Solved: ACL to allow only printing to a windows box

steve0miller · ‎08-10-2007

Hey Folks,

I have a guest PC that needs to be locked down so that it can only access the internet and print.

I created the ACL that allows only access to the internet and no other network resources, that's not a problem.

What I'm struggling with is creating a ACL that allows the PC to "whack" into a windows 2000 printer server box, connect to a print queue, then send print jobs to it. Has anyone ever done this? Any hints anyone can provide?

Thanks,

SM

ycae · ‎08-10-2007

Hi there,

what you can do is installing the TCP/IP Print services on your windows box. Like this your windows box will listen on TCP/515 which lpr. Than you just have to define on your PC a local port as TCP/IP LPR port. On the router you just need to allow tcp 515 to the server.

Hope that helped.

If you need more information, just let me know

Yves

View solution in original post

ycae · ‎08-10-2007

Hi there,

what you can do is installing the TCP/IP Print services on your windows box. Like this your windows box will listen on TCP/515 which lpr. Than you just have to define on your PC a local port as TCP/IP LPR port. On the router you just need to allow tcp 515 to the server.

Hope that helped.

If you need more information, just let me know

Yves

steve0miller · ‎08-10-2007

That's a darn good idea, gonna try that. Thanks.

steve0miller · ‎08-10-2007

Yves,

I tried your LPR trick, worked like a charm. I appreciate it.

-SM

steve0miller · ‎08-10-2007

So far I've allowed:

tcp 139

tcp 445

udp netbios-ns

udp netbios-dgm

tcp 135

When i "whack" into the windows box using either it's hostname or ip address, I get a box asking for authentication. I'm sure I'm just missing a port that I still gotta open. Anyone know?

Thanks,

SM

Jon Marshall · ‎08-10-2007

Hi Steve

Try ldap - port 389. Also you may need kerberos which if memory serves me right is TCP 88 but i could be wrong :)

Jon