[X4U] Mac printing through a Win 2003 Server

[Stroller]

On 21 Jul 2006, at 18:41, Richard Gilmore wrote:
> ...
> First off here at the university we’re very very paranoid and security
> conscious. So the printers are being moved to an internal private  
> IP network
> through a Windows 2003 server. What I’ve been told is the printers  
> will be
> on that network and access to the rest of the world will be done  
> through a
> second non-private IP network. What I’ve been told is this is  
> accomplished
> on the Windows side by the machine having two different IP  
> addresses at the
> same time. So the computer has one foot in one network and one foot  
> in the
> other.

This _sounds_ like simple Network Address Translation.

NAT is most often seen on network routers (just like Apple's Airport)  
where one globally unique address is mapped to a range of addresses  
within a private network. But it is equally possible to translate one  
range of addresses to another, so that 192.168.0.x is translated to  
10.0.0.x for instance (or equally 10.0.0.x+y).

I wouldn't normally see any need for this in a printing  
environment... my first assumption was that the idea is to prevent  
one computer on the network grabbing PDFs intended for another, but  
then print jobs are never normally encrypted on a network anyway.

> I’m also told this concept came out of the UNIX community and was
> ported over to the Windows world.

If this is indeed NAT then, yes, that's the case. It's certainly been  
common for years for Unix machines to support multiple network  
interfaces with separate addresses (and it's surely easier to do so  
than to have a single computer with multiple network interfaces on  
the same network??).

> This is the first I’ve heard of this.

Sorry it's such a shock to you, but Windows has many useful features  
nowadays.

> Now
> for our Macs to be able to print and access the outside world  
> simultaneously
> we need to pull off this same trick. Does anybody know anything  
> about this
> and how this would be done on a Mac?

Assuming the Windows box is doing nothing more than NAT then you  
should just be able to route through the Windows box. If the Windows  
box is acting as the print server (and perhaps using Active Directory  
stuff to determine who has permission to access each printer??) then  
it's doing more than simply having "one foot in one network and one  
foot in the other".

> Does anybody know anything about this
> and how this would be done on a Mac?

Ummm... well if that's necessary then presumably a Mac with two  
network cards would "serve" (haw haw!) equally well. An Xserve ships  
with two network interfaces, I think, but I'm sure you can shove an  
extra PCI card in an old PowerMac.

Whichever is the real scenario this would surely allow the Mac to see  
both networks and either route the traffic between them or operate as  
network print server to them both.

> Would this have to be done through the
> command line or is there a GUI or???

Well, the Mac should just show the extra interface in System  
Preferences > Network. Configure IP addresses as appropriate to the  
separate network subnets.

If you're actually packet-forwarding (NAT) with the Mac then I  
believe `man ipfw` explains how to configure it at the CLI. Yes,  
there are GUI utilities to do the same thing.

> I am clueless any info at all would be
> a helpful place to start.

I'm fairly disappointed that a university can't support Macs and are  
throwing this at someone who is as confused by this setup as you  
obviously are. But it kinda does jibe with my experience as a uni  
undergrad 3 or 4 years ago - the IT service there were also  
interested only in Windows. My inclination is to say "find a local IT  
consultant with some Mac experience" but maybe that isn't in the  
budget. If your principle (principal?) job for the uni is maintaining  
Macs then I guess the best thing I can say is "Ha ha! It ain't the  
OS9 days any more, bud! I guess you should get a clue". Oooops. Did I  
just say that? Sorry.

[TO BE CONTINUED...]