[Discuss] CUPS Remote Printer

Sun Mar 16 17:44:45 PDT 2008

On 16-Mar-08, at 10:45 AM, John Blomfield wrote:

> John Blomfield wrote:
>> Murray Strome wrote:
>>> John Blomfield wrote:
>>>> Murray Strome wrote:
>>>>> My main printer is an Okidata OL600e B&W LED printer which is  
>>>>> physically connected to my wife's printer.  Through new  
>>>>> installs, upgrades, etc. I have never really had to do much to  
>>>>> have it accessible to all my computers.  However, since re- 
>>>>> installing Kubuntu on my wife's computer, I cannot no longer  
>>>>> access it.  I imagine that it has something to do with my  
>>>>> ability to access her computer. I have not changed any settings  
>>>>> in my routers. The simplified configuration is:
>>>>>
>>>>>
>>>>>   --------                   --------------- ----               
>>>>> --------------------
>>>>>  | router|------------- |  Computer 1  |----------|Okidata  
>>>>> Printer|
>>>>>  |           |----             -------------------              
>>>>> --------------------
>>>>>  ----------     |
>>>>>                   |                           
>>>>> ---------------        ---- --------------               |   
>>>>> router #2 |------|  Computer 2 |
>>>>>        ----------------        --------------------   Of course,  
>>>>> there are other computers connected to router & router 2, and  
>>>>> other printers on both Computer 1 and Computer 2. The first  
>>>>> router is connected to a cable modem box, then to Shaw cable.
>>>>>
>>>>> All the computers used DHCP to get their addresses, as do the  
>>>>> routers.  I have changed Computer 1 to fixed address (one the  
>>>>> router originally assigned to it), but that did not make any  
>>>>> difference.
>>>>>
>>>>> From Computer 2, I can ping router or Computer 1 (or anything  
>>>>> else connected on that router) from Computer 2. I can ping  
>>>>> router 2 from Computer 1 using the address "leased" to it by  
>>>>> router, but I cannot ping to Computer 2 from Computer 1.  I can  
>>>>> connect to the internet from everywhere without any problem.  If  
>>>>> I try to add a network CUPS printer in Computer 2, it cannot  
>>>>> access Port 631 on the address assigned to Computer 1 by router.
>>>>>
>>>> You need to open the router #2 firewall so that computer 1 can  
>>>> see computer 2.  It depends on the brand of router and its  
>>>> software how you do this.  Have a look and the firewall rules for  
>>>> router #2, it should have a menu item that allows you to do  
>>>> this.  As a last resort you could put Computer 2 in the DMZ  
>>>> (Demilitarized Zone) as it would still be protected by the other  
>>>> router.  Incidentally why do you need router #2 would not a  
>>>> switch do just as well unless it has to be secure from Computer 1  
>>>> and the others on router?
>>>>
>>>> John Blomfield
>>> I am not sure HOW to open router #2 firewall so that computer #1  
>>> can see computer 2. Router #2 is a Trendnet TEW-432BRP. I see a  
>>> setting on the Trendnet to enable DMZ but it wants a DMZ host IP;  
>>> what would that be, or is that what I should be doing?
>>>
>>> The reason I am using router #2 is that two of my computers are in  
>>> another room, quite far from the cable modem.  I had run one  
>>> ethernet cable through the walls to that room, but it was enough  
>>> of a chore to do so that I did not want to run another one  
>>> (besides, all the ports on the first one were in use).  I tried to  
>>> use a wireless card for the second computer, which worked (sort  
>>> of) on one of the computers if I used Windows XP on it, but I  
>>> could never get a very good signal, and I was never able to get it  
>>> working with LINUX.  There was a very good price on the Trendnet  
>>> (cheaper than another cable), and it did the trick without any  
>>> effort until now.
>>>
>>> Murray
>>>
>> Since there is no security issue with router 2 network computers  
>> you can try this way.  Set the range of DHCP on Router 1 to say  
>> 192.168.0.2 to 192.168.0.10 and the range of Router 2 DHCP from  
>> 192.168.0.11 to 192.168.0.20 (the first three groups of numbers i.e  
>> 192.168.0 may be different on your routers), then again in Router 2  
>> look for the "Inbound Filter Rules" and "enable" the range the to  
>> 192.168.0.11 to 192.168.0.20 and set the action to "Allow".  This  
>> should allow computer 1 to see computer 2 through the firewall.   
>> Depending on the router software it may not be as obvious as this,  
>> you may have to set the something like this WAN * to LAN * "Allow"  
>> meaning all data from the WAN side (which is in your case not a WAN  
>> but Router 1) and * meaning everything is allowed to the LAN side  
>> (meaning in your case Computer 2 and others) and again * meaning  
>> everything.  The problem is that every router software is different  
>> even among routers from the same manufacture depending on age so  
>> its hard to be specific with out seeing your actual router software  
>> interface.
>>
>> To try the DMZ approach you must set you Computer 2 in the router  
>> to a fixed IP address and then set the DMZ host to that IP address  
>> but make sure its different from the range of addresses served by  
>> Router 1.  You can set the IP address range for Router 2 to  
>> practically anything that falls within the guide lines e.g  
>> 192.168.2.0 - 255.
>>
>> John Blomfield
>>
>> _______________________________________________
>> Discuss mailing list
>> Discuss at vlug.org
>> http://ladybug.vlug.org/cgi-bin/mailman/listinfo/discuss
>>
> Murray, the more I think about your problem the more I think the DMZ  
> method will best suit your purpose.  I don't think you can easily  
> turn a router into a simple switch since a router's function is to  
> isolate your network (LAN) from the internet (WAN) and hide the  
> addresses on your LAN from others out on the WAN.  Turning off the  
> DHCP will not change this it will block everything that does not  
> have a static IP address allocated.

Dear John,

In reality you would not "turn a router in to a simple switch" as it  
is in fact ALREADY a simple switch when ONLY using the LAN side  
ports.  After all a typical off-the-shelf router is a "simple  
switch" (LAN ports) + firewall/routing (when using the WAN port).  I  
agree that this solution would not hold true if the router device in  
question was a Sonicwall or other business class router as they have  
the built-in "smarts" (routing rules) to deny unwanted/unknown subnet  
traffic.

If you re-read my post you will see that I explicitly mentioned using  
LAN ports.  By NOT using the WAN side port of the router you are  
completely bypassing the router aspect of the device.  The reason I  
further mentioned turning DHCP off is to remove the possibility of  
having a removing DHCP conflict requests by the LAN devices  
(computers, printers, etc).

If for some reason the DHCP requests were not being passed through the  
2nd Router from the 1st Router static IP address would need to be  
assigned to all devices plugged in to the 2nd Router.  This has not  
been the case in my experience however.

I cannot emphatically state this will work with all consumer level  
routers only that it has worked will all makes and models I have tried  
it with (D-Link, Linksys & TrendNet to be specific).

Jeremy

ps:  Good luck Murray getting your printer situation resolved!