ACL to allow only printing to a windows box

Answered Question
Aug 10th, 2007
User Badges:

Hey Folks,


I have a guest PC that needs to be locked down so that it can only access the internet and print.


I created the ACL that allows only access to the internet and no other network resources, that's not a problem.


What I'm struggling with is creating a ACL that allows the PC to "whack" into a windows 2000 printer server box, connect to a print queue, then send print jobs to it. Has anyone ever done this? Any hints anyone can provide?


Thanks,

SM

Correct Answer by ycae about 9 years 10 months ago

Hi there,


what you can do is installing the TCP/IP Print services on your windows box. Like this your windows box will listen on TCP/515 which lpr. Than you just have to define on your PC a local port as TCP/IP LPR port. On the router you just need to allow tcp 515 to the server.


Hope that helped.


If you need more information, just let me know


Yves

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (1 ratings)
Loading.
Correct Answer
ycae Fri, 08/10/2007 - 06:39
User Badges:

Hi there,


what you can do is installing the TCP/IP Print services on your windows box. Like this your windows box will listen on TCP/515 which lpr. Than you just have to define on your PC a local port as TCP/IP LPR port. On the router you just need to allow tcp 515 to the server.


Hope that helped.


If you need more information, just let me know


Yves

steve0miller Fri, 08/10/2007 - 06:49
User Badges:

Yves,


I tried your LPR trick, worked like a charm. I appreciate it.


-SM

steve0miller Fri, 08/10/2007 - 06:40
User Badges:

So far I've allowed:

tcp 139

tcp 445

udp netbios-ns

udp netbios-dgm

tcp 135


When i "whack" into the windows box using either it's hostname or ip address, I get a box asking for authentication. I'm sure I'm just missing a port that I still gotta open. Anyone know?


Thanks,

SM


Jon Marshall Fri, 08/10/2007 - 06:44
User Badges:
  • Super Blue, 32500 points or more
  • Hall of Fame,

    Founding Member

  • Cisco Designated VIP,

    2017 LAN, WAN

Hi Steve


Try ldap - port 389. Also you may need kerberos which if memory serves me right is TCP 88 but i could be wrong :)


Jon

Actions

This Discussion