Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Howto: Cups Printing in pfSense 2.0

    Scheduled Pinned Locked Moved Documentation
    35 Posts 17 Posters 57.9k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • kevevK
      kevev
      last edited by

      User is root or admin. Both work. Password should be the same for admin and root unless you changed them.

      cupsd.conf:

      DefaultEncryption Never
      LogLevel warn
      SystemGroup wheel
      # Allow remote access
      Port 631
      Listen /var/run/cups.sock
      # Enable printer sharing and shared printers.
      Browsing On
      BrowseOrder allow,deny
      BrowseAllow all
      BrowseRemoteProtocols CUPS
      BrowseAddress @LOCAL
      BrowseLocalProtocols CUPS
      DefaultAuthType Basic
       <location># Allow shared printing and remote administration...
        Order allow,deny
        Allow @LOCAL</location> 
       <location admin=""># Allow remote administration...
        Order allow,deny
        Allow @LOCAL</location> 
       <location admin="" conf="">AuthType Default
        Require user @SYSTEM
        # Allow remote access to the configuration files...
        Order allow,deny
        Allow @LOCAL</location> 
       <policy default=""><limit send-document="" send-uri="" hold-job="" release-job="" restart-job="" purge-jobs="" set-job-attributes="" create-job-subscription="" renew-subscription="" cancel-subscription="" get-notifications="" reprocess-job="" cancel-current-job="" suspend-current-job="" resume-job="" cups-move-job="" cups-get-document="">Require user @OWNER @SYSTEM
          Order deny,allow</limit> 
        <limit cups-add-modify-printer="" cups-delete-printer="" cups-add-modify-class="" cups-delete-class="" cups-set-default="" cups-get-devices="">AuthType Default
          Require user @SYSTEM
          Order deny,allow</limit> 
        <limit pause-printer="" resume-printer="" enable-printer="" disable-printer="" pause-printer-after-current-job="" hold-new-jobs="" release-held-new-jobs="" deactivate-printer="" activate-printer="" restart-printer="" shutdown-printer="" startup-printer="" promote-job="" schedule-job-after="" cups-accept-jobs="" cups-reject-jobs="">AuthType Default
          Require user @SYSTEM
          Order deny,allow</limit> 
        <limit cups-authenticate-job="">Require user @OWNER @SYSTEM
          Order deny,allow</limit> 
        <limit all="">Order deny,allow</limit></policy> 
       <policy authenticated=""><limit create-job="" print-job="" print-uri="">AuthType Default
        Order deny,allow</limit> 
        <limit send-document="" send-uri="" hold-job="" release-job="" restart-job="" purge-jobs="" set-job-attributes="" create-job-subscription="" renew-subscription="" cancel-subscription="" get-notifications="" reprocess-job="" cancel-current-job="" suspend-current-job="" resume-job="" cups-move-job="" cups-get-document="">AuthType Default
      Require user @OWNER @SYSTEM
      Order deny,allow</limit> 
        <limit cups-add-modify-printer="" cups-delete-printer="" cups-add-modify-class="" cups-delete-class="" cups-set-default="">AuthType Default
        Require user @SYSTEM
        Order deny,allow</limit> 
        <limit pause-printer="" resume-printer="" enable-printer="" disable-printer="" pause-printer-after-current-job="" hold-new-jobs="" release-held-new-jobs="" deactivate-printer="" activate-printer="" restart-printer="" shutdown-printer="" startup-printer="" promote-job="" schedule-job-after="" cups-accept-jobs="" cups-reject-jobs="">AuthType Default
          Require user @SYSTEM
          Order deny,allow</limit> 
        <limit cancel-job="" cups-authenticate-job="">AuthType Default
            Require user @OWNER @SYSTEM
            Order deny,allow</limit> 
        <limit all="">Order deny,allow</limit></policy> 
      BrowseWebIF Yes
      
      1 Reply Last reply Reply Quote 0
      • H
        hanbaoxu
        last edited by

        Found this article for pfSense 2.1: http://www.buildyourown.info/router/cups-printing-pfsense.html
        Works perfect on pfSense 2.1 x86 CF

        1 Reply Last reply Reply Quote 0
        • kevevK
          kevev
          last edited by

          @hanbaoxu:

          Found this article for pfSense 2.1: http://www.buildyourown.info/router/cups-printing-pfsense.html
          Works perfect on pfSense 2.1 x86 CF

          Nice find!

          1 Reply Last reply Reply Quote 0
          • D
            daverowland
            last edited by

            @kevev:

            @hanbaoxu:

            Found this article for pfSense 2.1: http://www.buildyourown.info/router/cups-printing-pfsense.html
            Works perfect on pfSense 2.1 x86 CF

            Nice find!

            This was a good find however slightly dated as Cups is now updated a fair bit.  I did try and work out how to update it but struggled as i could add to a package that was already on the machine.  Is there a pkg upgrade command in FreeBSD?

            I have been on the web interface 631, search printers work but didn't show mine but other printers but "Add printer" just asks for my login passwords and then returns me to the main page.  urgh… not what I was hoping for.

            1 Reply Last reply Reply Quote 0
            • T
              tumbler
              last edited by

              nice one!
              working fine with my hp 1100 and a prolific interface on v2.1.3
              a few remarks;

              1>
              i used this as the "echo -e" line screwed up my rule somehow

              echo "[system=10]" >/etc/devfs.rules
              echo "add path 'unlpt*' mode 0660 group cups" >> /etc/devfs.rules
              echo "add path 'ulpt*' mode 0660 group cups" >> /etc/devfs.rules
              echo "add path 'lpt*' mode 0660 group cups" >> /etc/devfs.rules
              echo "add path 'usb/0.2.*' mode 0660 group cups" >> /etc/devfs.rules

              2> i had to check to remove blanc lines as in :
              "Job-Subscription Renew-Subscription Cancel-Subscription Get-Notifications

              Reprocess-Job Cancel-Current-Job S"

              1 Reply Last reply Reply Quote 0
              • A
                Amit
                last edited by

                Hello everyone
                I am new On mac , I have one issue
                I have to write one virtual printer driver ,when i click on print job then I have to open one my application on print .
                How can i do that??
                Please refer me anything

                1 Reply Last reply Reply Quote 0
                • w0wW
                  w0w
                  last edited by

                  I want to add my config tricks into this topic
                  instead of using default rc.conf create and use rc.conf.local in /etc/
                  if you have some stupid printer like HP 10xx LaserJet series - for example -1020, you will need to upload the frimware to the printer every time it is connected / turned on.
                  So I am running another one startup script, that checks devd.conf on startup and adds some code to it from manually created devd.conf.local (that is not processed by default! you can use any name whatever you want for this file)

                  
                  #!/bin/sh
                  
                  if  /usr/bin/sed -n '/sihp1020.dl/p' /etc/devd.conf | /usr/bin/grep -e sihp1020.dl | /usr/bin/grep -v grep > /dev/null ; then
                  	echo "not needed to modify"
                  	else
                  	cat /etc/devd.conf.local >> /etc/devd.conf | /etc/rc.d/devd restart | cat /usr/local/share/foo2zjs/firmware/sihp1020.dl > /dev/ulpt0
                  fi
                  
                  exit 0
                  
                  

                  devd.conf.local :

                  
                  # firmware for HP Laserjet 1020 printer
                  attach 100 {
                  	 device-name "ulpt[0-9]+";
                          match "vendor" "0x03f0";
                          match "product" "0x2b17";
                          action "cat /usr/local/share/foo2zjs/firmware/sihp1020.dl > /dev/$device-name";
                  
                  };  
                  
                  

                  This check applied needed configuration to devd.conf every pfsense upgrade, even 2.2.

                  Now if you want to make your CUPS working on 2.2 you will need to install new CUPS package, 1.7.3. But before, if you have an USB printer,  you will need to start ulpt.ko module that is not included in pfsense anymore. I have requested ulpt to be included, waiting for answer.
                  Download the same version of freebsd (boot CD only)  that pfsense 2.2 using and extract ulpt.ko from it. Put it into the /boot/kernel/ and place the
                      following line in loader.conf:

                  ulpt_load="YES"
                  restart your pfsense to check if printer is detected.
                  Next you will need to install CUPS
                  type in shell:

                  pkg install

                  and tell 'y'es once when it asks you
                  then type:
                              pkg install CUPS
                  after that it should install CUPS 1.7.3 on your firewall
                  if you have had CUPS installed before then configuration remains and should work.
                  Unfortunately my 1020 is not printing with this version of CUPS, but I did not researched it deeply now. The CUPS itself is running and allows to configure printers.

                  1 Reply Last reply Reply Quote 0
                  • w0wW
                    w0w
                    last edited by

                    Got it running on 2.2
                    Remember the devfs.rules are not usable in PFsense 2.2, because /etc/rc.d/devfs is missing, you need to copy it manually from original freebsd distribution or better use some script looking like "chmod -R 0777 ulpt0"
                    Since freebsd 10.x devd chaged it's default behaviour you'd better use /usr/local/etc/devd some printer.conf
                    with "new" format that looks different from previous versions.

                    
                    # hp
                    #   hp1020
                    notify 100 {
                    	match "system"		"USB";
                    	match "subsystem"	"DEVICE";
                    	match "type"		"ATTACH";
                    	match "vendor"		"0x03f0";
                    	match "product"		"0x2b17";
                    	action "cat /usr/local/share/foo2zjs/firmware/sihp1020.dl > /dev/usb/1.2.1 &&
                            chmod -R 0666 ulpt0";
                    };
                    
                    

                    Also remember that cups.conf uses new format and you also need to modify cups-files.conf to enable URI for file devices
                    (FileDevice Yes).

                    cupsd.conf sample, don't forget to  remove  "Allow all"  after successful configuration

                    
                    #
                    # "$Id: cupsd.conf.in 11025 2013-06-07 01:00:33Z msweet $"
                    #
                    # Sample configuration file for the CUPS scheduler.  See "man cupsd.conf" for a
                    # complete description of this file.
                    #
                    
                    # Log general information in error_log - change "warn" to "debug"
                    # for troubleshooting...
                    LogLevel warn
                    
                    # Only listen for connections from the local machine.
                    Listen localhost:631
                    Listen 192.168.2.1:631
                    Port 631
                    Listen /var/run/cups.sock
                    
                    # Show shared printers on the local network.
                    Browsing On
                    BrowseLocalProtocols dnssd
                    
                    # Default authentication type, when authentication is required...
                    DefaultAuthType Basic
                    
                    # Web interface setting...
                    WebInterface Yes
                    
                    # Restrict access to the server...
                     <location>Order allow,deny
                    Allow all</location> 
                    
                    # Restrict access to the admin pages...
                     <location admin="">Order allow,deny
                    Allow all</location> 
                    
                    # Restrict access to configuration files...
                     <location admin="" conf="">AuthType Default
                      Require user @SYSTEM
                      Order allow,deny
                    Allow all</location> 
                    
                    # Set the default printer/job policies...
                     <policy default=""># Job/subscription privacy...
                      JobPrivateAccess all
                      JobPrivateValues none
                      SubscriptionPrivateAccess default
                      SubscriptionPrivateValues default
                    
                      # Job-related operations must be done by the owner or an administrator...
                      <limit create-job="" print-job="" print-uri="" validate-job="">Order deny,allow
                    Allow all</limit> 
                    
                      <limit send-document="" send-uri="" hold-job="" release-job="" restart-job="" purge-jobs="" set-job-attributes="" create-job-subscription="" renew-subscription="" cancel-subscription="" get-notifications="" reprocess-job="" cancel-current-job="" suspend-current-job="" resume-job="" cancel-my-jobs="" close-job="" cups-move-job="" cups-get-document="">Require user @OWNER @SYSTEM
                        Order deny,allow
                    Allow all</limit> 
                    
                      # All administration operations require an administrator to authenticate...
                      <limit cups-add-modify-printer="" cups-delete-printer="" cups-add-modify-class="" cups-delete-class="" cups-set-default="" cups-get-devices="">AuthType Default
                        Require user @SYSTEM
                        Order deny,allow</limit> 
                    
                      # All printer operations require a printer operator to authenticate...
                      <limit pause-printer="" resume-printer="" enable-printer="" disable-printer="" pause-printer-after-current-job="" hold-new-jobs="" release-held-new-jobs="" deactivate-printer="" activate-printer="" restart-printer="" shutdown-printer="" startup-printer="" promote-job="" schedule-job-after="" cancel-jobs="" cups-accept-jobs="" cups-reject-jobs="">AuthType Default
                        Require user @SYSTEM
                        Order deny,allow</limit> 
                    
                      # Only the owner or an administrator can cancel or authenticate a job...
                      <limit cancel-job="" cups-authenticate-job="">Require user @OWNER @SYSTEM
                        Order deny,allow</limit> 
                    
                      <limit all="">Order deny,allow</limit></policy> 
                    
                    # Set the authenticated printer/job policies...
                     <policy authenticated=""># Job/subscription privacy...
                      JobPrivateAccess all
                      JobPrivateValues none
                      SubscriptionPrivateAccess default
                      SubscriptionPrivateValues default
                    
                      # Job-related operations must be done by the owner or an administrator...
                      <limit create-job="" print-job="" print-uri="" validate-job="">AuthType Default
                        Order deny,allow</limit> 
                    
                      <limit send-document="" send-uri="" hold-job="" release-job="" restart-job="" purge-jobs="" set-job-attributes="" create-job-subscription="" renew-subscription="" cancel-subscription="" get-notifications="" reprocess-job="" cancel-current-job="" suspend-current-job="" resume-job="" cancel-my-jobs="" close-job="" cups-move-job="" cups-get-document="">AuthType Default
                        Require user @OWNER @SYSTEM
                        Order deny,allow
                    Allow all</limit> 
                    
                      # All administration operations require an administrator to authenticate...
                      <limit cups-add-modify-printer="" cups-delete-printer="" cups-add-modify-class="" cups-delete-class="" cups-set-default="">AuthType Default
                        Require user @SYSTEM
                        Order deny,allow
                    Allow all</limit> 
                    
                      # All printer operations require a printer operator to authenticate...
                      <limit pause-printer="" resume-printer="" enable-printer="" disable-printer="" pause-printer-after-current-job="" hold-new-jobs="" release-held-new-jobs="" deactivate-printer="" activate-printer="" restart-printer="" shutdown-printer="" startup-printer="" promote-job="" schedule-job-after="" cancel-jobs="" cups-accept-jobs="" cups-reject-jobs="">AuthType Default
                        Require user @SYSTEM
                        Order deny,allow</limit> 
                    
                      # Only the owner or an administrator can cancel or authenticate a job...
                      <limit cancel-job="" cups-authenticate-job="">AuthType Default
                        Require user @OWNER @SYSTEM
                        Order deny,allow</limit> 
                    
                      <limit all="">Order deny,allow</limit></policy> 
                    
                    #
                    # End of "$Id: cupsd.conf.in 11025 2013-06-07 01:00:33Z msweet $".
                    #
                    
                    
                    1 Reply Last reply Reply Quote 0
                    • Y
                      yashiharu
                      last edited by

                      [2.2.6-RELEASE][admin@localhost]/etc/rc.d: /usr/local/etc/rc.d/run_cups.sh
                      /usr/local/etc/rc.d/run_cups.sh: /etc/rc.d/devfs: not found
                      Starting cupsd.

                      Message from syslogd@localhost at Feb 23 16:14:39 …
                      localhost cupsd: Unable to read "/usr/local/etc/cups/cupsd.conf" due to errors.
                      /usr/local/etc/rc.d/cupsd: WARNING: failed to start cupsd

                      there's no devfs in /etc/rc.d

                      any advise?

                      1 Reply Last reply Reply Quote 0
                      • w0wW
                        w0w
                        last edited by

                        yashiharu IDK what you do wrong. It works for me.
                        Maybe this is missing
                        rc.conf.local -> into etc

                        cupsd_enable="YES"
                        devfs_enable="YES"
                        devfs_system_ruleset="system"
                        
                        

                        For pfsense 2.3 -> /usr/local/etc/pkg/repos rename it to something else
                        pkg update
                        pkg install CUPS
                        pkg install foo2zjs if needed

                        For USB printers like HP1020 you don't need ulpt anymore.

                        Configure CUPS using CUPS config files.

                        Example of additional printer configuration HP1020, not in CUPS, you may not needed if you have other. There is also other ways to upload printer firmware if needed.

                        /usr/local/etc/devd
                        hp1020.conf

                        
                        # hp
                        #   hp1020
                        notify 100 {
                        	match "system"		"USB";
                        	match "subsystem"	"DEVICE";
                        	match "type"		"ATTACH";
                        	match "vendor"		"0x03f0";
                        	match "product"		"0x2b17";
                        	action "/usr/local/etc/devd/hp1020.sh";
                        };
                        
                        

                        and

                        hp1020.sh

                        #!/bin/sh
                        
                        # Starting CUPS and other things
                        chmod -R 0777 /dev/usb/4.2.1
                        sleep 5
                        cat /usr/local/share/foo2zjs/firmware/sihp1020.dl > /dev/usb/4.2.1
                        sleep 5
                        /usr/local/etc/rc.d/cupsd restart
                        exit 0
                        

                        rc.conf.local -> into etc

                        cupsd_enable="YES"
                        devfs_enable="YES"
                        devfs_system_ruleset="system"
                        
                        

                        Place into /usr/local/etc/rc.d/
                        run.sh

                        
                        #!/bin/sh
                        
                        # Starting CUPS and other things
                        
                        /usr/local/etc/rc.d/cupsd restart
                        
                        exit 0
                        
                        

                        Not sure if it's needed now:
                        Place loader.conf.local into boot if not already there

                        
                        devfs_enable="YES"
                        
                        

                        Restart firewall and check if CUPS is running. If it is running you can try configure your printer via CUPS web interface.
                        For it now works selecting local connection at usb://HP/LaserJet%201020?serial=FN1F99H

                        /usr/local/etc/pkg/repos rename it to something else or delete, rename you renamed repos back to repos  ;)
                        Check if pfsense update shows that you are on the last version or shows new if exists.
                        Every pfsense update you will need to reinstall CUPS package, I think without re-configuration.

                        1 Reply Last reply Reply Quote 0
                        • C
                          c4bcons
                          last edited by

                          I've got a sg-4860 … the process doesn't work for me at all.

                          • the setenv command doesn't work if I run it from the command shell - error message is "sh: setenv: not found"

                          • I add setenv to /root/.tcshrc then save the file, reboot and the setenv line has disappeared

                          I have to admit to being inexperienced with bsd, I have run linux for quite a few years now …. can anyone point me in the right direction please?  BTW, I have o/s 2.4.2_1

                          thank you

                          1 Reply Last reply Reply Quote 0
                          • First post
                            Last post
                          Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.