How can I achieve this with my current setup?
-
The printer gets automatically 10.0.0.99 because I assigned it in the DHCP mappings (10.0.0.100 - 10.0.0.120 for the computers, easier for me to remember :P).
It's a Ricoh MPC2050, every computer in LAN can print through PCL5 and PCL6 and access the web interface. I want to print and access its web interface from another computer over the Internet (I was able to before this setup).
It scans and saves through SAMBA, but there's a known bug with the printer since it's using SAMBA1 and I have to do some workaround about it with Windows 7 by disabling Samba2, which I have not done yet, but it's unrelated to my current issue.
I'm going to try to assign staticly from the printer itself and report back. Thanks.
-
I got tired of broadcast dependent printers some time ago. I've converted all my stuff to internet printing protocol. Very simple. Just point to the port and fire. No worrying about windows network crap or samba this and that.
Personally, I'm glad your printer isn't visible to the public internet. Thats just not smart.
I think what you are experiencing is a safety feature… ;D
-
Damn, I'd be mad >:(
Any way to confirm or override?
-
Confirm or over ride what?
-
The safety feature.
-
Whilst having a publicly addressable printer is perhaps… unwise, it should work.
If you are doing 1:1 NAT, and have it setup exactly as the other LAN clients which are working, I can't see why it wouldn't work. Even if it had some code to prevent it using a public IP (which seems very unlikely) it doesn't know because it's behind NAT.
The fact that it can't ping out seems like a clue, NAT not working correctly perhaps. Can it ping the pfSense VM? When it fails to ping is there any error message?Steve
-
With my samba server stuff, it always needs to know it subnet and workgroup in the samba config. That and telling it to accept anonymous clients etc.
Check your setup to see if its set up thinking it should be looking at this or that subnet that has changed. -
Take a break guys, I'm at home, will report tomorrow. Have a good night.
-
Let the fun begins. ;D
Printer can ping pfSense's public IP (xxx.xxx.xxx.98) and can ping any LAN clients (10.0.0.100 - 10.0.0.120)
Again, printer can't ping anything outside LAN. (Err: Ping has failed)It gets subnet automatically (255.255.255.0), has SAMBA Workname and Name set up. But printer only uses SAMBA for saving scans.
-
I frankly cannot see why printer should ping anything, in or outside LAN. Maybe you should make clear what is the issue here.
-
I frankly cannot see why printer should ping anything, in or outside LAN. Maybe you should make clear what is the issue here.
I cannot print over the internet or access its web interface over the internet, I think I've stated that multiple times.
-
I got it! ;D It's working now. I removed it from pfSense DHCP mappings, assigned it manually in printer. Don't know why it works now though.
-
I'm a little late to the game on this thread but it looks like you've gone ahead with a 1:1 nat setup for this. Alternatively you could have configured pfSense as a "transparent firewall" by setting up a bridge interface, disabling NAT, and configuring the public IPs directly on the "X amount of Comptuers".
This would have made pfSense work essentially like a QoS 'cable' linking the WAN connection into your switch. You also retain packet filtering functionality, and you don't have to configure any virtual IPs in the process.
For 1:1 NAT you don't need VIPs either if you're mapping them to devices behind the FW. This is also the best way to go if you want to have a private internal IP range that you route through pfSense for sharing an external IP with multiple internal devices.
I only chimed in because it appears that you want to use a pfSense VM on an existing server to run QoS for a bunch of stuff that is dedicated to WAN2 while leaving the orange and purple stuff set up as is using the other wifi router and WAN1.
-
I never was clear on your clients where. Assigning the IP statically often fixes thing when you would think DHCP should have worked but didn't. I'm glad it worked.
-
I'm a little late to the game on this thread but it looks like you've gone ahead with a 1:1 nat setup for this. Alternatively you could have configured pfSense as a "transparent firewall" by setting up a bridge interface, disabling NAT, and configuring the public IPs directly on the "X amount of Comptuers".
This would have made pfSense work essentially like a QoS 'cable' linking the WAN connection into your switch. You also retain packet filtering functionality, and you don't have to configure any virtual IPs in the process.
For 1:1 NAT you don't need VIPs either if you're mapping them to devices behind the FW. This is also the best way to go if you want to have a private internal IP range that you route through pfSense for sharing an external IP with multiple internal devices.
I only chimed in because it appears that you want to use a pfSense VM on an existing server to run QoS for a bunch of stuff that is dedicated to WAN2 while leaving the orange and purple stuff set up as is using the other wifi router and WAN1.
I just deleted all the Virtual IP's and you were right! I was going for your setup in the beginning, setting up each IP at every computer, but turns out it's much easier for me with DHCP mappings and NAT 1:1.
Yes, for the moment I solved purple and red part, I'll have to read on about how Radius and Captive Portal work in pfSense for a DD-WRT router authentication.
-
Hmm, interesting.
What are you mapping the internal machines to if you have removed the virtual IPs?
I am failing to see how this could work, I welcome a further explanation.Steve
-
Hmm, interesting.
What are you mapping the internal machines to if you have removed the virtual IPs?
I am failing to see how this could work, I welcome a further explanation.Steve
I'm not sure, I just removed the VIP's and tested for a few minutes and they worked, but I got a huge problem right now :'(
My ISP took out my service by error (have to wait about 1-3 days), and I plugged my old ISP (the one I was using before without pfSense), it was a new setup of pfSense, I set it up with NAT 1:1 and VIP's just like how it was working before, but with different public IP's, everything worked fine for ~4 hours, then a few computers got disconnected (some playing League of Legends) some were fine, until every computer got disconnected.
I can ping any site or IP in pfSense console, but nothing in the LAN clients.
-
For me, I use VIPs if I get my IPs by bridging and I use additional Virtual WAN ports if I'm getting IPs by DHCP.
But the transparent firewall thing just screwed me when I tried it with zero NAT. -
Ah yes! I was forgetting it was vitual. Yes adding extra WAN interfaces makes sense. Probably easier to setup too. However I'm not sure that's what Orientalsniper did, it seemed like he just deleted the VIPs. :-\
This new problem sounds like it could be a DHCP issue. As the leases expire the machines are not renewing correctly?
Steve
-
What's your suggestion to fix this DHCP lease issue?
