I need to print from my MacBook Pro laptop when I'm using a wireless connection to a Xerox WorkCentre 5030 printer on a wired network behind a firewall. The ports I would need to use to send print jobs to the printer aren't open on the firewall, but I can make an SSH connection from the wireless network to a server behind the firewall. So that gives me a means to print from the laptop while it is on the wireless network. I can simply port forward print jobs via an SSH tunnel.
I can use the Terminal program which is in the Applications/Utilities
folder on the Mac laptop - the Terminal program comes with OS X.
If the server behind the firewall is accessible as server1.example.com and
my userid on it is jsmith, and the printer I want to access has an IP address
of 192.168.1.50, I can use the following command:
ssh -L 9100:192.168.1.50:9100 jsmith@server1.example.com
That -L option allows me to specify a port on the local system,
i.e. my laptop, to be forwarded to some other port on whatever system I
specify after the first ":". In this case, once I've established an SSH
connection to server1.example.com, any data I send to
TCP
port 9100 on the laptop will automatically be forwarded through the SSH tunnel
I've established to port 9100 on 192.168.1.50. I don't have to specify an
IP address, I could also use a name, such as printer1.example.com, if that
was a name assigned to the printer and that name was usable outside of the
firewall.
The reason I used port 9100, is that port is used by the Xerox WorkCentre 5030 to listen for print jobs over the network. That port is a de facto standard port used by many networked printers. It is used by Hewlett Packard (HP) on their JetDirect cards and is widely used by other printer manufacturers as well. The connection established via this port is usually full duplex and provides error messages and status information during printing. Port forwarding via port 9100 also has the advantage over using port 515, i.e., the LPD (RFC 1179) protocol, in that it doesn't require the use of the root account on the Mac, since the port number is above 1023.
I also need to add a printer to the Mac that points to the SSH tunnel. To do so, I can use the steps below (note: you should establish the SSH connection first prior to adding the printer, so that your system can communicate with the printer to determine options the printer supports):
- Click on the "Apple" at the top left corner of the screen.
- Select System Preferences.
- Under Hardware, select Print & Fax.
- Click on the "lock" icon to make changes and provide the correct password.
- Click on the "+" to add a new printer.
- For Protocol, select "HP Jetdirect - Socket".
- For Address, put
127.0.0.1, which is the "loopback" address for the local system (you could also use localhost, instead). - You can leave Queue blank.
- For Name, put in some name that is meaningful to you, e.g., I
used
Xerox 5030 (port forwarded)to distinguish the printer I created fromXerox 5030, which I use when the laptop is on the same network as the printer. - For location, put in whatever you wish to describe the location of the printer.
- For Print Using, select the printer to which you will be printing, so the correct printer driver is installed.
- Then click on the Add button.
Now, whenever I've established the SSH connection, I can print to the printer
I added. I can print to other printers behind the firewall by adding a
printer to the Mac with a different name and the appropriate driver, e.g.,
I also added an HP Color LaserJet CP3525 printer. If its address is
192.168.1.61, I can print to it instead by using
ssh -L 9100:192.168.1.61:9100 jsmith@server1.example.com,
instead of 192.168.1.61 for the other printer. You can only
port forward port 9100 to one destination at a time, so I would need to exit
from the prior SSH connection first, if I was already port forwarding port 9100
to the other printer.
