Results 1 to 9 of 9
Thread: Limit Network Printer Access
Enjoy an ad free experience by logging in. Not a member yet? Register.
Limit Network Printer Access
I attend a school where they give us only one Ethernet port per student. However, I have two computers. So I am using an Ethernet hub, with my Linux desktop, MacBook Pro, and HP printer plugged into it. In this way, everybody gets Internet access, and both of my machines can see my printer.
The problem now is that because the printer is on the network, anybody can print to it. And for some reason, people like printing 500 pages and using up all of my paper.
Now, the way I see it, there are two possibilities (and I don't know how to do either):
1) Leave the printer plugged into the Ethernet hub and somehow limit access
2) Plug the printer into my Linux box and somehow share it with my laptop
Does anyone know how to accomplish either of these, or some other process?
01-18-2008 #2Originally Posted by Cabhan
A quick and easy solution would be to spring for a router/NAT device. This device would then have the only externally facing NIC, with a second, internally facing NIC and a dhcp server so that you're on your own little private LAN.
Another solution would be to plug the printer into the Linux box (usb?) and then install cups on it to share with your Macbook. Installing and configuring cups is pretty trivial on CentOS (depending on your printer). I've never tried on Gentoo, but I figure with their extensive documentation it should be a snap. Once cups is installed you can control access to it at the application level (there are cupsd.conf directives) or even using iptables or tcp wrappers.
I considered the router solution, but I really don't want to buy one.
However, you were right about the sharing via CUPS. I need to pick up a USB cable, but once I do, I should be able to get that working easily. Gentoo has some documentation on it. I feel a little silly for not checking there first .
So it's time for some new snags.
I have changed my setup such that my printer is connected via USB to my Linux box. My laptop is setup, and can view the printer over the Internet (and even getting that far was an extraordinary pain).
The printer works under Linux. On my laptop, I can go to the web interface of my desktop and print a test page. So it would seem to be working.
It is not.
Whenever I try to print from my laptop, I get an error. In my error log, I see lines such as:
"POST /printers/Dorm_Printer HTTP/1.1" 200 24071 Print-Job server-error-not-accepting-jobs
The printer is connecting to:
and this is certainly the correct queue and IP.
Any ideas? I'm rather stuck at this point.
I know at my college I went to (WPI btw!!) didn't allow the usage of routers, but if you don't want to buy one you could still configure your gentoo box to do routing through iptables
01-25-2008 #6Originally Posted by Cabhan
Is that ipp:// URI what you entered into your Macbook?
I have the same setup at home as you (Macbook printing over ipp to a CentOS cups server). Remember to poke holes in the gentoo packet filtering rules for tcp/udp 631.
Yes. I can print locally from the Linux box. The problem is only with connecting from my MacBook.
And yes, I have my MacBook connecting to that ipp:// URI.
I'm not too experienced with network stuffs, so maybe I'm a bit confused here. I don't even have iptables installed, so I'm not sure how I'm supposed to open up that port (rather, how do I know that it's even blocked? I can connect through HTTP over port 631).
Thanks though. This might actually work!
01-25-2008 #8Originally Posted by Cabhan
FWIW, another quick way to test from your Macbook is:
$ nc -z linux.box.ip 631 && echo 'Port is open!'
That will echo the message only if tcp 631 is open to the Macbook.
Anyway, can you change the directive to LogLevel debug in your cupsd.conf? You'll need to restart cupsd afterwards.
Then tail your error_log while trying to print from the Macbook. As you've noticed, cups is complex and sometimes difficult to troubleshoot. Hopefully that will provide some good clues.
And, naturally, the Linux side was set up perfectly fine. The problem ended up being with the MacBook Pro.
Basically, the Mac OS X System Preferences don't set up printers properly (they use ipp://IP/queue/QUEUE; CUPS uses ipp://IP/printers/QUEUE). I then tried using lpadmin from the commandline, and that seemed to add the printer correctly, but the problem was on the Mac OS X side, with the printer not accepting jobs on the Mac OS X side. When I tried to enable jobs, it patched me through to my Linux box (as it recognized it as a remote printer), but there I got Permission Denied (as I should have).
I finally went through the CUPS admin panel (cPanelŽ, just like in Linux), and added it from there, and found great success.
Thanks for your help, all!