmap
Service detection performed. Please report any incorrect results at https://nmap.org/submit/ .
Nmap done: 1 IP address (1 host up) scanned in 177.66 seconds

Also - is your mum’s LM running ufw or firewalld? Is there a chance that somehow your mum’s PC’s firewall is blocking the ports needed?

If nmap doesn’t work - then there’s a good chance its a local firewall on the LM installation. You could also try “sudo nmap -a -V ip.address.of.printer” - but - you shouldn’t need sudo…

I do have an Epson Ink MFC - that I only ever used as a scanner (I detest inkjet printers) - but it’s under a pile of crates and boxes (I “inherited” it when my younger brother succumbed to brain cancer about 9 years ago) and I’ve changed routers and WiFi 4 times since I last powered it on… I actually kinda preferred it’s scanning features to my Brother MFC - Epson’s scan to cloud is heaps better than Brother’s scan to network (I use FTP to save Brother MFC scans to my NAS)… But I don’t want two devices cluttering up space on my printer desk… But I don’t want to toss it in the trash or e-waste, 'cause I hate e-waste, and it has some sentimental value for me (had a big “blue” (Aussie slang for “fight”) with his ex-wife who claimed she bought it for him - but she’s lying [his best mate took him to the shop to buy it] - and what claim does he have on ANYTHING of his the b–ch anyway, she dumped him 5 years before he died).

@daniel.m.tripp It’s been so long since I set up my printer that I don’t remember if I added a rule in my firewall. LM uses ufw. I just checked her LM and saw that the firewall was not enabled. I enabled it with defaults and tried again in Firefox but got this:

This address is restricted

This address uses a network port which is normally used for purposes other than Web browsing. Firefox has canceled the request for your protection.

I just checked my LM and not sure why, but firewall was not enabled. Maybe when I upgraded a couple of weeks ago it did not keep it? Either way, I am connecting via IP address in my browser with no issues without firewall.

I need the port if i am to add a rule in firewall so I will try the arp-a and nmap method and see if I can get that.

So here is the output:

sudo nmap -v -A 192.168.0.105:515
Starting Nmap 7.80 ( https://nmap.org ) at 2023-12-06 20:15 CST
NSE: Loaded 151 scripts for scanning.
NSE: Script Pre-scanning.
Initiating NSE at 20:15
Completed NSE at 20:15, 0.00s elapsed
Initiating NSE at 20:15
Completed NSE at 20:15, 0.00s elapsed
Initiating NSE at 20:15
Completed NSE at 20:15, 0.00s elapsed
Failed to resolve "192.168.0.105:515".
NSE: Script Post-scanning.
Initiating NSE at 20:15
Completed NSE at 20:15, 0.00s elapsed
Initiating NSE at 20:15
Completed NSE at 20:15, 0.00s elapsed
Initiating NSE at 20:15
Completed NSE at 20:15, 0.00s elapsed
Read data files from: /usr/bin/../share/nmap
WARNING: No targets were specified, so 0 hosts scanned.
Nmap done: 0 IP addresses (0 hosts up) scanned in 0.50 seconds
           Raw packets sent: 0 (0B) | Rcvd: 0 (0B)

Failed to resolve? That is the printer IP address. Can you read this and tell me what it means? I don’t see the port.

Here’s arp-a:

$ arp -a
? (192.168.0.5) at 40:f6:bc:49:d3:eb [ether] on enp4s0
? (192.168.0.206) at 68:13:f3:56:a8:56 [ether] on enp4s0
? (192.168.0.189) at f2:51:aa:dd:65:3a [ether] on enp4s0
? (192.168.0.105) at 50:57:9c:e1:f1:d4 [ether] on enp4s0
_gateway (192.168.0.1) at 58:19:f8:d4:c5:4b [ether] on enp4s0
? (192.168.0.202) at 08:bf:b8:4e:e6:61 [ether] on enp4s0
? (192.168.0.235) at bc:f4:d4:ae:b2:85 [ether] on enp4s0
? (192.168.0.125) at 44:6d:57:d4:a9:2a [ether] on enp4s0
? (192.168.0.198) at 28:7e:80:86:65:3d [ether] on enp4s0
? (192.168.0.76) at <incomplete> on enp4s0

Thanks,
Sheila

You don’t specify the port in nmap - right now you’re just scanning that IP address to see which ports are open…

So just :

sudo nmap -v -A 192.168.0.105

If you already know the IP address of the printer, you don’t need to do the “arp -a” thing

I cannot say anything helpful regarding Epson printers. In my case (HP Printer) the IP address is contained in the device URI.

hp:/net/HP_ColorLaserJet_MFP_M282-M285?ip=192.168.0.199

sudo nmap -v -A 192.168.0.105
[sudo] password for myviolinsings:          
Starting Nmap 7.80 ( https://nmap.org ) at 2023-12-07 06:18 CST
NSE: Loaded 151 scripts for scanning.
NSE: Script Pre-scanning.
Initiating NSE at 06:18
Completed NSE at 06:18, 0.00s elapsed
Initiating NSE at 06:18
Completed NSE at 06:18, 0.00s elapsed
Initiating NSE at 06:18
Completed NSE at 06:18, 0.00s elapsed
Initiating ARP Ping Scan at 06:18
Scanning 192.168.0.105 [1 port]
Completed ARP Ping Scan at 06:18, 0.02s elapsed (1 total hosts)
Initiating Parallel DNS resolution of 1 host. at 06:18
Completed Parallel DNS resolution of 1 host. at 06:18, 0.02s elapsed
Initiating SYN Stealth Scan at 06:18
Scanning 192.168.0.105 [1000 ports]
Discovered open port 445/tcp on 192.168.0.105
Discovered open port 80/tcp on 192.168.0.105
Discovered open port 443/tcp on 192.168.0.105
Discovered open port 139/tcp on 192.168.0.105
Discovered open port 9100/tcp on 192.168.0.105
Discovered open port 515/tcp on 192.168.0.105
Discovered open port 631/tcp on 192.168.0.105
Completed SYN Stealth Scan at 06:18, 1.76s elapsed (1000 total ports)
Initiating Service scan at 06:18
Scanning 6 services on 192.168.0.105
Completed Service scan at 06:19, 11.03s elapsed (7 services on 1 host)
Initiating OS detection (try #1) against 192.168.0.105
Retrying OS detection (try #2) against 192.168.0.105
Retrying OS detection (try #3) against 192.168.0.105
Retrying OS detection (try #4) against 192.168.0.105
Retrying OS detection (try #5) against 192.168.0.105
NSE: Script scanning 192.168.0.105.
Initiating NSE at 06:19
Completed NSE at 06:19, 15.16s elapsed
Initiating NSE at 06:19
Completed NSE at 06:19, 3.02s elapsed
Initiating NSE at 06:19
Completed NSE at 06:19, 0.00s elapsed
Nmap scan report for 192.168.0.105
Host is up (0.0073s latency).
Not shown: 993 closed ports
PORT     STATE SERVICE      VERSION
80/tcp   open  tcpwrapped
| http-methods: 
|_  Supported Methods: GET HEAD POST
|_http-server-header: EPSON HTTP Server
|_http-title: Did not follow redirect to https://192.168.0.105/
139/tcp  open  netbios-ssn?
443/tcp  open  tcpwrapped
| http-methods: 
|_  Supported Methods: GET HEAD POST
|_http-server-header: EPSON_Linux UPnP/1.0 Epson UPnP SDK/1.0
|_http-title: Site doesn't have a title (text/html).
| ssl-cert: Subject: commonName=EPSONE1F1D4/organizationName=SEIKO EPSON CORP.
| Subject Alternative Name: DNS:EPSONE1F1D4, DNS:EPSONE1F1D4.local, IP Address:169.254.25.63, DNS:169.254.25.63
| Issuer: commonName=EPSONE1F1D4/organizationName=SEIKO EPSON CORP.
| Public Key type: rsa
| Public Key bits: 2048
| Signature Algorithm: sha256WithRSAEncryption
| Not valid before: 2010-01-01T00:00:00
| Not valid after:  2038-01-01T00:00:00
| MD5:   d1b8 522c 49ee 4725 89f4 f905 4219 cd58
|_SHA-1: b7c3 2bea 85ae bb19 e1d1 1fad 33ff 499b 3692 fed1
|_ssl-date: TLS randomness does not represent time
445/tcp  open  microsoft-ds
| fingerprint-strings: 
|   SMBProgNeg: 
|_    SMBr
515/tcp  open  printer
631/tcp  open  tcpwrapped
| http-methods: 
|_  Supported Methods: GET HEAD POST
|_http-server-header: Epson_IPP-Server/2.0.0
|_http-title: Site doesn't have a title (application/ipp).
9100/tcp open  jetdirect?
1 service unrecognized despite returning data. If you know the service/version, please submit the following fingerprint at https://nmap.org/cgi-bin/submit.cgi?new-service :
SF-Port445-TCP:V=7.80%I=7%D=12/7%Time=6571B839%P=x86_64-pc-linux-gnu%r(SMB
SF:ProgNeg,52,"\0\0\0N\xffSMBr\0\0\0\0\x88\x01H\0\0\0\0\0\0\0\0\0\0\0\0\0\
SF:0@\x06\0\0\x01\0\x11\x07\0\x07\n\0\x01\0\0\0\x01\0\0\0\x01\0\0\0\0\0\|\
SF:xe0\0\x000\xcb\xeb\x89\xf9G\xd8\x01\0\0\x08\x08\0\xbb\x1a\xdcW\xd5\xd0\
SF:xc3\xbd\0");
MAC Address: 50:57:9C:E1:F1:D4 (Seiko Epson)
No exact OS matches for host (If you know what OS is running on it, see https://nmap.org/submit/ ).
TCP/IP fingerprint:
OS:SCAN(V=7.80%E=4%D=12/7%OT=139%CT=1%CU=36542%PV=Y%DS=1%DC=D%G=Y%M=50579C%
OS:TM=6571B857%P=x86_64-pc-linux-gnu)SEQ(SP=107%GCD=1%ISR=10C%TI=Z%CI=I%II=
OS:I%TS=7)OPS(O1=M5B4ST11NW3%O2=M5B4ST11NW3%O3=M5B4NNT11NW3%O4=M5B4ST11NW3%
OS:O5=M5B4ST11NW3%O6=M5B4ST11)WIN(W1=7120%W2=7120%W3=7120%W4=7120%W5=7120%W
OS:6=7120)ECN(R=Y%DF=Y%T=40%W=7210%O=M5B4NNSNW3%CC=Y%Q=)T1(R=Y%DF=Y%T=40%S=
OS:O%A=S+%F=AS%RD=0%Q=)T2(R=N)T3(R=N)T4(R=Y%DF=Y%T=40%W=0%S=A%A=Z%F=R%O=%RD
OS:=0%Q=)T5(R=Y%DF=Y%T=40%W=0%S=Z%A=S+%F=AR%O=%RD=0%Q=)T6(R=Y%DF=Y%T=40%W=0
OS:%S=A%A=Z%F=R%O=%RD=0%Q=)T7(R=Y%DF=Y%T=40%W=0%S=Z%A=S+%F=AR%O=%RD=0%Q=)U1
OS:(R=Y%DF=N%T=40%IPL=164%UN=0%RIPL=G%RID=G%RIPCK=G%RUCK=G%RUD=G)IE(R=Y%DFI
OS:=N%T=40%CD=S)

Uptime guess: 4.544 days (since Sat Dec  2 17:16:30 2023)
Network Distance: 1 hop
TCP Sequence Prediction: Difficulty=263 (Good luck!)
IP ID Sequence Generation: All zeros

Host script results:
|_clock-skew: mean: -612d04h22m11s, deviation: 0s, median: -612d04h22m11s
|_ms-sql-info: ERROR: Script execution failed (use -d to debug)
| nbstat: NetBIOS name: EPSONE1F1D4, NetBIOS user: <unknown>, NetBIOS MAC: <unknown> (unknown)
| Names:
|   EPSONE1F1D4<00>      Flags: <unique><active><permanent>
|   WORKGROUP<00>        Flags: <group><active><permanent>
|_  EPSONE1F1D4<20>      Flags: <unique><active><permanent>
| smb-security-mode: 
|   account_used: guest
|   authentication_level: user
|   challenge_response: supported
|_  message_signing: supported
| smb2-security-mode: 
|   2.02: 
|_    Message signing enabled but not required
| smb2-time: 
|   date: 2022-04-04T07:57:06
|_  start_date: 2022-03-30T18:50:11

TRACEROUTE
HOP RTT     ADDRESS
1   7.34 ms 192.168.0.105

NSE: Script Post-scanning.
Initiating NSE at 06:19
Completed NSE at 06:19, 0.00s elapsed
Initiating NSE at 06:19
Completed NSE at 06:19, 0.00s elapsed
Initiating NSE at 06:19
Completed NSE at 06:19, 0.00s elapsed
Read data files from: /usr/bin/../share/nmap
OS and Service detection performed. Please report any incorrect results at https://nmap.org/submit/ .
Nmap done: 1 IP address (1 host up) scanned in 43.19 seconds
           Raw packets sent: 1114 (53.050KB) | Rcvd: 1071 (46.306KB)

Thanks,
Sheila

Well - that indicates that it is listening on port 515 - so not sure why you’t can hit that in a browser. Have you tried multiple browsers?

@daniel.m.tripp I tried both Opera and Firefox. Only reason I tried Opera on my machine was because she uses Opera on hers. I also used Midori on my machine and it works fine.

Thanks,
Sheila

So let’s say I need to create a rule in her firewall to allow the port access in a browser. Would the following rule work?

sudo ufw allow 515/tcp

Or do I need to add the ip address before the port?

Thanks,
Sheila

https://support.mozilla.org/en-US/questions/1083282

@abu I just read your link. Amazing this has happened in the past and FF has a solution, albeit nothing I would have thought to try as a solution.

Thanks so much. I will try this on my mom’s computer and report back if it works.

Sheila Flanagan

Okay, I followed the instructions from the FF link, but these instructions and screenshot are from an older version. I searched the name of the profile and found one, but you cannot just select it, click ok, and enter/change a port #. You have the options of Boolean, Number, String. Since the chosen solution used string, I edited the string (nothing says I was in the value column) and entered the port 515. Then I opened a new tab and tried again to navigate to her ip address:port and this time did not get that message, but it still timed out as if it cannot reach it (i.e., be sure firewall allows firefox to connect to the internet message).

Screenshots:

FF about config advanced prefs1282×593 84.3 KB

FF network.security in about config1282×228 31.7 KB

FF network security boolean number string1293×321 45.2 KB

So since the preference file already exists, I chose edit and as you can see put the 515 there after selecting string. If I select Boolean, it is either true or false. Should I choose number and input 515?

Thanks,
Sheila

I think, it should be a string.

Sorry - I wouldn’t have a clue - most of my experience with local firewalls (i.e. on desktops)** is I turn them off… I’ve already got a firewall on my broadband router - don’t need another one… same for that SELinux garbage that RPM distros foist on unsuspecting users - I DISABLE it…

** I have “extensive” experience with corporate / enterprise firewalls (and Security Groups in AWS) used by big companies… every one of them has different ways of doing things… Generally a firewall rule will be based on Source, Destination, port, and in many cases, you can use a CIDR notation (i.e. a whole network e.g. 192.168.0.0/24 [“/24” means 255.255.255.0] - some will use 0.0.0.0/0 to mean “EVERYTHING”) for Source and/or Destination, and in many cases the firewall will want to know if the port is TCP, UDP, or potentially both…

Thanks, @daniel.m.tripp . I wrote the firewall allowing UDP & TCP. I have done everything I can think of and just cannot connect in FF or Opera on her pc, her network, whatever is causing this is beyond me.

I may try a few different browsers before giving up. For now, she still has her W10 laptop so we can do the stuff from the GUI on it. After she no longer has that, she will just have to do it from the printer screen.

Sheila

@Sheila_Flanagan

Out of curiosity: From where comes the info to connect port 515? I didn’t find any references for that. Did you ever try to connect the printer’s web interface in the standard way, simply by http://192.168.0.105?

Source: Accessing Web Config

@abu I originally tried it without the port number as there is no port number listed in my connection, only the ip address of the printer. I think after using nmap with the port number I began trying that.

But I just now went over to my Opera browser and confirmed it is ip address only then switches/levels to the printer settings.

Even when the printer ip address changes in my network, I am always able to check it in my VPN router settings and input the new address and get the following:

Screenshot from 2023-12-14 07-23-191044×723 37.7 KB

And then I choose “proceed” and it works. But I never get this in any browser on her computer.

UPDATE: I just now went over to her computer and wrote a firewall rule to allow out for her printer ip address and navigated to her printer (without port#) and got into it. However, the page is asking for admin username/password, which i don’t recall happening with mine, but I guess hers needed a firewall rule.

I was able to get the same results in the image above and chose to proceed. I input a new password, clicked ok and VOILA!! I am finally into the printer.

Thanks so much.

Sheila Flanagan

Congratulations, that was a marathon effort.
Mothers are worth it.