Pfsense Logo

Installing the CUPS Print Server to pfSense 2.1 and 2.x

CUPS, the Common UNIX Printing System, provides a portable printing layer for UNIX-based operating systems. It has been developed by Easy Software Products to promote a standard printing solution for all UNIX vendors and users.

To install CUPS using a precompiled binary, for pfSense 2.x, issue the following command from a root terminal:

Note: For NanoBSD, must remount embedded filesystem as read-write.

pfSense 2.1: in the GUI under Diagnostics > NanoBSD, using the toggle button there.

Previous version:

/etc/rc.conf_mount_rw

Adding CUPS to PFSense 2.1

Step 1: Add correct repository

For x86 version:

setenv PACKAGESITE ftp://ftp-archive.freebsd.org/pub/FreeBSD-Archive/old-releases/i386/8.1-RELEASE/packages/Latest/

or

setenv PACKAGESITE http://www.mirrorservice.org/pub/FreeBSD/ports/i386/packages-8.3-release/Latest/

For x64 version:

setenv PACKAGESITE http://www.mirrorservice.org/pub/FreeBSD/ports/amd64/packages-8.3-release/Latest/

Step 2: Install CUPS + dependencies

pkg_add -r cups

Step 3: modify cupsd.conf

Replace the original config file (/usr/local/etc/cups/cupsd.conf) with the text below, this will allow anyone on the local network to access the Web GUI, cancel print jobs, and connect to the printer.

DefaultEncryption Never
LogLevel warn
SystemGroup wheel
# Allow remote access
Port 631
Listen /var/run/cups.sock
# Enable printer sharing and shared printers.
Browsing On
BrowseOrder allow,deny
BrowseAllow all
BrowseRemoteProtocols CUPS
BrowseAddress @LOCAL
BrowseLocalProtocols CUPS
DefaultAuthType Basic
<Location />
# Allow shared printing and remote administration...
Order allow,deny
Allow @LOCAL
</Location>
<Location /admin>
# Allow remote administration...
Order allow,deny
Allow @LOCAL
</Location>
<Location /admin/conf>
AuthType Default
Require user @SYSTEM
# Allow remote access to the configuration files...
Order allow,deny
Allow @LOCAL
</Location>
<Policy default>
<Limit Send-Document Send-URI Hold-Job Release-Job Restart-Job Purge-Jobs Set-Job-Attributes Create-Job-Subscription Renew-Subscription Cancel-Subscription Get-Notifications Reprocess-Job Cancel-Current-Job Suspend-Current-Job Resume-Job CUPS-Move-Job CUPS-Get-Document>
Require user @OWNER @SYSTEM
Order deny,allow
</Limit>
<Limit CUPS-Add-Modify-Printer CUPS-Delete-Printer CUPS-Add-Modify-Class CUPS-Delete-Class CUPS-Set-Default CUPS-Get-Devices>
AuthType Default
Require user @SYSTEM
Order deny,allow
</Limit>
<Limit Pause-Printer Resume-Printer Enable-Printer Disable-Printer Pause-Printer-After-Current-Job Hold-New-Jobs Release-Held-New-Jobs Deactivate-Printer Activate-Printer Restart-Printer Shutdown-Printer Startup-Printer Promote-Job Schedule-Job-After CUPS-Accept-Jobs CUPS-Reject-Jobs>
AuthType Default
Require user @SYSTEM
Order deny,allow
</Limit>
<Limit CUPS-Authenticate-Job>
Require user @OWNER @SYSTEM
Order deny,allow
</Limit>
<Limit All>
Order deny,allow
</Limit>
</Policy>
<Policy authenticated>
<Limit Create-Job Print-Job Print-URI>
AuthType Default
Order deny,allow
</Limit>
<Limit Send-Document Send-URI Hold-Job Release-Job Restart-Job Purge-Jobs Set-Job-Attributes Create-Job-Subscription Renew-Subscription Cancel-Subscription Get-Notifications Reprocess-Job Cancel-Current-Job Suspend-Current-Job Resume-Job CUPS-Move-Job CUPS-Get-Document>
AuthType Default
Require user @OWNER @SYSTEM
Order deny,allow
</Limit>
<Limit CUPS-Add-Modify-Printer CUPS-Delete-Printer CUPS-Add-Modify-Class CUPS-Delete-Class CUPS-Set-Default>
AuthType Default
Require user @SYSTEM
Order deny,allow
</Limit>
<Limit Pause-Printer Resume-Printer Enable-Printer Disable-Printer Pause-Printer-After-Current-Job Hold-New-Jobs Release-Held-New-Jobs Deactivate-Printer Activate-Printer Restart-Printer Shutdown-Printer Startup-Printer Promote-Job Schedule-Job-After CUPS-Accept-Jobs CUPS-Reject-Jobs>
AuthType Default
Require user @SYSTEM
Order deny,allow
</Limit>
<Limit Cancel-Job CUPS-Authenticate-Job>
AuthType Default
Require user @OWNER @SYSTEM
Order deny,allow
</Limit>
<Limit All>
Order deny,allow
</Limit>
</Policy>
BrowseWebIF Yes

Step 4: Create the startup script (/usr/local/etc/rc.d/run_cups.sh) for CUPS

#!/bin/sh

 # Allow time for devfs to initialize.
sleep 5

 # This will allow LPT(parallel port) printers.
echo -e "[system=10] \nadd path 'unlpt*' mode 0660 group cups\nadd path 'ulpt*' mode 0660 group cups\nadd path 'lpt*' mode 0660 group cups" > /etc/devfs.rules

 # Restart devfs so it can read new config.
/etc/rc.d/devfs restart

 # Allow time for devfs to initialize.
sleep 5

 # Now let's start CUPS!
/usr/local/etc/rc.d/cupsd onestart

Step 5: Make the script executable

`chmod 755 /usr/local/etc/rc.d/run_cups.sh`

Step 6: Add rule to devfs so CUPS print server can start on boot

Add two lines to /etc/rc.conf

cupsd_enable="YES"
devfs_system_ruleset="system"

Step 7: Disable CUPS during reboot and shutdown

Add the following command to "/etc/rc.reboot" and "/etc/rc.shutdown" before the line that says "# If PLATFORM is pfSense then remove"

/usr/local/etc/rc.d/cupsd stop

All set. Start CUPS now

Reboot or use command:

/usr/local/etc/rc.d/run_cups.sh

Add printer to CUPS:
Now open up your web browser and go to "http://Your pfSense address:631".

Printer driver:

Foomatic: a database-driven system for integrating free software printer drivers with common spoolers under Unix. If you receive error "stopped with status 22". Install foomatic-db + dependencies.

pkg_add -r foomatic-db foomatic-filters

hplip: HP drivers for DeskJet, OfficeJet, Photosmart, Business Inkjet and some LaserJet printer models, as well as a number of Brother printers.

pkg_add -r hplip

gutenprint: A collection of high quality drivers for Canon, Epson, Lexmark, Sony, Olympus, and PCL printers for use with GhostScript, CUPS, Foomatic, and the GIMP

pkg_add -r  gutenprint

splix: Samsung drivers for SPL (Samsung Printer Language) printers.

pkg_add -r  splix

Missing printer driver file PPD? Some printers' PPD are available in http://www.openprinting.org/printers

Troubleshooting:

If you receive error: "Unable to create certificate file /var/run/cups/certs/0 - No such file or directory", add the following command to the startup script.

mkdir -r /var/run/cups/certs/

If you receive error: "cupsdReadClient: Unable to write 14 bytes to /var/spool/cups/00000005: Bad file descriptor", add the following command to the startup script.

mkdir -pv /var/spool/cups/

If your CUPS decided to detect printers as a /dev/ulpt1 /dev/ulpt0 instead of the correctly detected printer (with /dev/usb/0.2.* and /dev/usb/0.3.*), to enable printing with local printer you need to give group 'cups' r/w access to printer device:

1) Add following to /etc/devfs.rules (create if it doesn't exist):

[system=10]
add path 'unlpt*' mode 0660 group cups
add path 'ulpt*' mode 0660 group cups
add path 'lpt*' mode 0660 group cups

2) And following to /etc/rc.conf:

devfs_system_ruleset="system"

3) Restart devfs:

/etc/rc.d/devfs restart

If your system supports 'devd' you can copy
$PREFIX/share/examples/cups/lpt-cupsd.conf to $PREFIX/etc/devd/

To enable printing under Gimp and MS-Windows clients do the following:

  1. Uncomment application/octet-stream line in mime.types
  2. Uncomment application/octet-stream line in mime.convs
  3. Restart cupsd

If you are using libusb, it is important that no device driver, e.g. ulpt(4) is attached to the device you wish to use. In this case please ensure the cups user and group has read/write access to /dev/ugen*

If you are using a USB printer wtih FreeBSD 8.0 or later, you will need to find the proper /dev/usb/* device pointed at by the /dev/ugen* entry. Follow the instructions for devfs.rules as above, but append a rule similar to the following for a printer attached as /dev/ugen0.2:

add path 'usb/0.2.*' mode 0660 group cups