Sharing Linux Printers Across Subnets

By: Carla Schroder
Thursday, December 20, 2007 10:22:25 AM EST
URL: http://www.linuxplanet.com/linuxplanet/tutorials/6446/1/

Printing Is Still Vexatious. But We Can Prevail

Even small home networks are divided into subnets these days, thanks to the proliferation of combination router/firewall/wireless access points, and of course larger networks are subnetted, whether physically or with VLANs, for controlling access to network resources and easier administration. Sharing printers across subnets is not something that has been reduced to clicking a couple of checkboxes yet, and a lot of folks don't even know it can be done. With Linux it is fairly easy, but it takes some digging to learn how to do this. So I have dug, and today share the spoils of my digging.

Printing in Linux presents a classic Linux paradox: CUPS, the Common Unix Printing System, is sophisticated and chock-full of advanced features that put its closed-source counterparts to shame. But despite being a mature application and the standard printing subsystem for virtually all Linux distributions, it's still rather painful to configure, especially sharing printers over a network. Some Linux distributions are positively confused when it comes to sharing printers; Fedora and Ubuntu, to give two examples, enable Avahi by default, but turn off all shared printing. I have yet to see a single Avahi-enabled device or service, but I know that most folks want to be able to use networked printers.

Some of the problem lies in the interfaces. KDEPrint is pretty good and the Gnome printer interface is tolerable. The CUPS Web interface (http://localhost:631) is more complete than either one, but it comes with its own set of vexations. Some of them are inherent in a Web GUI, such as caching your mis-typed password and not accepting a fresh one, requiring re-authentication at random intervals, and dog-slow. They often barf on restarting the CUPS daemon, and all three suffer disconnects between what you tell them to do, and what actually appears in /etc/cups/cupsd.conf. For example, as I was preparing for this article I used the "Edit Configuration File" feature of the CUPS Web interface. Not only did it not do what I told it to do, it replaced my existing cupsd.conf with the default. As Ernest Tubb sings, Thanks, thanks a lot! Fortunately CUPS automatically archives old versions, so it was an easy (but should have been unnecessary) restore.

Raw, Naked Text Files

So my recipe for least pain is to edit cupsd.conf directly, and ignore all those goofy GUI thingies. Let's say you have two subnets, 192.168.1.0/24 and 192.168.2.0/24. You need to have routing already configured to pass traffic between the two subnets, so everyone can ping everyone. Let's say you have a printer server at 192.168.1.10, and you want computers on 192.168.2.0/24 to be able to use it. This is a complete, barebones example CUPS configuration for 192.168.1.10:

##/etc/cups/cupsd.conf
LogLevel warning

#this varies; check your distribution
SystemGroup lpadmin

# Allow remote users to access this server
Port 631
Listen /var/run/cups/cups.sock

# Enable printer sharing
Browsing On
BrowseAllow all
BrowseAddress 192.168.1.255
BrowseAddress 192.168.2.255
DefaultAuthType Basic

<Location />
# Allow shared printing
Order allow,deny
Allow 192.168.1.0/24
Allow 192.168.2.0/24
</Location>

<Location /admin>
# Only local users can access Web admin pages
Order allow,deny
Allow localhost
</Location>

<Location /admin/conf>
# Only local system users can access config files
AuthType Basic
Require user @SYSTEM
Order allow,deny
Allow localhost
</Location>

Your configuration may come with a batch of policy directives. You can leave these as they are.

Configuring Client PCs

Pick one computer in the 192.168.2.0/24 network to act as your "relay" server; it will contact the printer server and then relay its printers to the rest of the 192.168.2.0/24 subnet. Just add these lines to cupsd.conf:

BrowsePoll 192.168.1.10
BrowseRelay 127.0.0.1 192.168.2.255


<Location />
# Allow shared printing
Order allow,deny
Allow 192.168.2.0/24
</Location>

Restart CUPS, and in half a minute or so all the computers on 192.168.2.0/24 should see all the printers that are physically attached to the server at 192.168.1.10. What if you have more than one printer server to share? Then add a line for each server like this:

BrowsePoll 192.168.1.10
BrowsePoll 192.168.1.15
BrowsePoll 192.168.1.20
BrowseRelay 127.0.0.1 192.168.2.255

This is nice and efficient because all you need is one PC per subnet to act as the relay.

You can easily test all of this from the comfort of your secret armored underground network administrator lair, because of course you have OpenSSH set up all over your network so that you can securely log in to all hosts and do stuff. First log into your relay computer, then use lpstat to see what printers are available:

$ lpstat -v
device for HP_LaserJet_3050: ipp://uberpc.alrac.net:631/printers/HP_LaserJet_3050
device for HP_LaserJet_6L_LPT_parport0_HPLIP: ipp://xena.alrac.net:631/
printers/HP_LaserJet_6L_LPT_parport0_HPLIP
device for tp0: ipp://uberpc.alrac.net:631/printers/tp0

$ lpstat -a HP_LaserJet_3050
HP_LaserJet_3050 accepting requests since Tue 18 Dec 2007 07:07:39 PM PST

You can even print a test page remotely:

$ lpr -P HP_LaserJet_3050 /etc/cups/cupsd.conf

CUPS relies on polling to notify the entire network about what printers are up. By default each CUPS server send out an 80-byte broadcast packet every thirty seconds. If this gets to be too much, or if your printer setup doesn't change very often, you can change this behavior:

BrowseInterval  360
BrowseTimeout 600

So there you are- as easy as falling over and a lot more fun.

Resources

Carla Schroder is the author of the Linux Cookbook and the newly-released Linux Networking Cookbook, and is a regular contributor to LinuxPlanet.