Hi Jay, Ouch! Just goes to show that nothing is easy :-) I didn't put too much info on wspcfg.ini and mspclnt.ini in the book because you typically don't need to use that stuff :-) However, there are times when you need to bind services to particular ports on the external interface of the ISA Server because there is no other way define the source port on the external interface. You might try using [Spoolss] LocalBindTcpPorts=721-731 RemoteBindTcpPorts=515 You might also have to change the spoolss Disable from 1 to 0 I suspect this will whack any local printing you want to do with the machine, but it might help send those jobs to the external printer. Cross your fingers :-) Tom www.isaserver.org/shinder Thomas W Shinder, M.D., MCSE, MCT -----Original Message----- From: Jay J. Mobley [mailto:jmobley@xxxxxxxxxx] Sent: Thursday, August 23, 2001 1:20 AM To: [ISAserver.org Discussion List] Subject: RE: [isalist] RE: LPR requires defines SOURCE port There I go .. skipping off to fix something without really understanding what I am about to do again. Ok so. I make the server a firewall client , Ok... but here is my log entry. : 10.0.1.220, -, -, N, 8/22/2001, 22:53:15, fwsrv, -, -, -, 4.35.206.254, 515, -, -, 0, 515, TCP, Connect, -, -, -, 0, -, -, -, -, - I don't see anything that counts as a 'process name' so I am a bit lost there. Plus there is nary little info out there on wspcfg.ini or mspclnt.ini ... I even consulted that darned book =) I dont suppose you could elaborate a bit on that ( i couldnt find an application heading in either one ) unless you meant making the heading [process name] in which case Im right back where I started **Cries** Jay -----Original Message----- From: Thomas W. Shinder Sent: Wed 8/22/2001 10:33 PM To: [ISAserver.org Discussion List] Cc: Subject: [isalist] RE: LPR requires defines SOURCE port http://www.ISAserver.org Hi Jay, You can make the machine a Firewall client and configure the mspclnt.ini file to bind the appropriate ports on the ISA Server. You can check the process name in the firewall service logs and use that in the [application] header for the section that includes the bindings. This is a solvable problem, so take heart :-) Tom www.isaserver.org/shinder Thomas W Shinder, M.D., MCSE, MCT -----Original Message----- From: jmobley@xxxxxxxxxx [mailto:jmobley@xxxxxxxxxx] Sent: Wednesday, August 22, 2001 11:43 PM To: [ISAserver.org Discussion List] Subject: [isalist] LPR requires defines SOURCE port http://www.ISAserver.org So As I understand it, NAT works by assigning a dynamic port to outgoing traffic, and when that traffic returns to that port, the server remembers who it goes to. Also as I understand it the RFC for LPR requires that requests send to the server port of 515 originate from 721-731 , or something else depending on where u read. (I believe a revised RFC allows for a wider source port range) but anyway, I MUST find out how to convince my ISA server to send out anything destined for port X ( in this case 515 ) via port Y (721-731) but I find no options that even remotly resemble this. Help please and thank you too. -Jay Mobley ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: tshinder@xxxxxxxxxxxxxxxxxx To unsubscribe send a blank email to leave-isalist-295503G@xxxxxxxxxxxxx ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: jmobley@xxxxxxxxxx To unsubscribe send a blank email to leave-isalist-295503G@xxxxxxxxxxxxx