Issues printing/accessing webgui on different subnets
-
I have the same issue, up to now been looking for answer to this issue. Client is in another VLAN printing in another VLAN . Printer seem to think and then hung up , the print does not come out. Anybody here would like to help us on this.
I am suing 2.1.1 PFSense now and the configuration is SQUID using transparent mode patch with Captive portal. Hope someone could shed a light
-
Nothing in the logs?
You are running Squid and captive portal on both VLANs? Have you tried disabling them?
The next step would be to run a packet capture to determine what's happening.Steve
-
I made some adjustment, I disable automatic outbound NAT and made a mapping to 0.0.0.0/0 subnet and printing now works without error, however captive portal is not redirecting to the authentication page.Can you share some thoughts about this
-
Could you clarify exactly where and what your new NAT mapping is? Perhaps a screenshot?
It sounds like you've managed to by-pass the captive portal somehow. It's not obvious how you've done that though. I don't use the captive portal but last time I checked it's the one element of pfSense that uses IPFW and operates at layer 2.
Steve
-
To give you a brief overview of my network, i have 6 VLAN. All VLAN is routed on a cisco router going to my IPLC. Internet is under my Fortigate Firewall. PFSense function as proxy and Captive portal for all VLAN.
PFSense in VLAN is working well however, i have issues when it comes to printing. When I try to connect to a print server the connection fail. So what I did is modified the outbound NAT (** Please see image attached), and now printing works well without any issues. But then again I have another issue Captive portal is not redirecting to authentication page to all those who do not have access on the internet. I am using a voucher to give access on the internet for all the guest and for VIP I have their mac encoded on pass through. Can you share your thoughts on how can i effectively use PFSense portal without any issues on printing and authentication page.** forgot to mention I don't have any filter rules I have any any access for all the interfaces and VLAN
![Outbound NAT.jpg](/public/imported_attachments/1/Outbound NAT.jpg)
![Outbound NAT.jpg_thumb](/public/imported_attachments/1/Outbound NAT.jpg_thumb) -
Ok, so you have a WAN interface and 6 internal VLAN interfaces? Are the internal interfaces using separate private subnets? Are you running DHCP?
You have added a very wide range NAT rule that NATs everything to WAN. However that shouldn't make any difference to traffic between internal interfaces. I assume you are printing between two internal VLAN interfaces?
Steve
-
yes you are right 1 wan interface and 6 vlans, i am printing in between vlans. Doing the config for outbound NAT make me print. However if i do a manual outbound NAT redirection of authentication page when an authenticated client fire his browser the captive portal auth page don't show up.
DHCP is coming from a windows server, i just use an ip helper address on the switch. Each VLAN has its own internal private addresses .
If there is no PFSense or Captive portal in between I can print without any issues.
What do you think seems to be the problem
-
i hope someone could help me on this
-
Hmm, yes it's hard to know quite what happened here.
Normally you would have individual NAT rules for each of your internal subnets. What rules do you get if you go back to 'automatic outbound NAT' and then back to manual such that it fills in the required rules automatically?It seems as thougb you have by-passed the captive portal but I'm not sure how. Perhaps by NATing everything you are including self assigned addresses. :-\
Do you have only the one system gateway, the WAN gateway?
Is the Windows DHCP server handing out the pfSense interface addresses as the gateway for it's clients?
When print sharing wasn't working were you able to connect between subnets in other ways?
Steve
-
No i did not bypass Captive portal, Captive portal is working however page for authentication is missing. I test it by removing my mac address in the list and i was not able to go to the internet and when i put my mac again then i can surf the net.
On gateway, I have multiple gateway for vlan but not all of them are under PFSense Vlan IP. For my test I am using pfsense as gateway so I can use captive portal, again if i use pfsense as gateway my printing does not work.
on DHCP yes windows handle all the IP connecting to Pfsense, and I think this is not DHCP issue.
When printing is not working I can reach all vlan without any problem.