LITTLEBLACKDOG.COM

Posted: Mon Sep 11, 2006 5:46 am Post subject: Printer over VPN

Ok, here's the setup. We have the office here (which I am in) multiple network printers and plotters for the engineers. We have an ISA firewall setup which also acts as a VPN server. We have one engineer that works offsite and uses VPN to get to the network, share files, print to plotters, etc...

The office engineer also has a plotter in his office. He is wanting to set it up so that our CAD guy here can print directly to his plotter. What would be the best way to go about doing this? Only thing I could think of would be to setup another VPN connection going in reverse from this office to his on our CAD guys computer and just leave it on all the time so that he can choose the network plotter in offsite guy's office and print to it when needed. But surely there is a better way?

Posted: Mon Sep 11, 2006 5:56 am Post subject:

I don't know much about VPN, so sorry if the suggestion below is not applicable because of it.

How is the plotter attached? If network, I would just open up port 9100 to that device if it supports IP Socket printing. Then, the local office users could just set up an IP socket port printer pointing to that device.

Posted: Mon Sep 11, 2006 6:08 am Post subject:

It does... and that could be done... but then... what are the chances that some yahoo port scanning is going to come across that and start spewing porn out of it as a joke.... isn't that pretty much not secure at all?

Posted: Mon Sep 11, 2006 7:13 am Post subject:

If it's an actual plotter, than the output sent to it needs to be a plot file or HP/GL output; it's unlikely at best the some sniffer kiddee is going to prepare such a file for output. (I suppose such a device could also possibly output plain ASCII text, which could be a problem if somebody sends it 'Lady Chatterlee's Lover' or some such thing).

Socket 9100 is commonly used for print data; it may be possible to change the port number to something else.

But seriously, I've had my LJ5 on an open socket for years and have never had an incident where *someone else* has decided to print to it. If they did, the worst thing that would happen is that paper is wasted, toner is used, and I have some new 'Research Material' to examine!

As apposed to Socket printing, you could also do LPR; LPR uses a control file which includes a username. The LPD could be set up to filter print jobs based on the username record. This would require a fancy print server (like Barr Enterprise Print Server (shameless plug)) and would be expensive.

Posted: Mon Sep 11, 2006 7:47 am Post subject:

Well, it's an HP Designjet 800ps, 42in model. Has it's own internal jet direct print server, ram, hard drive, etc... According to my CAD guy here you can print to it from anything, because it also does graphics.

http://h10010.www1.hp.com/wwpc/us/en/sm/WF06a/18972-236251-236266-12600-236266-25302.html

Edit: Oops, correction... that's what we have in the office here and I just assumed he had the same thing down there. But he actually has an HP 750c.... so that may change things a bit.

Posted: Tue Sep 12, 2006 7:42 am Post subject:

crewsr wrote:
But seriously, I've had my LJ5 on an open socket for years and have never had an incident where *someone else* has decided to print to it. .

Have you ever read the series of books called Stealing the Network? Trust me, a competent hacker can do a lot more with your HP printer then just print to it.

Posted: Tue Sep 12, 2006 10:46 am Post subject:

such as...

Posted: Wed Sep 13, 2006 7:27 pm Post subject: Re: Printer over VPN

GibsonSG wrote:
Ok, here's the setup. We have the office here (which I am in) multiple network printers and plotters for the engineers. We have an ISA firewall setup which also acts as a VPN server. We have one engineer that works offsite and uses VPN to get to the network, share files, print to plotters, etc...

The office engineer also has a plotter in his office. He is wanting to set it up so that our CAD guy here can print directly to his plotter. What would be the best way to go about doing this? Only thing I could think of would be to setup another VPN connection going in reverse from this office to his on our CAD guys computer and just leave it on all the time so that he can choose the network plotter in offsite guy's office and print to it when needed. But surely there is a better way?

What type of VPN capabilities does the remote office support? Would it be possible to setup a site to site VPN and enable two way capability?

Posted: Sun Sep 17, 2006 12:14 pm Post subject:

crewsr wrote:
such as...

use it as a mini webserver to save files in the memory.