Pfsense - configure access between two/three different networks to a shared printer
-
@ranga-loku said:
At the moment i can print via LAN (additional 2nd ip added to workstation)
• However if i need to scan to email via the network printer, it's not working
currently got printer statically configured with following
192.168.100.88
255.255.255.0
192.168.100.124
dns 8.8.8.8From what I'm reading here, printing from the original LAN subnet 192.168.88.0/24 is or is not working? or is your 2nd IP in the 192.168.100.0/24? which one is working for printing.
If you're printing from the LAN (192.168.88.0/24) that lets you know that networking is setup correctly. Your printing traffic is moving from LAN to your PrinterLAN.
What it seems like though may be the email portion of your printer configuration. Does the printer act as it's own email server or does it need to send to an email server?...I would check that out. You may need to set up a simple SMTP server on your PrinterLAN.
just let me what is the answer to both of questions. someone will try to help!
-
Hi guys, thanks for the quick response.
The printing is only working on the pc that has 2 static address one for the TRUSTED (primary)
2nd ip is added to the same pc to be able to ping 192.168.100.88 (the printer)
i can only ping the printer on this PC. pinging via pfsense fails.The printer needs send via smtp server (e.g. smtp.gmail.com)
Basically i'm trying to have 2 or more independent LANs be able to share one printer
is there a more simpler way to set this up
each LAN has its own internet connection (except for the printervlan) and should only be able to print to the common Kyocera color printerthe pfsense should only provide security to the 192.168.88.0/24 network
the other connections have their own WAN routersthanks in advanced for your help
much appreciated
Ryan -
I'm not at home to really dig into this but I think having a diagram would help.
Usually you can spot problems really quick by just drawing out your network in paint or Visio.
Would help us help you too.
-
Create a firewall access rule that provides access to that single IP address of your printer from both subnets but only to that IP address.
Verify that you have a routes from each vlan to that one subnet as well and of course routes from that printer subnet back to each subnet.
For the email from the printer you also want to make sure that you have access rules to allow for this traffic to the smtp server. You may also need to set a route for acesss to the subnet that your smtp server is on as well.
This is a just a guess without testing it.
-
Is this drawing correct?
As Ronnie mentioned, make sure you have a route so that 192.168.100.0/24 can get to the WAN interface of 192.168.1.0/24.
I would put a test workstation on the 192.168.100.0/24 subnet and see if you could ping the email server or anything on the internet (I am assuming your email server is hosted online). If not that let's you know that routing to the WAN is not working.
-
@ranga-loku said:
192.168.100.88
Thanks Daniel, visualising the setup makes it easier to troubleshoot.
that's exactly my setupsee below screen grabs of the settings
So Daniel, should i create this route on pfsense - currently none set.
Thanks guys for all your effort
-
try it and see if it fixes the issue. I believe the lack of routing between the WAN and the printer is the root cause of the inabilety to send emails directly from the printer.
-
wont let me create the route:
The following input errors were detected:This network conflicts with address configured on interface PrinterLANVLAN.
-
@ranga-loku took me a few days but I finally got pfsense working inside VIRL. I now have an exact replica of your situation. unfortunately it's 4:30AM and sleep is apparently this thing humans need. So I'll see what things I can play with tomorrow to get things working or not working.
-
@ranga-loku
ok after playing with pfsense I think the problem is in your firewall rules. Try turning off all the rules for PrinterLanVLAN and add an all access rule. If your printer starts working then the problem is you are blocking the necessary traffic the printer needs to do what you want it to.I know it's a lot but can you post screen grabs of all your rules?