printing across subnets browseRelay odd device ipp://

carl mason carlm at demog.berkeley.edu
Wed Jan 26 15:08:10 PST 2011 

I am trying to allow hosts on a different subnet to print via a cups server on our local subnet.  I have configured the firewall to pass tcp packets  coming in on port 631 to the cups server.

 BrowseRelay 192.168.1.* 136.152.182.41

to cupsd.conf

I added a
BrowsePoll cupshost.ip.address (outside interface of firewall)

to the  machine that has 136.152.182.41

At this point *almost* everything works.

from the client machine (136.152..)  I can see the cups administrative website on the server.  And lpstat -tv on the client shows all of the printers.

The problem is that the device designations show the unroutable ipaddress of the cupst server e.g.

device for age: ipp://192.168.1.18:631/printers/age

attempts to print invariably time out (since the client machine is on the 136.152... subnet).

Thanks  for any suggestions.

Here is cupsd.conf

MaxLogSize 2000000000
# Show troubleshooting information in error_log.
LogLevel debug
SystemGroup sys root
# Allow remote access
Port 631
Listen /var/run/cups/cups.sock
## the next line should hurt nothing but it does not solve
## the problem of printing throught he firewall either
##ServerName cupshost.demog.berkeley.edu
# Enable printer sharing and shared printers.
Browsing On
BrowseOrder allow,deny
# (Change '@LOCAL' to 'ALL' if using directed broadcasts from another subnet.)
BrowseAllow @LOCAL
BrowseAddress @LOCAL
Allow from @LOCAL
DefaultAuthType Basic
<Location />
  Encryption Never
  # Allow shared printing and remote administration...
  Order allow,deny
#  Allow from 192.168.1.*
Allow all
</Location>
<Location /admin>
  Encryption Never

  # Allow remote administration...
  Order allow,deny
#  Allow all
  Allow from 192.168.1.*
</Location>
<Location /admin/conf>
  AuthType Basic
  Require user @SYSTEM
  Encryption Never
#  Allow all
  Allow from 192.168.1.*
  # Allow remote access to the configuration files...
  Order allow,deny
  Allow all
  Allow from 192.168.1.*
</Location>
<Policy default>
  <Limit Send-Document Send-URI Hold-Job Release-Job Restart-Job Purge-Jobs Set-Job-Attributes Create-Job-Subscription Renew-Subscription Cancel-Subscription Get-Notifications Reprocess-Job Cancel-Current-Job Suspend-Current-Job Resume-Job CUPS-Move-Job>
    Encryption Never
    Require user @OWNER @SYSTEM
    Order deny,allow
  </Limit>
  <Limit Pause-Printer Resume-Printer Set-Printer-Attributes Enable-Printer Disable-Printer Pause-Printer-After-Current-Job Hold-New-Jobs Release-Held-New-Jobs Deactivate-Printer Activate-Printer Restart-Printer Shutdown-Printer Startup-Printer Promote-Job Schedule-Job-After CUPS-Add-Printer CUPS-Delete-Printer CUPS-Add-Class CUPS-Delete-Class CUPS-Accept-Jobs CUPS-Reject-Jobs CUPS-Set-Default>
    AuthType None
    Encryption Never
    Order deny,allow
  </Limit>
  <Limit CUPS-Authenticate-Job>
    Require user @OWNER @SYSTEM
    Order deny,allow
  </Limit>
  <Limit All>
    Order deny,allow
  </Limit>
</Policy>
## cupshost.ournet.edu resolves to the outside interface of our firewall
ServerName cupshost.ournet.edu
BrowseRelay 192.168.1.* 136.152.132.*

More information about the cups mailing list