Hi all, How do I configure printing across a VPN between different subnets (192.168.0.0 and 192.168.1.0). Linux and Win clients prints in the same subnet it is in (192.168.0.0) on Network Printers with NIC in the printers. When I print to the other subnet 192.168.1.0 with a Windows client from the 192.168.0.0 subnet it works. From the 192.168.0.0 subnet the Windows shares on a Samba server is also available with 'net use ...' on the 192.168.1.0 subnet to the Windows clients. If I want to print with Linux from subnet 192.168.1.0 to 192.168.1.0, it does not find the printers. Our AS400 also can not print from the 192.168.0.0 subnet to the 192.168.1.0 subnet. Why can Windows print and Linux and AS400 not print accross the subnets? The Linux clients in subnet 192.168.0.0 can ping all printers in the 192.168.1.0 subnet, but not print to them; but Windows can print on them. :-) Al
On Wednesday 02 August 2006 00:22, LLLActive@GMX.Net wrote:
The Linux clients in subnet 192.168.0.0 can ping all printers in the 192.168.1.0 subnet, but not print to them; but Windows can print on them.
Odd. I can print at my printer at the office from home. No problem. If you have nics in the printers (also called jet-direct), you set up the printer in your Linux machine's cups definition as an ipp printer or a socket printer with something like DeviceURI socket://192.168.1.xxx:9100 (see /etc/cups/printers.conf ) -- _____________________________________ John Andersen
On Wed, 2006-08-02 at 00:36 -0800, John Andersen wrote:
On Wednesday 02 August 2006 00:22, LLLActive@GMX.Net wrote:
The Linux clients in subnet 192.168.0.0 can ping all printers in the 192.168.1.0 subnet, but not print to them; but Windows can print on them.
Odd. I can print at my printer at the office from home. No problem.
If you have nics in the printers (also called jet-direct), you set up the printer in your Linux machine's cups definition as an ipp printer or a socket printer with something like DeviceURI socket://192.168.1.xxx:9100 (see /etc/cups/printers.conf )
Hi John, Thanx for the info. I have tried all forms of print setup. TCP print works in the local subnet, but Linux cannot find the printer in the other subnet. :-/ Al
Hello, On Aug 2 10:22 LLLActive@GMX.Net wrote (shortened):
The Linux clients in subnet 192.168.0.0 can ping all printers in the 192.168.1.0 subnet, but not print to them
See our online "Reference" manual for some basic tests regarding network printer access (e.g. RPM package suselinux-manual_en), see the item "Network Printer Connections" in the "Troubleshooting" section in the "Printer Operation" chapter. As you carefully avoided to specify which Suse Linux version you use, I cannot point you to an exact URL ;-) Furthermore you must set up the network interfaces in the network printers to accept data from the matching source IPs (perhaps by default to be safe they may not accept data form IPs which do not belong to their sub-net). By the way: Have our firewall in mind: For a test simply switch it off using "rcSuSEfirewall2 stop". If the printers and the client systems are in an internal network (and when you trust all what there is in your internal network), your network interfaces must be set to be in the "internal zone". It doesn't make sense to have a network setup in a trusted internal network with network interfaces which belong to the (untrusted) "external zone" (which is the default to be safe). Kind Regards Johannes Meixner -- SUSE LINUX Products GmbH, Maxfeldstrasse 5 Mail: jsmeix@suse.de 90409 Nuernberg, Germany WWW: http://www.suse.de/
On Wed, 2006-08-02 at 11:18 +0200, Johannes Meixner wrote:
See our online "Reference" manual for some basic tests regarding network printer access (e.g. RPM package suselinux-manual_en), see the item "Network Printer Connections" in the "Troubleshooting" section in the "Printer Operation" chapter.
Done so. It does not address anything regarding other subnets. If I do the tests on the local subnet, all works perfectly. Just when another subnet is used, it does not find the printers, even though a ping does find it. #### The results: #################################################### ***** LOCAL IBM Network Printer 17 in subnet 192.168.0.0 ************* L10-WS:~ # nmap 192.168.0.153 Starting Nmap 4.00 ( http://www.insecure.org/nmap/ ) at 2006-08-02 12:33 CEST Interesting ports on 192.168.0.153: (The 1666 ports scanned but not shown below are in state: closed) PORT STATE SERVICE 23/tcp open telnet 80/tcp open http 515/tcp open printer 2048/tcp open dls-monitor 2501/tcp open rtsclient 5001/tcp open commplex-link MAC Address: 00:60:94:60:E7:D5 (IBM) ***** LOCAL HP LJ 5M in subnet 192.168.0.0 ***************************** Nmap finished: 1 IP address (1 host up) scanned in 11.111 seconds L10-WS:~ # nmap -p 35,137-139,515,631,9100-10000 192.168.0.160 Starting Nmap 4.00 ( http://www.insecure.org/nmap/ ) at 2006-08-02 12:45 CEST Interesting ports on 192.168.0.160: (The 905 ports scanned but not shown below are in state: closed) PORT STATE SERVICE 515/tcp open printer 9100/tcp open jetdirect MAC Address: 08:00:09:DD:62:A8 (Hewlett Packard) ***** LOCAL IBM Network Printer 17 in subnet 192.168.0.0 ************* Nmap finished: 1 IP address (1 host up) scanned in 12.358 seconds L10-WS-:~ # nmap -p 35,137-139,515,631,9100-10000 192.168.0.153 Starting Nmap 4.00 ( http://www.insecure.org/nmap/ ) at 2006-08-02 12:46 CEST Interesting ports on 192.168.0.153: (The 906 ports scanned but not shown below are in state: closed) PORT STATE SERVICE 515/tcp open printer MAC Address: 00:60:94:60:E7:D5 (IBM) Nmap finished: 1 IP address (1 host up) scanned in 9.895 seconds ***** REMOTE over OpenVPN Ricoh Aficio 220 in subnet 192.168.1.0 ****** L10-WS:~ # nmap -p 35,137-139,515,631,9100-10000 192.168.1.3 Starting Nmap 4.00 ( http://www.insecure.org/nmap/ ) at 2006-08-02 12:47 CEST Interesting ports on 192.168.1.3: (The 904 ports scanned but not shown below are in state: closed) PORT STATE SERVICE 515/tcp open printer 631/tcp open ipp 9100/tcp open jetdirect Nmap finished: 1 IP address (1 host up) scanned in 25.331 seconds *** REMOTE over OpenVPN IBM Network Printer 17 in subnet 192.168.1.0 *** L10-WS:~ # nmap -p 35,137-139,515,631,9100-10000 192.168.1.4 Starting Nmap 4.00 ( http://www.insecure.org/nmap/ ) at 2006-08-02 12:47 CEST Interesting ports on 192.168.1.4: (The 906 ports scanned but not shown below are in state: closed) PORT STATE SERVICE 515/tcp open printer ################## END Results ########################################
As you carefully <hehe> avoided to specify which Suse Linux version you use, I cannot point you to an exact URL ;-)
Pardon, it's my lack of info. The workstations are SUSE 10.1 boxed version. The firewalls are on SUSE 9.2 Pro boxed version.
Furthermore you must set up the network interfaces in the network printers to accept data from the matching source IPs (perhaps by default to be safe they may not accept data form IPs which do not belong to their sub-net).
Have not figured out how to do that, if it is something other than that I should set the IP 192.168.0.xxx and Netmask 255.255.255.0 with Default Gateway 192.168.0.xxx in the Printer menus.
By the way: Have our firewall in mind:
For a test simply switch it off using "rcSuSEfirewall2 stop".
As a test I configured the /etc/sysconfig/SuSEfirewall2 to keep the routing when it unloads the rules when stopping the firewall. Without the firewalls, the non-functioning of printing in the other subnet is the same as before.
If the printers and the client systems are in an internal network
It is in another subnet over OpenVPN routed and not bridged. What is the difference between M$ Win and Linux in the printing situation? Why can M$ print and Linux not? :-/ Al
Hello, On Aug 2 14:08 LLLActive@GMX.Net wrote (shortened):
***** LOCAL HP LJ 5M in subnet 192.168.0.0 ***************************** ... Interesting ports on 192.168.0.160: ... 9100/tcp open jetdirect ... ***** REMOTE over OpenVPN Ricoh Aficio 220 in subnet 192.168.1.0 ****** ... Interesting ports on 192.168.1.3: ... 9100/tcp open jetdirect
Both look accessible. Therefore what results the "netcat" test for those printers? See the same section in our "Reference" manual.
It is in another subnet over OpenVPN routed and not bridged. What is the difference between M$ Win and Linux in the printing situation? Why can M$ print and Linux not?
Obviously if I had some magic knowledge what "the difference" is, or "why it doesn't work for you", I would tell you but up to now I have no idea what the reason is in your particular case. Furthermore you didn't tell any details about how you have set up the queues for those printers so that I have no chance to guess what might be wrong in your particular case. Finally I am no OpenVPN expert so that I cannot help you, if the reason is your OpenVPN setup. Kind Regards Johannes Meixner -- SUSE LINUX Products GmbH, Maxfeldstrasse 5 Mail: jsmeix@suse.de 90409 Nuernberg, Germany WWW: http://www.suse.de/
participants (3)
-
Johannes Meixner -
John Andersen -
LLLActive@GMX.Net