I have a friend that has a simple peer-to-peer network of 5 PC's setup using static IP's. They have a broadband account that allocated them 5 Public IP addresses and a combined router/hub to connect all the PC's together.

They now want to add a network printer to their setup.

My question is, how do I configure the PC's to talk to the Printer when they have used up all their IP addresses? There are no available IP addresses on their subnet to allocate to the printer. If I put the printer on a different subnet mask, how do I get the PC's to talk to it?

I cant use any kind of NAT solution as the PC's need to have static public IP addresses for some special stock market software they run.

Any ideas??

If it is a peer to peer network, one could always connect the printer to a PC and share it. Bind the File and Print sharing to NetBEUI so it isn't shared out to the internet.

Either get a SOHO router or setup a dedicated internet sharing machine (the first option tends to be more cost effective). First off they are using public ip address AND sharing files. This means that anybody who scans their ip address range can see the systems AND their shares (if they so desire). At the very LEAST get a router. I just picked up a wireless/4 port wired router by dlink from office depot that was 47 bucks after rebate. This will solve your printer sharing ip question and give you 248 additional ip's for future use :D

Are they sitting behind a firewall? They should be. If they aren't then you should bring in a pro to evaluate their security. If they're behind a firewall already then yes, hook up the printer via parallel or USB and share it from the PC that stays up the most.

Thanks for the feedback.

Firstly, yes they do have firewall software. However I am trying to convince them that they would be better off with a hardware Firewall.

Secondly, I ideally wanted to set them up with a network printer i.e. a printer with a built in 10/100 port. Would it work if i put the network printer on a 192.168.x.x private IP address and then put a router between the printer and the rest of the network. Then the router can route the print jobs accross the different networks? I think this should work in theory I've just never tried this before.

What OS is on these machines? If 2k or XP then you should be able to assign a second IP address to the NICs on all the computers and have the printer setup on TCP/IP in the second range. Another option is using IPX/SPX or NetBEUI as the protocol for the printer as someone has mentioned above this way you don't even have to worry about all this TCP/IP stuff.

Tony

Originally posted by GDPurple
Thanks for the feedback.

Firstly, yes they do have firewall software. However I am trying to convince them that they would be better off with a hardware Firewall.

Secondly, I ideally wanted to set them up with a network printer i.e. a printer with a built in 10/100 port. Would it work if i put the network printer on a 192.168.x.x private IP address and then put a router between the printer and the rest of the network. Then the router can route the print jobs accross the different networks? I think this should work in theory I've just never tried this before.

The problem is that you'll need to add a route TO the 192.168.x.x network FROM their current router. If they don't own the router (their ISP probably does) the ISP probably won't want to add a private network route there. I could have a bad impact on their entire routing tables.

What I would suggest is to get yourself a PIX (or any firewall capable of doing static mappings), change all of the clients internal IPs to a 192.168.x.x network and setup static mappings in the PIX.

It works like this. Your client today has a public address of 210.10.10.25. You change the clients IP address to 192.168.1.25. You create a static mapping in the firewall that sends traffic destined for 210.10.10.25 TO 192.168.1.25. You do the same thing for all machines. Then you create an access list to allow traffic in. So traffic comes into the firewall on the external port. Based on static mappings and access lists, it is forwarded to a 192.168.x.x address. You can also narrow this down to the port level for more security. Just find out which ports the stock software uses and add it to an access list.

If it's a PIX the static map looks like this:

static (inside,outside) 210.10.10.25 192.168.1.25 netmask 255.255.255.255 0 0

the access list looks like this:

access-list 101 permit tcp any host 210.10.10.10 eq 500

where 500 is equal to the port your stock software uses.

Originally posted by GDPurple
Thanks for the feedback.

Firstly, yes they do have firewall software. However I am trying to convince them that they would be better off with a hardware Firewall.

Secondly, I ideally wanted to set them up with a network printer i.e. a printer with a built in 10/100 port. Would it work if i put the network printer on a 192.168.x.x private IP address and then put a router between the printer and the rest of the network. Then the router can route the print jobs accross the different networks? I think this should work in theory I've just never tried this before.

Why complicate things? Get a SOHO router (as I mentioned earlier) and you wont have ANY problem setting up a network printer on the internal network. And they are cheap.

With the need for the Public IPs, there is still going to be the need for complicating things. For a cheap hardware firewall, you can check out the LEAF project (http://sourceforge.net/projects/leaf/)

It works on an old throw away type PC (Pentium or below) and can be configured to allow Port Mapping.

like gollo said. get a soho router. under $100. no need for 5 public IP addresses. the router will use dhcp to pass out ip addresses in the 192.168.XX.XX range and you plug the broadband connection right into the WAN port on the router. you've got firewall routing VPN the whole deal. web based administration. . . . . . really it's the easiest solution.

you can then IF YOU REALLY want get a network capable printer and plug into the router, but really the easiest thing would be to share a local printer from a computer that's on most of the time.

heck since you've already got a hub, you can build a routing box from an old computer (I use a p100) there's a ton of linux based router/firewall packages out there. I use smoothwall ( www.smoothwall.org ) and it works just fine.

Once more, thanks for the input.

Gollo and Kato2274 - I'd love to just use a standard router, but due to the nature of the specialist software they are running they MUST HAVE a public static IP address allocated to each PC. Using a standard router allocates a private IP address and this is not going to work. They are allready using a router, but it is one supplied by the ISP with fixed IP addresses and the firmware is locked so you cannot reprogram the router anyway.

I like the idea of the firewall solution with the static mapping - but the only problem I can see with that is the firewall is going to need to be allocated an IP address itself - I only have 5 IP addresses to work with and I need all 5 for the PC's

I was going to use Netbeui to share the printer, but looking at the specs for the HP Colour Laserjet they want, it only mentions TCP/IP, AppleTalk and IPX/SPX and I have no knowledge of IPX/SPX.

I think the best solution is going to be to hook the printer up directly to a PC and share it that way. it's not really the solution I was looking for, but at least i know its gonna work!

As a consultant you are legally responsible for the solutions you provide. If someone comes to me with 5 machines running stock market software I'm going to figure that the value of their data is worth more than a SOHO router. I'm not saying that it would be negligent to install one but the possiblity of a business ending lawsuit is worth avoiding.

GDPurple, why are they limited to 5 IPs anyway?

Originally posted by silencio
As a consultant you are legally responsible for the solutions you provide. If someone comes to me with 5 machines running stock market software I'm going to figure that the value of their data is worth more than a SOHO router. I'm not saying that it would be negligent to install one but the possiblity of a business ending lawsuit is worth avoiding.

GDPurple, why are they limited to 5 IPs anyway?

Please expound. I don't know if it was just me that didn't understand that statement...

I was going to use Netbeui to share the printer, but looking at the specs for the HP Colour Laserjet they want, it only mentions TCP/IP, AppleTalk and IPX/SPX and I have no knowledge of IPX/SPX.

Actually you can do peer to peer sharing with IPX/SPX just as you can with NetBEUI. But if the specs mention IPX/SPX they might only mean it can work with Novell Netware. You would have to dig a bit deeper to find out on that.

Originally posted by silencio
GDPurple, why are they limited to 5 IPs anyway?

They have a service from their ISP which allocates them 5 IP addresses (BT Openworld STATIC 5). I have looked into expanding the number of IP adresses but it is not practical for the following reason (takes deep breath)>

BT will upgrade them to next service up which is STATIC 13 with, you guessed it, 13 IP addresses. However the only way they can do this is by cancelling their existing service and raising an order for the new service. In theory this should be fine, In practice from previous experience BT often cock-up at some stage of the upgrade process leaving the customer without Broadband for several days - due to the nature of their business they cannot afford to be without their broadband service

(note for people outside the UK - BT are our national telephone company here in the UK and their ineptitude, poor customer service and general uselessness is legendary (alledgedly). Unfortunately they also currently have a near monoply of the UK Broadband market.)

{edited to avoid libel case}

Anyway this together with soime other factors which i won't go into mean that for the short term at least we are stuck with just 5 IP addresses.

Originally posted by silencio
As a consultant you are legally responsible for the solutions you provide. If someone comes to me with 5 machines running stock market software I'm going to figure that the value of their data is worth more than a SOHO router. I'm not saying that it would be negligent to install one but the possiblity of a business ending lawsuit is worth avoiding.


As I have already mentioned in my first and third post - they already have a router supplied by their ISP. Their internet connection works fine through their existing router. I'm just looking for a solution to get a Network printer working on their network.

Originally posted by Ya_know
Please expound. I don't know if it was just me that didn't understand that statement...

If a company is doing a hundred thousand dollars in stock market trades per week and you convince them to buy a $100 firewall that gets broken into a lawyer is going to tear you apart.

Originally posted by silencio
As a consultant you are legally responsible for the solutions you provide. If someone comes to me with 5 machines running stock market software I'm going to figure that the value of their data is worth more than a SOHO router. I'm not saying that it would be negligent to install one but the possiblity of a business ending lawsuit is worth avoiding.

GDPurple, why are they limited to 5 IPs anyway?

Reread the post from GD about trying to talk them into a hardware firewall solution, I think that will satisfy the lawyer in you ;)

Tony

Ok I understand now. Seeing all that info I would plug it into one of the computers, share it and be done with it. HP printservers have the capacity to run ipx and all those other flavors but they REQUIRE tcp/ip (meaning they need an ip address). You can turn off all but the tcp/ip (it's just required for the built in web based configuration). I would save the 300 bucks right now and get the printer without it. You can always pick one up later when they decide to get a "real" network :D :D

Originally posted by GDPurple

Anyway this together with soime other factors which i won't go into mean that for the short term at least we are stuck with just 5 IP addresses.



As I have already mentioned in my first and third post - they already have a router supplied by their ISP. Their internet connection works fine through their existing router. I'm just looking for a solution to get a Network printer working on their network.

Gotcha. BTW, I wasn't suggesting that you were planning on putting in a cheap router. I'm just addressing Gollo's suggestion which I think is a bad idea. SOHO routers are a great thing but... when you're running a business (and it sounds like they may be doing a stroke of business), cheap isn't the deciding factor. Value is. So when you look at a firewall and you look at security you have to consider how much you can lose (be it customer data, cash, or customer trust) in order to look at how much to spend.

Originally posted by silencio
Gotcha. BTW, I wasn't suggesting that you were planning on putting in a cheap router. I'm just addressing Gollo's suggestion which I think is a bad idea. SOHO routers are a great thing but... when you're running a business (and it sounds like they may be doing a stroke of business), cheap isn't the deciding factor. Value is. So when you look at a firewall and you look at security you have to consider how much you can lose (be it customer data, cash, or customer trust) in order to look at how much to spend.

The reason I suggested a SOHO (Small office / Home office) router was because of the fact that they only had 5 systems. This was a pure assumption on my part and after getting all the details I see that this was flawed. I do agree though that you shouldn't scrimp on security especially if it's on mission critical systems.