Solved

Printer Sharing via NAT

Posted on 2008-06-17
7
433 Views
Last Modified: 2010-04-02
I have 2 companies that share the same Internet connection. They have separate staic IP's and separate DSL Routers:

                      Internet Modem
                         /                 \
           Company A         Company B
              Router                  Router

Company A has a high speed, multi-function copier that it would like to share with Company B. Other than the printer, all of the network resources for each company must remain completely isolated from the other, so VPN is out of the question.

My thought was to put a router between Company A and B.  The LAN side would face company A and the WAN side would face company B. Using a combinaton of NAT and either Port Forwading, DMZ, or Routing I would like to enable Company B to have complete access to the printer using a dedicated IP in it's own subnet.


                         Internet Modem
                         /                      \
           Company A              Company B
              Router                       Router
                /                                       \|
               +---------  Router  ----------+
              /         LAN              WAN     \  
             /                             192.168.   \
            /                               248.150     \
       Printer
192.168.254.150

So, for Company A users the printer would be at 192.168.254.150 and for Company B users the printer would be at 192.168.248.150.

I have fiddled around with the settings on several routers (Linksys, D-Link) but I have not been successful in making this work.

I have mostly been using a Linksys BEFSR41 but if I need a different device I am open to suggestions.
0
Comment
Question by:Lprager
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 2
7 Comments
 
LVL 21

Expert Comment

by:from_exp
ID: 21803063
hi!
I would suggest to place printer between router A and B. i mean on the same level.
than you there will be no need to install some firewall to protect network A from network B and vice verse.
if you don't have any spare ports in your internet modem, you can try to use switch.
the ip address of the printer should be visible only for both routers, so no default on it necessary.

0
 

Author Comment

by:Lprager
ID: 21803263
hi From_exp:

That would put my printer out on the internet. We want it behind the firewall for company A.

With a WAN address in the subnet in Company B and a LAN address from the Company A subnet it seems that all I need is for the router to work as expected. For example, we often port forward for VNC. The VNC client uses the WAN address to connect and the port is forwarded to the server on the LAN side. This works bidirectionally so I am confused as to the problem we are having with this method for the printer.
0
 
LVL 21

Expert Comment

by:from_exp
ID: 21810234
actually, if your routers support multiple IPs on the same interface, you can use private addresses for printer and routers (as secondary ips)
0
 

Author Comment

by:Lprager
ID: 21813135
from_exp,

Now I'm completely confused. Take the Linksys BEFSR41 for example. Can it do what your talking about? If so, how would I configure it in my topology?

If not, what router would you suggest to do it? Again how would I configure this to solve the printing issues?

Thanx
0
 
LVL 21

Accepted Solution

by:
from_exp earned 500 total points
ID: 21813299
Hi
ok, let me explain.
When you have two companies, which do have to their own secrets, so their network should be protected from each other, you have to place shared resources, such as printers, outside both networks, and what is more important, none of the companies should be able to configure it, because in most cases it is possible to tell printers save printed documents which can contain classified information.

So, considering written above, I would suggest the following scheme:

          internet router
                      |
                 router C
    /                 |                        \
  |                   |                         |
router A      printer                 router B

so routers A and B will nat traffic to the internet, but no to the printer.
router C should protect printer from outside and possible allow traffic from routers A and B to pass.

As for equipment, I suppose you're having some good stuff like cisco. if you have linksys-class equipment, you can use dd-wrt software to get advanced routing features.
0

Featured Post

Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Printers have changed substantially in the last 30 or so years, not just in technical capabilities but in cost and usage as well.  Printers were originally used for interfacing with the operator, not necessarily for printing copy or pictures. In …
Shadow IT is coming out of the shadows as more businesses are choosing cloud-based applications. It is now a multi-cloud world for most organizations. Simultaneously, most businesses have yet to consolidate with one cloud provider or define an offic…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
Suggested Courses
Course of the Month9 days, 2 hours left to enroll

615 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question