Need help printing from one network to another
-
@nosenseatall you sure your printer has a gateway set, and it points to pfsense IP on the 192.168.1 network?
Yo won't be able to talk to a printer on another network, if the printer has no gateway.. The correct fix is to set a gateway. A work around if you can not do that is do an outbound nat on your printer network interface, so the printer thinks the traffic is coming from pfsense IP on the same network as the printer.
-
@stephenw10 I am not sure I know where to get the information to answer your question. When I look at the rule I see 0/0b. Is that what you're referring to?
-
@johnpoz These are the printer settings.
-
@nosenseatall that is good you have a gateway, and assume 192.168.1.1 is pfsense IP on that network.
Your rule below your any any is pointless.. Your any any rule would allow access to anything..
So you must be blocking access before it.. What networks are in that pfb_pri alias? Is this printer on your lan subnet? Or any of your other blocks? Do you have any rules in floating?
I would look in the diag table section for what is include in that top pfb rule..
-
@johnpoz "A work around if you can not do that is do an outbound nat on your printer network interface, so the printer thinks the traffic is coming from pfsense IP on the same network as the printer."
Would you mind showing me what that would look like? I haven't done something like that yet.
Thank you!
-
@nosenseatall I could show you but unless your printer just isn't answering because the source is not allowed by the printer or it was sending it to some other gateway (not pfsense) that wouldn't do any good.
Sniff on on your pfsense 192.168.1.1 interface, and do you ping test again... Do you see the traffic sent to the printers IP 192.168.1.71 but don't get a reply.
Your sniff showing the pings seems to be on the source interface of where pfsense is seeing the ping it should route to the printer.
I would guess your just blocking the traffic with the pfb alias rule on the very top, or one of your other rules that are blocking? or you have something in floating..
If you show the traffic leaving pfsense to the printer in the sniff on 192.168.1.1 interface.. And you validate that is sending to the correct mac but just don't get an answer, sure happy to walk you through how to do the outbound nat thing.. But your printer has a gateway, so it should allow to print to it from any of your networks as long as you allow it in the firewall rules.
It would be like this, but with your specific interface and networks.
Doing it to directly access my cameras - because they point to the nvr as their gateway.. So to directly get to them I make the traffic look like it comes from pfsense IP address in the cam network.
-
You should see some bytes and states on that rule if it's at the top of the list. When the host in 172.16.1.X subnet tries to connect to the printer. Or if you just try to ping the printer manually.
-
"assume 192.168.1.1 is pfsense IP on that network" - that is correct
"Your rule below your any any is pointless.. Your any any rule would allow access to anything.." - Are you referring to this?
"What networks are in that pfb_pri alias?" The 38267_Alt is the only network associated with pfBlocker at the moment.
"Is this printer on your lan subnet?" - Yes 192.168. is LAN network
"Do you have any rules in floating?" - This is the only one
-
@nosenseatall said in Need help printing from one network to another:
"What networks are in that pfb_pri alias?"
This rule
Look in your table for that alias.. Doe it contain rfc1918 space or your 192.168.1 network
And seems you keep changing your rules? If that is your lan interface, is there where the 172.16.1.3 client is, what network is your 192.168.1.71 printer on?
Your rules to allow 172.16.1.3 should be on that networks interface.. That rule your showing is not allowing icmp so you ping test would not work..
edit: here
The rules to allow .3 to talk to your printer should be on that interface.. What rules you have on the 192.168.1.1 make no matter you could have zero rules there and .3 could still talk to your printer if rules on pfsense 172.16.1.1 interface allow it. And printer allows it and points its gateway back to pfsense 192.168.1.1 address..
-
Thank you ALL for your help.
Something in pfBlocker is causing the problem.
When I disabled it, everything started working. I re-enabled pfBlocker and put the allow print rule above it and were still good to go.
-
@nosenseatall said in Need help printing from one network to another:
pfBlocker is causing the problem
it prob contains the rfc1918 space.. Which is why it would block you from talking to a rfc1918 network, ie your 192.168.1
Did you add any groups? I checked these
Only one I could see what was in was this one - are you using that one?
https://pulsedive.com/premium?key=API_KEY&types=ip
-
@johnpoz said in Need help printing from one network to another:
https://pulsedive.com/premium?key=API_KEY&types=ip
Thanks for looking. I am not using Pulsedive, but have been digging around also to see what I can find.
