• Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login
Netgate Discussion Forum
  • Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login

Inter LAN communications

L2/Switching/VLANs
3
11
944
Loading More Posts
  • Oldest to Newest
  • Newest to Oldest
  • Most Votes
Reply
  • Reply as topic
Log in to reply
This topic has been deleted. Only users with topic management privileges can see it.
  • F
    FFH4500
    last edited by FFH4500 Jun 16, 2022, 4:43 AM Jun 16, 2022, 4:40 AM

    Hi all.

    We have 2 businesses operating out of a single office. Each business runs on it's own structurally seperate network with the exception of pfsense providing a single internet connection. So seperate switches, WAP's etc. This is required due to the nature of the second business.

    I have pfsense setup with a Quad NIC card. Currently configured as:

    WAN
    TEXNET (LAN1) - 192.168.10.0/24
    BHNET (LAN2) - 192.168.20.0/24
    FAILOVER WAN

    TEXNET has a printer on the network that we require clients on BHNET to access. I set this up by adding a Pass rule on the TEXNET interface to allow any TCP (IPV4) traffic from BHNET to the specific IP of the printer.

    I also added a Pass rule on the BHNET interface to allow any TCP (IPV4) traffic from printer IP to BHNET.

    This typically works to start but after a while, the printer becomes inaccessible from the BHNET network.

    So where have I gone wrong?
    Rules:
    login-to-view
    login-to-view
    Interfaces:
    login-to-view
    login-to-view

    C J 2 Replies Last reply Jun 16, 2022, 4:53 AM Reply Quote 0
    • C
      chpalmer @FFH4500
      last edited by Jun 16, 2022, 4:53 AM

      @ffh4500 Truthfully you should not need the "rule on the BHNET interface to allow any TCP (IPV4) traffic from printer IP to BHNET."

      On the printer do you have a gateway to 192.168.10.3?

      Triggering snowflakes one by one..
      Intel(R) Core(TM) i5-4590T CPU @ 2.00GHz on an M400 WG box.

      F 1 Reply Last reply Jun 16, 2022, 4:56 AM Reply Quote 0
      • F
        FFH4500 @chpalmer
        last edited by FFH4500 Jun 16, 2022, 4:56 AM Jun 16, 2022, 4:56 AM

        @chpalmer

        @chpalmer said in Inter LAN communications:

        Truthfully you should not need the "rule on the BHNET interface to allow any TCP (IPV4) traffic from printer IP to BHNET.

        Yeah I know, I was just removing all restrictions to and from the printer.

        @chpalmer said in Inter LAN communications:

        On the printer do you have a gateway to 192.168.10.3?

        Yes.

        1 Reply Last reply Reply Quote 0
        • J
          johnpoz LAYER 8 Global Moderator @FFH4500
          last edited by johnpoz Jun 16, 2022, 4:58 AM Jun 16, 2022, 4:57 AM

          @ffh4500 as stated you do not need a return rule. Once you allow traffic from a source network to the destination network via rule on the source network the return traffic is allowed via the state.

          This typically works to start but after a while

          this would have to mean the printer has a gateway, or it would never work..

          Your going to have to troubleshoot why its not working.. Sniff the traffic on the printer side network interface - do you see the traffic going to the printer?

          Are you saying traffic to the printer is logged as blocked, when you have rule that allows? I would say if starts to works and then fails that could point to asymmetrical flow - but you have stated that these are 2 physical separate networks.

          An intelligent man is sometimes forced to be drunk to spend time with his fools
          If you get confused: Listen to the Music Play
          Please don't Chat/PM me for help, unless mod related
          SG-4860 24.11 | Lab VMs 2.7.2, 24.11

          F C 2 Replies Last reply Jun 16, 2022, 5:04 AM Reply Quote 0
          • F
            FFH4500 @johnpoz
            last edited by Jun 16, 2022, 5:04 AM

            @johnpoz

            @johnpoz said in Inter LAN communications:

            this would have to mean the printer has a gateway, or it would never work..

            Just so it is clear what you're asking, when you say does the printer have a gateway do you mean does it have a print gateway or do you mean the printer has a gateway set in the NIC? Currently the printer has the gateway set in the NIC as 192.168.10.3.

            @johnpoz said in Inter LAN communications:

            Are you saying traffic to the printer is logged as blocked, when you have rule that allows?

            No, it works fine for a period and then stops. Typically when it stops I get CLOSED:SYN_SENT in the states.

            1 Reply Last reply Reply Quote 0
            • C
              chpalmer @johnpoz
              last edited by Jun 16, 2022, 5:19 AM

              @johnpoz said in Inter LAN communications:

              this would have to mean the printer has a gateway, or it would never work..

              Yeah.. I know that but.. looking for a reason this is happening. Seems like it goes to sleep and then loses its gateway somehow. I have a Canon lazer printer right here in the house that gets printed to from multiple sources on various VPN's. Usually by me on remote sites.

              Triggering snowflakes one by one..
              Intel(R) Core(TM) i5-4590T CPU @ 2.00GHz on an M400 WG box.

              F 1 Reply Last reply Jun 16, 2022, 5:23 AM Reply Quote 0
              • F
                FFH4500 @chpalmer
                last edited by Jun 16, 2022, 5:23 AM

                @chpalmer

                @chpalmer said in Inter LAN communications:

                Seems like it goes to sleep and then loses its gateway somehow.

                Yeah that was my thoughts too but wouldn't it start working again when the printer "wakes up", in this case it is not.

                The printer is a Canon ir-adv c3730, the sleep option is enabled but there is an exception for the LAN to stay awake, in fact you cannot turn off the sleep option. 😕

                C 1 Reply Last reply Jun 16, 2022, 5:25 AM Reply Quote 0
                • C
                  chpalmer @FFH4500
                  last edited by Jun 16, 2022, 5:25 AM

                  @ffh4500

                  Like mentioned then.. time for some packet captures. Look at both interfaces for traffic both ways.

                  See where the traffic is failing to flow.

                  Triggering snowflakes one by one..
                  Intel(R) Core(TM) i5-4590T CPU @ 2.00GHz on an M400 WG box.

                  F 1 Reply Last reply Jun 16, 2022, 5:29 AM Reply Quote 0
                  • F
                    FFH4500 @chpalmer
                    last edited by Jun 16, 2022, 5:29 AM

                    @chpalmer

                    Looks like I have a solution in place. A simple 1:1 mapping using the Subline feature on the printer appears to have resolved the issue.

                    Still doesn't explain why I couldn't get it to work in the other configuration. I will do further investigation and report back.

                    Appreciate the help. 😊

                    C J 2 Replies Last reply Jun 16, 2022, 5:32 AM Reply Quote 0
                    • C
                      chpalmer @FFH4500
                      last edited by Jun 16, 2022, 5:32 AM

                      @ffh4500

                      Yeah.. that further says it is a gateway issue. I betcha Canon has some bugs in that particular model.

                      Absolutely keep everyone up to date on this one.. next guy that comes along will appreciate ya!

                      Triggering snowflakes one by one..
                      Intel(R) Core(TM) i5-4590T CPU @ 2.00GHz on an M400 WG box.

                      1 Reply Last reply Reply Quote 0
                      • J
                        johnpoz LAYER 8 Global Moderator @FFH4500
                        last edited by Jun 16, 2022, 11:45 AM

                        @ffh4500 said in Inter LAN communications:

                        A simple 1:1 mapping using the Subline feature on the printer

                        subline? huh?

                        An intelligent man is sometimes forced to be drunk to spend time with his fools
                        If you get confused: Listen to the Music Play
                        Please don't Chat/PM me for help, unless mod related
                        SG-4860 24.11 | Lab VMs 2.7.2, 24.11

                        1 Reply Last reply Reply Quote 0
                        3 out of 11
                        • First post
                          3/11
                          Last post
                        Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.