Printing from home on a printer in work.

Damien.

Damien.

Damien.

Soldato
Joined
20 Nov 2006
Posts
6,890
Hi Lads.

I have just purchased a nice new Brother MFC-7840W printer for work.

Usually I do my paperwork at home and bring in on a USB drive then print off of that.

My question is, is there a way I can hook up the printer so that I can literally print it off there and then, so my docments are sitting in the printer tray when I arrive to work the following day ?
 
VPN is tops as best for security. There are also "simplified" systems like LogMeIn and GoToMyPC that would help. The big advantage here is you not only get access to the printer - but your whole PC and office.

Another choice is - you could map port 9100 through your firewall and then print using TCP/IP. This then means you see the printer listed on your home PC as if it is sitting next to you. I have often set this up to "borrow" access to colour laser printers from home.

Do you have access to the firewall configuration for your company? this will be needed to tell the firewall where to pass your print commands.

The rest is trivial. Just a case of getting the IP Address of your office, and then directing prints to it.

Which OS are you running at home?

(I can talk you through all of this as I used to write this kind of stuff even before it was a standard feature in Windows OS. We will also have a natter about the security issues this can cause)
 
Last edited:
Thanks for the replies lads.

At home, I am running Windows 7 X64.

In work it is Windows XP X32.

We have a basic network there, very similar to a home set-up.

BT Business Wireless router, 2 computers and 1 mentioned printer.
 
I'd set up a VPN and do it that way. It doesn't have to be a super secure VPN because it's not sensetive data going over it, so I wouldn't go the IPSec or GRE route. You can set up a simple PPTP VPN quite easily on a windows XP Pro machine.

You could set up OpenVPN which would be more secure but it's a bit more complex and you need to know a bit about VPNs and how they work to set it up.

If you search MS Technet for PPTP VPN you should be able to find the How-To. It's an absolute doddle to set up
 
Basically...

Set the printer to a fixed IP Address.
Map port 9100 through the firewall to your printer.
Find the IP Address of your office (listed in the router control panel)
Go home
Install the Brother Printer software from the disk, and when it asks where your printer is, hand it the IP Address of your office. And it should find things from there.


There can be more details added to the above steps, but that is basically all that should be needed if you can't get the VPN to work.
 
Ooooooooor,

You could install logmein on your work PC, email the files to your work address, logmein on to your work PC and print them from there.

Saves faffing around with VPN's and firewalls but not as slick as just pressing 'print' from home.
 
If you are using LogMeIn, pay the £40 for the Professional one, and then it is just a case of Drag and Drop to get the documents onto the work PC.
 
If you're using logmein then you need not bother taking the files home, just remote control your work PC from home to do the paperwork... Simples! *squeak*

just FYI the port mapping solution above is the simplest to do. However be aware it isn't very secure and will only work if the printer is a network printer. A printer connected via USB/Parallel and shared, or any printer that is managed through a Windows print server won't work that way.

http://www.onecomputerguy.com/networking/xp_vpn_server.htm <--- Simple how to for setting up PPTP VPN on Windows XP.
 
Last edited:
That is a network printer he has, so it should work. And you are correct that this brings in security issues. I was waiting for OP to get back to us before covering this side of things.

For example, some routers allow restrictions on which IP addresses access those ports. Or the external port number gets remapped to a less common one.

Or you have the choice of logging into the router to toggle the port mapping on and off.

In this case, we have a network of two PCs and a printer. So should not be too much of a security hassle. Worst thing would be someone trying to attack the printer.
 
Indeed hardly as dangerous as some, but if it's a business I'd still rather there was at least some authentication involved before connecting. Definitely advisable to obfuscate the port to something 65xxx on the outside. Any potential attacker would love seeing 9100 open on aport scan.

Lots of printers now (notably HP ones) recieve firmware updates as a print job, or at least through the printing mechanism. So it is theoretically possible to doctor a HP firmware to carry spyware and upload it to the printer simply by installing the driver and running the update utility. Expecially with web based front ends of networked printers it would be easy to alter a HTML/Java page so that the save settings button downloaded some nasties. With the added bonus that most people's intranet security settings a lower than their internet ones i their browser.

That's progress for you. Even a printer can now bring down a network :D Even more reason to hate the paper chewing beggers.
 
I haven't a clue how to set up the printer to be accessed through the firewall.

Would someone mind pointing me in the right direction !

Thanks for the advice so far.
 
Essentially you give the printer a static IP address (which it's best practice to be regardless), Then on the port forwarding settings of the router/firewall set it up as follows:

Outside IP = Your public IP (can get this from www.mywanip.com if unsure, do this from work)
Outside Port = 9100
Inside IP = IP address of printer
Inside port = 9100

then you just install your printer at home exactly the same as you would in the office, except this time when asked the IP of the printer put your work Public IP in there.
This shoudl fire the connection to your work router, which thanks to the config above should pass the connection on to the printer.

Try that, if it works then we'll go through getting it a little more secure. This assumes that the printer only communicates over port 9100 so it might not work but see how it goes.
 
@Skidilliplop: I used to write the software to setup these print servers back in the late 1990s. Epson, Canon, Brother, Oki, Kyocera, NEC, Compaq, Lexmark, etc, etc. Amazing how many companies sourced their printserver from us. Only HP did not. And yes, EVERY ONE of those models could have their firmware replaced via printing without any password required. Though this usually had to be after a power cycle.

Hacked firmware could then be setup to do all kinds of nasties. We often thought of adding packet sniffers to the firmware as it would be so easy to do. Especially funny as we knew our kit was in banks, military, all kinds of places.

This Brother uses a different print server now. And I can get my hands on similar models to experiment with if things get confusing. Though, I think our biggest headache will be that awful BT Router.

With a small two seat company, there is less for the hacker to go for. Easier to take more normal attack vectors than trying to hack the printer.

So, once we have Damien setup and printing on the default port 9100, we will make sure to bump him over to a less common port number.


Oh - and Damien I would make sure that you don't post your IP Address up here, otherwise you will find the odd strange printout appearing on your printer. I remember when we sent print-spam to little places like The White House and Bill Gate's personal printer at Microsoft. 1997 I think it was. We were also writing network discovery software... so we had fun finding places to point it at. (Which would often trigger a few annoyed phone calls from Sys Admins calling us to tell us to stop hacking them. Though it was usually just the Universities who had tech good enough to spot us)

Of course, the funny part of printing out on those printers was the lack of an audit trail. I would have confused the recipients. :D

Now the question is - the average Port Knocking tool that the usual script kiddie uses, does this test for port 9100?
 
A thought... does you printer model have email abilities? I am going to hunt down your manual to check. Some of these printers let you just email your print job direct to them....

Edit: can't see a "print from email" option in the manual. So not available here.
 
Last edited:
You must log in or register to reply here.
Back
Top Bottom