1 WAN, 3 LANs, can't access host on one LAN
-
sounds like printer is missing default gateway, or does have wrong ip on it
-
You do not need nat between lans, just routing.
Change outbound nat to manual and leave just wan on list.
Also you need to change one of wlan networks, both are on same 172.16.2, both are on same ip range.
Last thing to check are wlan firewall rules.
-
You do not need nat between lans, just routing.
Change outbound nat to manual and leave just wan on list.
Also you need to change one of wlan networks, both are on same 172.16.2, both are on same ip range.
Last thing to check are wlan firewall rules.
Apologies for a typo. It actually is on a different subnet (172.16.1). There are no rules on either wlan interface, and outbound NAT only has WAN present. Even checked printer and it lists itself as having the correct IP & gateway
-
There are no rules on either wlan interface.
So, there is no outbound traffic. Firewall is blocking everything. :(
-
There are no rules on either wlan interface.
So, there is no outbound traffic. Firewall is blocking everything. :(
There is a floating rule for allow anything from LAN, and the two wireless LANs, to go anywhere. Outbound works fine. I am able to ping other hosts on the 172.16.1 subnet so I suspect its something goofy with this printer… I setup a NAT from the two non-172.16.1 subnets to the 172.16.1 subnet, and now I can ping and access the http interface of the printer but still cannot print to it (on a macbook, believe using bojour)
-
There is a floating rule for allow anything from LAN, and the two wireless LANs, to go anywhere. Outbound works fine. I am able to ping other hosts on the 172.16.1 subnet so I suspect its something goofy with this printer… I setup a NAT from the two non-172.16.1 subnets to the 172.16.1 subnet, and now I can ping and access the http interface of the printer but still cannot print to it (on a macbook, believe using bojour)
You do not need nat for this internal communication.
Make some tcpdumps form opt1 to lan to see how packages are flowing.
check and recheck your printers network setup(netmask, gateway, etc)
-
I have a config that is similar and I'm not sure how to configure. See my image for what I am trying to do. What is the recommended method for this? My printer exist on the LAN and I have two other networks OPT1 and OPT2. I want OPT1 and OPT2 to see the printers on the LAN. The issue is the application on the devices on OPT1 can only find the printer with a search of the local (OPT1) subnet and do not allow entering the IP:PORT directly. Is it possible to make it appear on the OPT1 network for this purpose?
-
Disable nat between networks and create firewall rules on OPTx and LAN to specify traffic you want to permit.
-
How do I disable NAT between LAN & OPTx while maintaining NAT for WAN?
-
firewall -> nat -> outbound.
change to manual and leave only WAN rule.
-
to accomplish the same thing as you are trying i did the following;
first created aliases of the ips of all printers and file servers i wanted seen by other lans and subs called fileservers
created a alias for the ports required for the subnets and lan to talk to the printers. this is based on the os of the client called it nfsportshere is a list of some ports you may require
netbios-ns - 137/tcp # NETBIOS Name Service
netbios-dgm - 138/tcp # NETBIOS Datagram Service
netbios-ssn - 139/tcp # NETBIOS session service
microsoft-ds - 445/tcp # if you are using Active DirectoryOther ports
Port 389 (TCP) - for LDAP (Active Directory Mode)
Port 445 (TCP) - NetBIOS was moved to 445 after 2000 and beyond, (CIFS)
Port 901 (TCP) - for SWAT service (not related to client communication)and the the port 631 for cups there might be more if you require file sharing across subnets
after that in the subnet or lan (opt tab) in firewall rules
i created a rule as below
TCP/UDP WIFI net * fileServers nfsPorts * none NFS/CUPS NETBIOS trafficthe wifi net is what i name the opt(x) that was allowed to share files and printers
also in cups there is a command that has to be set for it to talk to different subnetsif i can remember it is BrowseAllow all and Browsing On and there is BrowseAddress xxx.xxx.xxx.xxx is the ip of the subnet
this should help.