Solved

Printer Sharing via NAT

Posted on 2008-06-17
7
413 Views
Last Modified: 2010-04-02
I have 2 companies that share the same Internet connection. They have separate staic IP's and separate DSL Routers:

                      Internet Modem
                         /                 \
           Company A         Company B
              Router                  Router

Company A has a high speed, multi-function copier that it would like to share with Company B. Other than the printer, all of the network resources for each company must remain completely isolated from the other, so VPN is out of the question.

My thought was to put a router between Company A and B.  The LAN side would face company A and the WAN side would face company B. Using a combinaton of NAT and either Port Forwading, DMZ, or Routing I would like to enable Company B to have complete access to the printer using a dedicated IP in it's own subnet.


                         Internet Modem
                         /                      \
           Company A              Company B
              Router                       Router
                /                                       \|
               +---------  Router  ----------+
              /         LAN              WAN     \  
             /                             192.168.   \
            /                               248.150     \
       Printer
192.168.254.150

So, for Company A users the printer would be at 192.168.254.150 and for Company B users the printer would be at 192.168.248.150.

I have fiddled around with the settings on several routers (Linksys, D-Link) but I have not been successful in making this work.

I have mostly been using a Linksys BEFSR41 but if I need a different device I am open to suggestions.
0
Comment
Question by:Lprager
  • 3
  • 2
7 Comments
 
LVL 21

Expert Comment

by:from_exp
ID: 21803063
hi!
I would suggest to place printer between router A and B. i mean on the same level.
than you there will be no need to install some firewall to protect network A from network B and vice verse.
if you don't have any spare ports in your internet modem, you can try to use switch.
the ip address of the printer should be visible only for both routers, so no default on it necessary.

0
 

Author Comment

by:Lprager
ID: 21803263
hi From_exp:

That would put my printer out on the internet. We want it behind the firewall for company A.

With a WAN address in the subnet in Company B and a LAN address from the Company A subnet it seems that all I need is for the router to work as expected. For example, we often port forward for VNC. The VNC client uses the WAN address to connect and the port is forwarded to the server on the LAN side. This works bidirectionally so I am confused as to the problem we are having with this method for the printer.
0
 
LVL 21

Expert Comment

by:from_exp
ID: 21810234
actually, if your routers support multiple IPs on the same interface, you can use private addresses for printer and routers (as secondary ips)
0
 

Author Comment

by:Lprager
ID: 21813135
from_exp,

Now I'm completely confused. Take the Linksys BEFSR41 for example. Can it do what your talking about? If so, how would I configure it in my topology?

If not, what router would you suggest to do it? Again how would I configure this to solve the printing issues?

Thanx
0
 
LVL 21

Accepted Solution

by:
from_exp earned 500 total points
ID: 21813299
Hi
ok, let me explain.
When you have two companies, which do have to their own secrets, so their network should be protected from each other, you have to place shared resources, such as printers, outside both networks, and what is more important, none of the companies should be able to configure it, because in most cases it is possible to tell printers save printed documents which can contain classified information.

So, considering written above, I would suggest the following scheme:

          internet router
                      |
                 router C
    /                 |                        \
  |                   |                         |
router A      printer                 router B

so routers A and B will nat traffic to the internet, but no to the printer.
router C should protect printer from outside and possible allow traffic from routers A and B to pass.

As for equipment, I suppose you're having some good stuff like cisco. if you have linksys-class equipment, you can use dd-wrt software to get advanced routing features.
0

Featured Post

How your wiki can always stay up-to-date

Quip doubles as a “living” wiki and a project management tool that evolves with your organization. As you finish projects in Quip, the work remains, easily accessible to all team members, new and old.
- Increase transparency
- Onboard new hires faster
- Access from mobile/offline

Join & Write a Comment

Suggested Solutions

How to solve seemingly unsolvable printer issues. Users sometimes run into printing issues where all the normal steps do not seem to work. Well the steps below can show users how to take one extra step beyond the normal steps needed to remove old…
When I recently replaced my image transfer kit on my office HP color laserjet 5550dn printer, I had a slight problem.  The left bracket that holds the transfer kit got stuck in the upright locked position instead of being at a 45 degree angle facing…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

760 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

18 Experts available now in Live!

Get 1:1 Help Now