Re: Redirecting data sent to a local printer to another host and port on the network

• Previous message: Jan Soldaat: "Re: SCO sues Novell"
• In reply to: Jeff Liebermann: "Re: Redirecting data sent to a local printer to another host and port on the network"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Date: 26 Jan 2004 03:45:06 -0800

Jeff Liebermann <jeffl@comix.santa-cruz.ca.us> wrote in message news:<i1o810lisn6rq29rn727luaf3j1t355vre@4ax.com>...
> On 25 Jan 2004 12:54:53 -0800, fernandoronci@hotmail.com (Fernando
> Ronci) wrote:
>
> >I have a local network with an SCO 5.0.5 server running an accounting
> >application and several windows 98 workstations -each with its own
> >printer- accessing the SCO server via TinyTerm.
> >Here everything works OK. All client workstations have access to the
> >application and print to their respectively attached printers.
> >Also, there are two other Windows 98 workstations (each with its own
> >attached printer too) in a remote branch site, connected to the
> >central site through a cablemodem service provided by an ISP.
>
> If everything is going to the remote branch office via a single IP
> address (i.e. you're using NAT/PAT), then you can only have one remote
> netcat or LPR/LPD printer per IP port number. If you insist on
> implimenting this nightmare, you need to configure the router at the
> remote to redirect your netcat traffic to the workstation running the
> client lpd application. This is one case where using netcat just
> isn't gonna work.
>
> Also, simply redirecting netcat traffic on port 9100 to port 515 on
> the client machine is not going to magically turn netcat into a LPR
> client. Only LPR clients talk to LPD print server daemons. LPR
> clients also use more than port 515.
>
> >The goal is to allow users at the remote site (who also access the
> >application on the SCO server via TinyTerm) to print to their local
> >printers.
>
> Since you're using TinyTerm, you need to setup the OSR5 server lpr
> print spooler for each Windoze printer. This is fairly trivial with a
> simple LAN topology, and close to a nightmare when running through
> multiple routers with NAT/PAT.
> http://www.censoft.com/support/ttip7.php?src=
> I'm not all that familiar with your unspecified Tiny Term version and
> have no real clue as to how your network topology is arranged, so I
> can't offer any specific port forwarding recommendations. (Hint: No
> numbers, no specific answers).
>
> >For one client, the approach taken at the central site was
> >to configure a network printer on the SCO server and point it to a
> >windows 98 machine running a proxy (in this case the product used was
> >'hhproxy' for windows) which maps and forwards all traffic sent to
> >port 515 to the IP address (and port 515) of the actual remote
> >workstation at the branch site where the print job originated.
>
> The proxy server adds yet another layer of complications to the
> puzzle. It will also NOT solve the NAT problem. I like the idea, but
> it just won't work.
>
> >That
> >remote workstation runs 'winlpd', a windows lpd daemon that catches
> >traffic on port 515 and prints it on its local printer. This is
> >working perfectly well for this 1st remote client workstation.
>
> Yep. You've apparently successfuly redirected port 515 on the router
> to a specific machine. However, from a single WAN IP address, you can
> only redirect port 515 to a single Windoze workstation. Worse,
> LPR/LPD opens ports other than 515 which may or may not go through
> your unspecified make and model of firewall. Basically, lpr/lpd is
> rather NAT firewall unfriendly. I can usually make it work, but every
> once in a while, I run into a firewall that hates LPR/LPD.
>
> >The problem arises when I have to set up printing for the 2nd remote
> >client workstation because the mapping of port 515 already goes to the
> >1st one.
>
> Yep.
>
> >Can anyone please tell me what I did wrong or why netcat (and
> >therefore remote printing) is not functioning the way I thought it
> >should ?
>
> Netcat is not a protocol translator. You can't use it to juggle port
> numbers. Netcat can be set to use just about any port number.
> LPR/LPD cannot.
>
> >What would be the recommended or most appropriate approach
> >for this ?
>
> I never thought you'd ask. How much $$$ do you have invested in your
> firewalls? If they are the typical low end Linksys, DLink, or Netgear
> boxes, toss them and get a VPN firewall and build a real Virtual
> Private Network. NONE of the issues you're fighting are a problem
> with VPN's, which deliver the entire office network space to the
> remote office without any translations or black magic. I maintain one
> system with 4 remote offices. Since everything appears as one big
> network from anywhere, I have no problems with any software or
> services. The routers use the IPSec protocol to argue among
> themselves and deal with security. Therefore, there is no added
> software on any of the client or server boxes.
>
> I've used a variety of VPN routers for the purpose. My favorite is
> Sonicwall, but it's rather expensive. There are numerous cheaper
> models in the $100-$200 from the usual bottom of the line router
> vendors. All that I've tried work fine. If you have some questions
> on how a VPN works, ask here.

Thanks Tony and Jeff for your replies.
I'm going to try to convince the customer to invest some $ in new VPN hardware.

Fernando Ronci
E-mail: fernandoronci@hotmail.com

• Previous message: Jan Soldaat: "Re: SCO sues Novell"
• In reply to: Jeff Liebermann: "Re: Redirecting data sent to a local printer to another host and port on the network"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]