1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Access Print Server Remotely

Discussion in 'Tomato Firmware' started by Danation, Feb 3, 2012.

  1. Danation

    Danation Networkin' Nut Member

    I have successfully set up my E3000 with my printer. I'm running Toastman's firmware. I can successfully print from my LAN, which is pretty awesome.

    However, my wife would like to be able to print from her school. I don't see any reason why that would be impossible, but I can't seem to get it working. I added the printer just like I would with a LAN printer, except I used my public IP address (I tried both my DDNS address and the IP address directly.) Unfortunately, it doesn't seem to print. I tried doing some weird port forwarding where I forward port 9100 to my router's IP address, but that didn't help.

    Is this possible? If so, does anybody have any suggestions?
  2. kthaddock

    kthaddock Network Guru Member

    Easy, set up SSH and install network-printer driver. Then you can print from WAN-side
  3. Danation

    Danation Networkin' Nut Member

    Thank you for your reply. I have SSH set up currently for secure browsing tunnels, but I'm not sure how I would set it up for printing. Could you tell me more about that?
  4. kthaddock

    kthaddock Network Guru Member

    What OP do you use ?
  5. lancethepants

    lancethepants Network Guru Member

    Try this out. I use something similar when runing nginx on my router to allow wan connections. Put it into the firewall script area and reboot.

    iptables -I INPUT -p tcp --dport 9100 -j ACCEPT
    Danation likes this.
  6. Danation

    Danation Networkin' Nut Member

    I'm not sure what you mean by OP (sorry, I'm a little new to this.)

    Thank you for the suggestion. I will give it a try and let you know how it goes.
  7. Danation

    Danation Networkin' Nut Member

    Well, that didn't work from my office, but that could be due to the firewall here. I'll give it a try after work and see if I have better luck.
  8. kthaddock

    kthaddock Network Guru Member

    Oh sorry, I meant operating system ex win XP, Vista, Win 7 or maby linux !
  9. Danation

    Danation Networkin' Nut Member

    Oh ok. I'm on Windows 7 64-bit
  10. kthaddock

    kthaddock Network Guru Member

    Okey thats good. Have you SSH working? If then connect and in win7 add printer and choose network-printer.
    (Hm is it a LAN-conected printer?) choose LAN or USB printer, install driver. After that you should print!
    Danation likes this.
  11. eahm

    eahm LI Guru Member

    OS? Operating System? :)
  12. kthaddock

    kthaddock Network Guru Member

    okey. got it :eek:
  13. eahm

    eahm LI Guru Member

    I know I know I was kidding :D
  14. Danation

    Danation Networkin' Nut Member

    Good news! This did work over a tethered connection and also through my neighbor's wireless. Thanks!

    You're right. I was able to get this to work from my office. Thanks!


    The benefit of SSH is that it will work on pretty much any connection (since I'm running my SSH through port 443.) Unfortunately, it's probably too much hassle for my wife.
    The benefit of the firewall iptables command is that after setup, it requires no extra work. Unfortunately, some firewalls block it (probably blocking port 9100.)

    So I'm trying to figure out how to get the best of both worlds. Is there a way to configure the print server to use a commonly accessed port, such as 80 or 110?

    Thanks again for the prompt and helpful replies. I'm very impressed with this forum.
  15. kthaddock

    kthaddock Network Guru Member

    The problem if you have a way in to your printer is other can reach your network, eg
    I recomend to use some identify to prevent unauthorized connecting to your network.

  16. lancethepants

    lancethepants Network Guru Member

    You can setup your router to open up any port you want, then have it internally redirect to your printing port.

    First, place the following in 'Init' script: This loads a necessary module to redirect incoming ports.
    insmod ipt_REDIRECT

    Then in 'Firewall' scripts:
    iptables -A INPUT -p tcp --dport 1234 -j ACCEPT
    iptables -A PREROUTING -t nat -p tcp --dport 1234 -j REDIRECT --to-port 9100

    Replace '1234' with the desired port you want to connect to globally, then reboot. I actually just tried this with OpenVPN running on the router (changing the protocol to udp). Now it will accept connections from 2+ ports.

    Admittedly, this does open up the print service to the world, as kthaddock mentioned. Even nmap's most basic port scans will look for port 9100. For that same reason I changed my ssh port to something very high because I didn't like my logs being filled with failed attempts to gain ssh access to my router. This however won't work in your case since you have a limited subset of available ports from your work.

    Alternatively you could replace the first firewall script with one or more of the following script.

    iptables -A INPUT -p tcp --dport 1234 -s xxx.xxx.xxx.xxx -j ACCEPT

    Simply replace xxx.xxx.xxx.xxx with the public ip address that you will allow to access the print server. Just as long as the places that access the print service don't have dynamic ip addresses, or else it wouldn't be worth it to constantly update the firewall scripts. I imagine that your place of employment and your wife's school would have static ip addresses.

    You could also make it very simple to ssh into the router for your wife. I use cygwin on my work machine, and have created a simple .bat file I can click on from the desktop that will run a script to ssh from cygwin automatically.
  17. Danation

    Danation Networkin' Nut Member

    What's the disadvantage to allowing anybody access to the print server? If somebody decides to print out 500 pages, that would be annoying but it wouldn't be the end of the world. It's not very likely to happen, in any case.

    Is it possible to control the router through the print server in some way?

    I guess I'm just not quite understanding what the risks are.
  18. lancethepants

    lancethepants Network Guru Member

    I think you pretty much summed up the risks. Opening that single port (or whichever port you map it to) shouldn't grant any additional access to the rest of the router.

    edit: If you could narrow it down to a few IPs, that would greatly secure things up. You could also setup OpenVPN to run on the router. If you wanted you could run it as a service on a laptop, then you'd know you'd have access anytime you were on the internet. Or just have it manually connect, that's easy enough too. Just some other suggestions.
  19. Danation

    Danation Networkin' Nut Member

    Well, as long as the only risk is printer abuse, I won't worry about it too much. Thanks again for your help :)

Share This Page