Share files and printers
-
ok have all interfaces up and running can see net and browse,
setup 5 nics
wan –> internet static ip
lan -->192.168.0.0/24
subnet172 -->172.16.0.0/24
kidssubnet -->192.168.5.0/24
wifi --> 192.168.6.0/24on lan interface have 2 printers attached to machines.
samsung running on ubuntu @ ip 192.168.0.130
brother running on ubuntu server @ ip 192.168.0.100
everyone on the lan can print to both printers
on the kids and wifi can't print or access files on ubuntu server
rules for lan- LAN net * * * * none
- LAN net * WIFI net * * none
ICMP * * LAN net * * none allow ping firewall pfsense_AP
rules for kidssubnet
- KIDSSUBNET net * * * * none allow to all other interfaces
rules for wifi
- WIFI net * * * * none allow clients on AP to access clietns on lan and wan
-
- WIFI net * * none allow ping firewall pfsense_AP
i don't want the wifi and kidssubnet access to all just 2 ips the printers and the server
so this is what i think should work
under kidssubnet the rules would be- KIDSSUBNET net * 192.168.0.130 * * none allow to samsung printer
KIDSSUBNET net * 192.168.0.100 * * none allow access to printer and file server
and repeat for wifi
and in the lan interface have these
KIDSSUBNET net * 192.168.0.100 * * none allow access to printer and file server
KIDSSUBNET net * 192.168.0.130 * * none allow to samsung printer
any input if i got the right idea would be great
thanks -
What you use to share those printers in ubuntu? what is in those conf-files? does those confs allow which subnets?
Maybe this question had to split into ubuntu and pfsense forums. ubuntu print sharing, pfsense port opening.
So what is the software to share those printers in lan? so there we could get the port number to open up as an example cups uses tcp:631 -
Since the printers are attached to PC's and not network IP based printers I would think you might have to either bridge the subnets in PFsense or modify the hosts file on the kids PC's so those PC's know where the server and print share PC's are.
-
What you use to share those printers in ubuntu? what is in those conf-files? does those confs allow which subnets?
Maybe this question had to split into ubuntu and pfsense forums. ubuntu print sharing, pfsense port opening.
So what is the software to share those printers in lan? so there we could get the port number to open up as an example cups uses tcp:631cups server on both machines running standard 631 port
-
What else you run? smb?
-
What else you run? smb?
NFS file shares
on the same 2 machines that share printers
And twonky media server on 192.168.0.100 -
Do you have any firewalls in those ubuntu machines?
Here is quote from this siteAllow only traffic from authorised NFS clients to the NFS server (on server)
Supposing that an NFS server only provides the NFS service but nothing else so there are three ports available to use on the server, i.e., RPC Portmapper (on port 111), NFS (on port 2049), and Mountd (on port 2219). Here we can do some filtering on traffic that goes to the NFS server. Through the iptables firewall running locally on the NFS server (you must install iptables to use the following commands), allow only traffic from any authorised NFS client to the server. Allow traffic from an authorised subnet 10.226.43.0/24 to the ports Portmapper, NFS, and Mountd.
#iptables -A INPUT -i eth0 -s 10.226.43.0/24 -dport 111 -j ACCEPT
#iptables -A INPUT -i eth0 -s 10.226.43.0/24 -dport 2049 -j ACCEPT
#iptables -A INPUT -i eth0 -s 10.226.43.0/24 -dport 2219 -j ACCEPTSo for nfs you should allow tcp ports: 111, 2049 and 2219. If you also use dns port 53 should be open and even udp easys a little (TCP dns query works, but it's slower)
-
so my rule would be in the lan interface
TCP KIDSSUBNET net * 192.168.0.100 111 * none allow access to file server
TCP KIDSSUBNET net * 192.168.0.100 2049 * none allow access to file server
TCP KIDSSUBNET net * 192.168.0.100 2219 * none allow access to file serverTCP wifi net * 192.168.0.100 111 * none allow access to file server
TCP wifi net * 192.168.0.100 2049 * none allow access to file server
TCP wifi net * 192.168.0.100 2219 * none allow access to file server
probley create a alias with both server ips
would this be right ! -
Almost right.. pfsense works in ingress. So if you want to allow traffic from kidssubnet to lan, you'll need to create that rule in kidssubnet interface.
and to ease up, you can create two aliases:
port alias with following: 111, 631, 2049 & 2219
host alias with both server ip'sand then create rule
tcp/udp !!THAT INTERFACE WHERE YOU WANT TO ALLOW TRAFFIC!! * ServerAlias PortAlias * none NFS/CUPS trafficAnd if that wont work i'll give up, cause i've nothing else on my sleeves to get this work, except checking linux configs
-
i got to get pfsense works in ingress in my head and i think i should be able to figure the rest of filtering out
thanks Again
created to alias nfsports with the 4 ports
and created fileservers with the serverips
hope this works got it setup and will try it, see what happens -
I'm also having problems allowing access to standard file and printer sharing on a 2 LAN 2 Gateway setup..
any help would be appreciated.
-
You're not telling important info, what kind of printer sharing etc
-
@pcboarders:
i got to get pfsense works in ingress in my head and i think i should be able to figure the rest of filtering out
thanks Again
created to alias nfsports with the 4 ports
and created fileservers with the serverips
hope this works got it setup and will try it, see what happensseems to work for all printers and files that are ubuntu based (nfs)
samba is having a canary re-configuring samba to see if that works