Let's say that the workstation has IP address 10.0.0.100 and prints to the
remote printer with address 100.100.100.100.
The print reaches the firewall's address 10.0.0.1 and leaves the firewalls
untrusted interface 50.50.50.50. The source IP is still 10.0.0.100 and it
reaches the printer 100.100.100.100 just fine, because it's a public
address.
The printer replies back, but it's default gateway, 100.100.100.1 doesn't
know where to route to network 10.0.0.0 so it gets dropped.
If my firewall translates the address into it's public address 50.50.50.50,
the printer will reply back to it, and I will need to do a "handoff" or NAT
so that port 9100 traffic to 50.50.50.50 gets translated into 10.0.0.100 so
my work station will get the reply.
But, with this solution, the printer reply will end up at 10.0.0.100 if
10.0.0.200 tries to print too.
How does this work?
Thanks,
Ole
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Ole Drews Jensen
Systems Network Manager
CCNA, MCSE, MCP+I
RWR Enterprises, Inc.
[EMAIL PROTECTED]
http://www.CiscoKing.com
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
NEED A JOB ???
http://www.oledrews.com/job
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
> -----Original Message-----
> From: Brant Stevens [SMTP:[EMAIL PROTECTED]]
> Sent: Friday, February 02, 2001 7:59 PM
> To: Ole Drews Jensen; [EMAIL PROTECTED]
> Subject: RE: TCP/IP print through firewall
>
> You have to use NAT, but your firewall handles that, and translates your
> RFC
> 1918 address to one that is publically routable... What you need is an
> outside interface address from your partners' network, that translates to
> the RFC 1918 address on their network...
>
> Brant I. Stevens
> Internetwork Solutions Engineer
> Thrupoint, Inc.
> 545 Fifth Avenue, 14th Floor
> New York, NY. 10017
> 646-562-6540
>
> -----Original Message-----
> From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of
> Ole Drews Jensen
> Sent: Friday, February 02, 2001 8:10 PM
> To: '[EMAIL PROTECTED]'
> Subject: TCP/IP print through firewall
>
>
> All this reading about routed protocols and routing protocols makes you
> think you know it all, until you are in front of a new funny situation. I
> am
> sure that someone out there can explain this to me real quick and easy, so
> here's my question.
>
> We have a LAN with a private network 10.0.0.0, and from a workstation I
> need
> to print to a TCP/IP ready printer at another company, which has a public
> address 100.100.100.100 (this is ofcourse not the real one).
>
> My computer should not have any problems getting routed to that printer
> via
> it's default gateway (the firewall), via the firewalls default gateway
> (the
> router), via the routers default gateway (our isp), and so on.
>
> BUT, the computer needs a response from the printer so it knows that it's
> there and ready, but when the printer tries to reply to my computer
> 10.1.2.3, it will be dropped by it's default gateway (the other company's
> router), because the 10.0.0.0 network is not routable through the
> Internet.
>
> I'm I right, and what would be the thing to do here?
>
> Would I HAVE to do a NAT on my workstation so the printer can reply back
> that way?
>
> Thanks for any comments on this,
>
> Ole
>
> ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
> Ole Drews Jensen
> Systems Network Manager
> CCNA, MCSE, MCP+I
> RWR Enterprises, Inc.
> [EMAIL PROTECTED]
> http://www.CiscoKing.com
> ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
> NEED A JOB ???
> http://www.oledrews.com/job
> ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
>
> _________________________________
> FAQ, list archives, and subscription info:
> http://www.groupstudy.com/list/cisco.html
> Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
>
> _________________________________
> FAQ, list archives, and subscription info:
> http://www.groupstudy.com/list/cisco.html
> Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
_________________________________
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
