[Discuss] CUPS Remote Printer

Sun Mar 16 10:45:23 PDT 2008

John Blomfield wrote:
> Murray Strome wrote:
>> John Blomfield wrote:
>>> Murray Strome wrote:
>>>> My main printer is an Okidata OL600e B&W LED printer which is 
>>>> physically connected to my wife's printer.  Through new installs, 
>>>> upgrades, etc. I have never really had to do much to have it 
>>>> accessible to all my computers.  However, since re-installing 
>>>> Kubuntu on my wife's computer, I cannot no longer access it.  I 
>>>> imagine that it has something to do with my ability to access her 
>>>> computer. I have not changed any settings in my routers. The 
>>>> simplified configuration is:
>>>>
>>>>
>>>>    --------                   --------------- ----              
>>>> --------------------
>>>>   | router|------------- |  Computer 1  |----------|Okidata Printer|
>>>>   |           |----             -------------------             
>>>> --------------------
>>>>   ----------     |
>>>>                    |                          
>>>> ---------------        ---- --------------               |  router 
>>>> #2 |------|  Computer 2 |
>>>>         ----------------        --------------------   Of course, 
>>>> there are other computers connected to router & router 2, and other 
>>>> printers on both Computer 1 and Computer 2. The first router is 
>>>> connected to a cable modem box, then to Shaw cable.
>>>>
>>>> All the computers used DHCP to get their addresses, as do the 
>>>> routers.  I have changed Computer 1 to fixed address (one the 
>>>> router originally assigned to it), but that did not make any 
>>>> difference.
>>>>
>>>> From Computer 2, I can ping router or Computer 1 (or anything else 
>>>> connected on that router) from Computer 2. I can ping router 2 from 
>>>> Computer 1 using the address "leased" to it by router, but I cannot 
>>>> ping to Computer 2 from Computer 1.  I can connect to the internet 
>>>> from everywhere without any problem.  If I try to add a network 
>>>> CUPS printer in Computer 2, it cannot access Port 631 on the 
>>>> address assigned to Computer 1 by router.
>>>>
>>> You need to open the router #2 firewall so that computer 1 can see 
>>> computer 2.  It depends on the brand of router and its software how 
>>> you do this.  Have a look and the firewall rules for router #2, it 
>>> should have a menu item that allows you to do this.  As a last 
>>> resort you could put Computer 2 in the DMZ (Demilitarized Zone) as 
>>> it would still be protected by the other router.  Incidentally why 
>>> do you need router #2 would not a switch do just as well unless it 
>>> has to be secure from Computer 1 and the others on router?
>>>
>>> John Blomfield
>> I am not sure HOW to open router #2 firewall so that computer #1 can 
>> see computer 2. Router #2 is a Trendnet TEW-432BRP. I see a setting 
>> on the Trendnet to enable DMZ but it wants a DMZ host IP; what would 
>> that be, or is that what I should be doing?
>>
>> The reason I am using router #2 is that two of my computers are in 
>> another room, quite far from the cable modem.  I had run one ethernet 
>> cable through the walls to that room, but it was enough of a chore to 
>> do so that I did not want to run another one (besides, all the ports 
>> on the first one were in use).  I tried to use a wireless card for 
>> the second computer, which worked (sort of) on one of the computers 
>> if I used Windows XP on it, but I could never get a very good signal, 
>> and I was never able to get it working with LINUX.  There was a very 
>> good price on the Trendnet (cheaper than another cable), and it did 
>> the trick without any effort until now.
>>
>> Murray
>>
> Since there is no security issue with router 2 network computers you 
> can try this way.  Set the range of DHCP on Router 1 to say 
> 192.168.0.2 to 192.168.0.10 and the range of Router 2 DHCP from 
> 192.168.0.11 to 192.168.0.20 (the first three groups of numbers i.e 
> 192.168.0 may be different on your routers), then again in Router 2 
> look for the "Inbound Filter Rules" and "enable" the range the to 
> 192.168.0.11 to 192.168.0.20 and set the action to "Allow".  This 
> should allow computer 1 to see computer 2 through the firewall.  
> Depending on the router software it may not be as obvious as this, you 
> may have to set the something like this WAN * to LAN * "Allow" meaning 
> all data from the WAN side (which is in your case not a WAN but Router 
> 1) and * meaning everything is allowed to the LAN side (meaning in 
> your case Computer 2 and others) and again * meaning everything.  The 
> problem is that every router software is different even among routers 
> from the same manufacture depending on age so its hard to be specific 
> with out seeing your actual router software interface.
>
> To try the DMZ approach you must set you Computer 2 in the router to a 
> fixed IP address and then set the DMZ host to that IP address but make 
> sure its different from the range of addresses served by Router 1.  
> You can set the IP address range for Router 2 to practically anything 
> that falls within the guide lines e.g 192.168.2.0 - 255.
>
> John Blomfield
>
> _______________________________________________
> Discuss mailing list
> Discuss at vlug.org
> http://ladybug.vlug.org/cgi-bin/mailman/listinfo/discuss
>
Murray, the more I think about your problem the more I think the DMZ 
method will best suit your purpose.  I don't think you can easily turn a 
router into a simple switch since a router's function is to isolate your 
network (LAN) from the internet (WAN) and hide the addresses on your LAN 
from others out on the WAN.  Turning off the DHCP will not change this 
it will block everything that does not have a static IP address allocated.

Just give Computer 2 a static IP address in the range of addresses 
provided by Router 1 (you need to do this both in Computer 2 and Router 
1).  Use a different range of IP numbers for Router 2 for the other 
computers on that LAN 2.  Set Router 2 to put Computer 2 (host) IP 
address in the DMZ zone.  This should enable two way traffic between 
Computer 2 and LAN 1, and LAN 2.  With your present set up LAN 1 
computers cannot ping LAN 2 computers because it doesn't understand 
their IP addresses.  Router 2 is given one DHCP address by Router 1 in 
the range of addresses assigned to LAN 1 and Router 2 generates IP 
addresses for the computers on LAN 2 which are independent IP addresses 
that cannot be seen anywhere else.

John Blomfield