Printer sharing in stealth my ports to everyone mode

My computer is in an office LAN.There’s one printer connected to my computer which I have to share with 3 other PCs.However I do not want to add this LAN or the 3 PCs to trusted zone and still want to in the Block all incoming connections-stealth my ports to everyone mode.How can I add some specific rules only for sharing the printer?

At present,I’m in the Alert me incoming connections-stealth my ports on a per-case basis mode.I allowed two rules.One for svchost.exe and another for System.But It seems the rules are too raw and I feel less secure.So back to the point,what rules set do I need in the “Block all incoming…mode”?

Hi,I don’t think it’s a rare case.

I guess you should create a new zone that includes the PC you want to intercommunicate and then create a set of allow rules that use that zone.
Printer sharing should use netbios so you could try to create a new portset containing 135-139 range plus port 445 and then allow TCP or UDP connections to those ports.

You need to check the logs to see if the rules works and you need to add a block all IP ANY ANY rule at the end of all policies you create to allow printer sharing

Anyway this way you’ll enable also file sharing and those ports will not be sthealted to those pc.
BTW netbios was one of the most common attack vector used to compromise security.

If you have such concerns you could consider buying a Print server compatible with your printer.
eg Belkin 802.11g Wireless USB Print Server Review - PCSTATS.com
http://www.dlink.com/products/?pid=165

Thank you,gibran :slight_smile:
Something I’m not sure:

“TCP or UDP” both in and out ?And do both of the source port and destination port use 135-139 plus 445?
Hope you could make the rules more detailed :-[

I’m not going to do this.Thanks for the information anyway.

BUMP!

Please don’t BUMP on the same day as your post.

We’re all volunteers here and don’t mind giving our time, but most resent having it yanked.

Ewen :slight_smile:

G’day,

As Gibran suggested;

  1. Make a port set covering ports 135-139 and 445
  2. Make a zone that inlcudes the IP addresses of the PCs that you want to allow to print via your printer
  3. Thirdly, use the port set (for both source and destination ports) and the zone in a rule that uses “TCP or UDP” as the protocol and “IN/OUT” as the direction.
  4. This rule wouild need to be moved above any BLOCK rules you may have created that address this port range.

Cheers,
Ewen :slight_smile:

I don’t know if I made the rule right.
Allow,TCP or UDP,In/Out
Source:Printer sharing zone(several ips)
Destination:My Mac address(DHCP sometimes changes my ip although I don’t know why)
Source and Destination ports:Printer sharing ports set(135-139,445)
And it’s above the only block rule there by comodo itself

The result is "It doesn’t work."Still they can’t use my printer in the block all incoming connections mode.
Neither did I see any log to prove the rule I made is fired.

Then I have some pics to show in the “Alert me to incoming connections"mode.
Pic1:After I allowed the alert,comodo made these two rules itself.my printer can be shared.
Pic2:The log shows it blocked many UDP incoming connections from port 137,but there’s no problem with printer sharing as long as I’m in the"Alert me…mode”.
Pic3:I changed the allowed rules made by comodo in pic1 to Ask,then these are showed in the log.

So I have got 2 conclusions:
1.It’s not necessarily to allow incoming UDP through port 137 for printer sharing.
2.There are other rules need to add.

[attachment deleted by admin]

System is a Dell Vostro 400 with 3GB. After installing CFP, I can no longer complete a print job nor can I delete the 99% priinted message from the queue. It’s like an EOF doesn’t get through. Of course, nothing after it will print because the queue is blocked. It’s a Dell AIO 926 (shared printer on USA port) and I can delete the printer with a Dell utility that also kills the queue, and reinstall it - but that’s a PITA, especially 20 times a day. I can’t be the only kids on the block with this problem, but I sure can’t find the solution here. It worked fine for over 2 years and just started this when I installed CFP. I am otherwise really happy with CFP. Any ideas?.