| View previous topic :: View next topic |
| Author |
Message |
thegeekiator
n00b
Joined: 29 Feb 2004
Posts: 8
|
 Posted: Wed Jun 22, 2005 10:06 pm Post subject: printing through an ssh tunnel |
 |
|
My work site has a highly restricive firewall that does not allow for 631 or 515 to go out through it. I have quite a few users off-site who login to our gateways and into Linux boxen on a private network. Here's the problem- these users need to print from machines on the private 192.168 non-routable subnet to a printer on their local network. They are also on a private network with non-routable ip addresses. Ayuda!
-Aaron |
|
| Back to top |
|
 |
adaptr
Watchman
Joined: 06 Oct 2002
Posts: 6730
Location: Rotterdam, Netherlands
|
| Posted: Wed Jun 22, 2005 11:05 pm Post subject: |
|
|
Apart from the (obvious) fact that, since to me, your users == users at your work, this should be handled by the person(s) administrating the firewall, opening up ports like 631 or 515 is probably not a good idea in the first place...
Sounds like they almost know what they're doing 
Setting up an SSH tunnel isn't too hard, but have you looked at openvpn ?
It's only an emerge away, and available for Windows too.
It should fit the bill quite nicely.
_________________
>>> emerge (3 of 7) mcse/70-293 to /
Essential tools: gentoolkit eix profuse screen |
|
| Back to top |
|
|
thegeekiator
n00b
Joined: 29 Feb 2004
Posts: 8
|
| Posted: Thu Jun 23, 2005 1:48 am Post subject: |
|
|
| I work for Uncle Sam. They will not open ports 631 or 515. I have looked at openvpn but the problem is, they have to print from computers behind our private network. It's a sticky mess. The current problem I'm dealing with (the first of many) in this printing saga is a user who's printer is 'a-public-printer@a-public-ip.com' which accepts requests from our ip and dumps them out at the printer down the hall from her. I need a way to get port 515 out of my network to that printer. Right now she can take her output files and scp them from our private box to our gateway then from the gateway to her desktop. Our next 5 users (i don't know their specifics yet) cannot do this because their output is a graph/map printed by a piece of software. I think i'll just write a perl script that takes what would be piped into lpr, pipe it into a ps file then shoot it off to the users email account so they can print it. Personally I would like to tell them to just shove it...but I don't think I should do that...given that they pay my salary. |
|
| Back to top |
|
|
thegeekiator
n00b
Joined: 29 Feb 2004
Posts: 8
|
| Posted: Thu Jun 23, 2005 1:52 am Post subject: |
|
|
I guess I should give a little diagram.
User --> NAT/Firewall/Gateway --> [Internet] --> OurGateway/Nat --> OurPrivate machines.
Users's ssh into our gateway and from there ssh into our private machines. I know it seems a little much...but if I go into why it is that way...it's a long rant.
-Aaron |
|
| Back to top |
|
|
adaptr
Watchman
Joined: 06 Oct 2002
Posts: 6730
Location: Rotterdam, Netherlands
|
| Posted: Thu Jun 23, 2005 1:13 pm Post subject: |
|
|
And you have control over neither of these firewalls ?
That is a bugger, sure enough.
One wonders if the PTB have ever stopped to consider that you need to actually be able to do your work, in order to do your work...
_________________
>>> emerge (3 of 7) mcse/70-293 to /
Essential tools: gentoolkit eix profuse screen |
|
| Back to top |
|
|
thegeekiator
n00b
Joined: 29 Feb 2004
Posts: 8
|
| Posted: Thu Jun 23, 2005 2:56 pm Post subject: |
|
|
| HA! They ...yeaah not even going to start. I'm going to write a perl script that takes the postscript file the app outputs and plops it on our public ftp directory then they can open it with acrobat and print it. They could just scp it but three hops of scp is a pain in the but, and yeah they could do it through a tunnel...but that gets to be a lot for users. |
|
| Back to top |
|
|
|
Networking & Security
