Firewall and NAT Configuration

Firewall Configuration

CirrusPrint listens on network ports for both browser-based administration and client connections.  In addition, it will listen on ports for print jobs, generally one for each target printer device.  By default, those ports are either 80 and 443, or 8482 and 8483 for browser access, and 9200-9999 for network print jobs.  Any source that might connect to these ports needs access through the firewall.  The network print ports should only be accessible from machines that you want to print to the CirrusPrint server.  This may be a LAN address range or specific machines on a local network or data center.  Since network print ports receive unencrypted data, you don't want to print through a public network.

If another server is listening on ports 80 and 443, it is possible to configure an external web server to work with CirrusPrint.  This can eliminate the need to open ports 8482 or 8483 on the firewall, but does require configuration in the external web server.  For more details, see External Web Server Configuration.

If the internal SMTP server is enabled on any configured company, then port 25 must be opened on the firewall, as external mail servers will attempt to connect via that port to deliver mail to the server.

Note that in some cases, there may be multiple firewalls involved in connecting to a server.  For example, an Amazon AWS security group configuration may open port 8483, but a Windows or Linux firewall on a virtual machine hosted there may also block port 8483, so the port would have to be opened on both firewalls.

NAT Configuration

If a CirrusPrint server resides on a system behind a router, and remote clients need to access it through that router, then an administrator will need to configure the router to forward these ports to the CirrusPrint machine.  Most routers provide a browser interface to configure this, often calling ports "services", since many common services are associated with specific ports (like port 80 for HTTP).