Solved

Two separate networks printing to one plotter - Is there a secure and easy way?

Posted on 2006-07-15
9
347 Views
Last Modified: 2008-01-09
I have a network with a large plotter (HP 750C) and another company is working with us on the premise and they have their own network which they will extend to this premise . Due to security policies, two separate networks must be maintained. There will always be two networks, theirs and ours, and this will never change.

I want both networks to print to the HP plotter because getting another plotter quite expensive.

I need to know how to share this one plotter between two networks securely.
We did some testing trying to use the existing jetdirect card for our network and hooking up another print server on the other network to the parrallel port on the printer.

This works if the jetdirect has recived a job and is processing it and a job is sent from the parallel port, the printer notifies the computer that sent the job to the parallel port that the printer is busy and waits.
If a job is sent over the parallel port and then a job is sent from the other network to the jet direct, the computer on the network that sent the job to the jetdirect gets an error that the printing cannot be completed.

I think this may be due to a bidirectional issue on the jetdirect and I am going to investigate this. I think the jetdirect should be able to tell the sending computer that the printer is busy instead of erroring out.

Anyways aside from this, does anyone have any good ideas about sharing one plotter between two networks?
Is there such a thing as a dual nic hardware print server? (aside from spending thousands on a W2K3 server license and a computer with two nics)

I was also thinking about IPP and somehow granting access to the plotter over the Internet. Anyone done this before and if so how does it work?
This has to be a secure solution due to security policies.
0
Comment
Question by:Spuds99
  • 4
  • 2
  • 2
9 Comments
 
LVL 43

Accepted Solution

by:
Steve Knight earned 500 total points
ID: 17115733
I was originally going to suggest running it from USB/parallel on one network and LAN on another but you've tried that...

I suggest you get a router/firewall to connect the networks.  Nothing facny needed, two basic cable routers with built in firewall would probably do as long as it can do port forwarding.  Then setup router #1 with an address on the WAN side as an address on the other client's network.  Set the second router up with an address on the WAN side as an address on your network.  Set both LAN sides up to the same range but different addresses, i.e. x.x.x.1 and x.x.x.2 and make sure DHCP server et.c is turned off.

Now setup a port forward for port 9100 or LPR (port 515) on both routers from the WAN side to the IP address of the printer on the LAN side.  The printer should then be on a differenet subnet to either of the clients.  Now either client can

You might also need a static route in each router so that client1 router has a static route that says client2 is accessible via the other router and viceversa.

If your budget can stretch more a proper Cisco type router with two or three LAN interfaces could do a better job.  With two you could have:

users, server @ Other client  -------  router ------ switch ------ plotter, server, other users

You'd set firewall rules to only allow outgoing connection on port 515 or 9100 from other client's IP range to specific IP of plotter ...

If you are both connected to the internet then that is an alternative but maybe a bit slow for plotter files which can be quit large which is why I didn;t suggest it --> again easiest way would be to put a port forward on the router on the network with the plotter, if it has reasonable firewall abilities it should be able to set a rule specifically from the outside interface of the other company to the inside address of the plotter only on two ports above - that is unencrypted data of course though it is in raw print spooler format.



Steve
0
 
LVL 23

Expert Comment

by:Erik Bjers
ID: 17116162
Read this topic on EE, exact same question.

http://www.experts-exchange.com/Networking/Q_21680226.html

Check out the accepted answer.

If this information repeats what dragon-it posted, I apoligize I did not read the entire link I posted, also if this is the case please award the points to dragon-it.

eb

0
 

Author Comment

by:Spuds99
ID: 17116221
Thanks for the responses. That was a good thread but I guess i should have made my self a little clearer. I am hoping not to spend money on a firewall or dual nic server. The company standard firewall which would have to be used is very expensive as well.

I am hoping for a simple solution and thought  someone would know of a print server that has dual NICs. I think IPP is an option so I am investigating IPP cabpable sprint servers. IPP over the Internet will be slow but I believe it will still work.
0
 
LVL 23

Expert Comment

by:Erik Bjers
ID: 17116234
Anything you use will endup connecting the 2 networks, I was unable to finde any 2 network print servers, but you can make your own by installing a second NIC in a PC and installing the printer as a local printer then sharing it out.

eb
0
Do You Know the 4 Main Threat Actor Types?

Do you know the main threat actor types? Most attackers fall into one of four categories, each with their own favored tactics, techniques, and procedures.

 
LVL 23

Expert Comment

by:Erik Bjers
ID: 17116236
Otherwise you need routing from one network to the other (you can create a single static route that points to the IP of the printer.

eb
0
 

Author Comment

by:Spuds99
ID: 17116484
Welp, I'm going to give a bitronic auto switch a try with two print servers, one on each network.
0
 
LVL 23

Expert Comment

by:Erik Bjers
ID: 17116515
worth a try
0
 
LVL 43

Expert Comment

by:Steve Knight
ID: 17352080
Thanks for the points in the end.. I presume you went for the lo-tech but works switchbox method in the end!

Steve
0

Featured Post

Better Security Awareness With Threat Intelligence

See how one of the leading financial services organizations uses Recorded Future as part of a holistic threat intelligence program to promote security awareness and proactively and efficiently identify threats.

Join & Write a Comment

Have you ever set up your wireless router at home or in the office to find that you little pop-up bubble in the bottom right-hand corner of Windows read "IP Conflict - One of more computers on the network have been assigned the following IP address"…
Greetings, Experts! First let me state that this website is top notch. I thoroughly enjoy the community that is shared here; those seeking help and those willing to sacrifice their time to help. It is fantastic. I am writing this article at th…
Excel styles will make formatting consistent and let you apply and change formatting faster. In this tutorial, you'll learn how to use Excel's built-in styles, how to modify styles, and how to create your own. You'll also learn how to use your custo…
This tutorial demonstrates a quick way of adding group price to multiple Magento products.

746 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

11 Experts available now in Live!

Get 1:1 Help Now