Imagine that i’d like to give access to my Cups server for few hosts of a different network, subnet connected to NethServer or public ip addreses…
Which his the more proper and “less unsafe” way to do it?
I was thinking for some rules on the firewall section but…
For external networks I would say a vpn would be the safest. For subnets I’ve read you have to allow subnets in cups.
if you know the remote network (remote but linked to your local networks), you can add this remote network as a trusted network (a lot of nethserver applications works with it, for example nethserver-fail2ban)
Yup, that’s obvious, but use VPN also need a OpenVPN account user-based firewall rule; also IPP supports encryption on connection (IPP over HTTPS) so … IMO, maybe there’s a “less access way to do it” using only Cups and IPP
Yes and no. If i add the remote network as “trusted network” i also need some firewall rules to “disable” access from that remote network, so that’s not the goal.
I mean…
Consider the option for allow printing from hotspot interface.
Or…
A remote warehouse or facility not lan-connected with the headquarters that have to generate written reports of activities, without using email. I know that nowadays many MFP’s integrate an IpSec Client so maybe it’s needed only to throw over there the hardware, network connected and able to open a IPsecTunnel but… do NethServer support “like roadwarrior” ipsec connections.
I know that i could realize a little subnet of 2 hosts plus gateway and broadcast for deliver an IpSec connected device but… if i already have cups and user auth… why?