Solved

Two separate networks printing to one plotter - Is there a secure and easy way?

Posted on 2006-07-15
9
350 Views
Last Modified: 2008-01-09
I have a network with a large plotter (HP 750C) and another company is working with us on the premise and they have their own network which they will extend to this premise . Due to security policies, two separate networks must be maintained. There will always be two networks, theirs and ours, and this will never change.

I want both networks to print to the HP plotter because getting another plotter quite expensive.

I need to know how to share this one plotter between two networks securely.
We did some testing trying to use the existing jetdirect card for our network and hooking up another print server on the other network to the parrallel port on the printer.

This works if the jetdirect has recived a job and is processing it and a job is sent from the parallel port, the printer notifies the computer that sent the job to the parallel port that the printer is busy and waits.
If a job is sent over the parallel port and then a job is sent from the other network to the jet direct, the computer on the network that sent the job to the jetdirect gets an error that the printing cannot be completed.

I think this may be due to a bidirectional issue on the jetdirect and I am going to investigate this. I think the jetdirect should be able to tell the sending computer that the printer is busy instead of erroring out.

Anyways aside from this, does anyone have any good ideas about sharing one plotter between two networks?
Is there such a thing as a dual nic hardware print server? (aside from spending thousands on a W2K3 server license and a computer with two nics)

I was also thinking about IPP and somehow granting access to the plotter over the Internet. Anyone done this before and if so how does it work?
This has to be a secure solution due to security policies.
0
Comment
Question by:Spuds99
  • 4
  • 2
  • 2
9 Comments
 
LVL 43

Accepted Solution

by:
Steve Knight earned 500 total points
ID: 17115733
I was originally going to suggest running it from USB/parallel on one network and LAN on another but you've tried that...

I suggest you get a router/firewall to connect the networks.  Nothing facny needed, two basic cable routers with built in firewall would probably do as long as it can do port forwarding.  Then setup router #1 with an address on the WAN side as an address on the other client's network.  Set the second router up with an address on the WAN side as an address on your network.  Set both LAN sides up to the same range but different addresses, i.e. x.x.x.1 and x.x.x.2 and make sure DHCP server et.c is turned off.

Now setup a port forward for port 9100 or LPR (port 515) on both routers from the WAN side to the IP address of the printer on the LAN side.  The printer should then be on a differenet subnet to either of the clients.  Now either client can

You might also need a static route in each router so that client1 router has a static route that says client2 is accessible via the other router and viceversa.

If your budget can stretch more a proper Cisco type router with two or three LAN interfaces could do a better job.  With two you could have:

users, server @ Other client  -------  router ------ switch ------ plotter, server, other users

You'd set firewall rules to only allow outgoing connection on port 515 or 9100 from other client's IP range to specific IP of plotter ...

If you are both connected to the internet then that is an alternative but maybe a bit slow for plotter files which can be quit large which is why I didn;t suggest it --> again easiest way would be to put a port forward on the router on the network with the plotter, if it has reasonable firewall abilities it should be able to set a rule specifically from the outside interface of the other company to the inside address of the plotter only on two ports above - that is unencrypted data of course though it is in raw print spooler format.



Steve
0
 
LVL 23

Expert Comment

by:Erik Bjers
ID: 17116162
Read this topic on EE, exact same question.

http://www.experts-exchange.com/Networking/Q_21680226.html

Check out the accepted answer.

If this information repeats what dragon-it posted, I apoligize I did not read the entire link I posted, also if this is the case please award the points to dragon-it.

eb

0
 

Author Comment

by:Spuds99
ID: 17116221
Thanks for the responses. That was a good thread but I guess i should have made my self a little clearer. I am hoping not to spend money on a firewall or dual nic server. The company standard firewall which would have to be used is very expensive as well.

I am hoping for a simple solution and thought  someone would know of a print server that has dual NICs. I think IPP is an option so I am investigating IPP cabpable sprint servers. IPP over the Internet will be slow but I believe it will still work.
0
 
LVL 23

Expert Comment

by:Erik Bjers
ID: 17116234
Anything you use will endup connecting the 2 networks, I was unable to finde any 2 network print servers, but you can make your own by installing a second NIC in a PC and installing the printer as a local printer then sharing it out.

eb
0
New My Cloud Pro Series - organize everything!

With space to keep virtually everything, the My Cloud Pro Series offers your team the network storage to edit, save and share production files from anywhere with an internet connection. Compatible with both Mac and PC, you're able to protect your content regardless of OS.

 
LVL 23

Expert Comment

by:Erik Bjers
ID: 17116236
Otherwise you need routing from one network to the other (you can create a single static route that points to the IP of the printer.

eb
0
 

Author Comment

by:Spuds99
ID: 17116484
Welp, I'm going to give a bitronic auto switch a try with two print servers, one on each network.
0
 
LVL 23

Expert Comment

by:Erik Bjers
ID: 17116515
worth a try
0
 
LVL 43

Expert Comment

by:Steve Knight
ID: 17352080
Thanks for the points in the end.. I presume you went for the lo-tech but works switchbox method in the end!

Steve
0

Featured Post

Is Your Active Directory as Secure as You Think?

More than 75% of all records are compromised because of the loss or theft of a privileged credential. Experts have been exploring Active Directory infrastructure to identify key threats and establish best practices for keeping data safe. Attend this month’s webinar to learn more.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Sometimes you might need to configure routing based not only on destination IP address, but also on a combination of destination IP address (or hostname) and destination port number. I will describe a method how to accomplish this with free tools. …
Greetings, Experts! First let me state that this website is top notch. I thoroughly enjoy the community that is shared here; those seeking help and those willing to sacrifice their time to help. It is fantastic. I am writing this article at th…
This Micro Tutorial will give you a basic overview how to record your screen with Microsoft Expression Encoder. This program is still free and open for the public to download. This will be demonstrated using Microsoft Expression Encoder 4.
This Micro Tutorial demonstrates using Microsoft Excel pivot tables, how to reverse engineer competitors' marketing strategies through backlinks.

896 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

11 Experts available now in Live!

Get 1:1 Help Now