One printer, two networks
-
Here's the setup:
There's a printer (fixed ip) on my LAN network.
LAN is allowed on any network.
OPT1 is not allowed on LAN.But I would like users of the OPT1 network to be able to see/use the printer, and only the printer.
I made a firewall rule which has allowed me to connect from the OPT1 network to the printer's embedded server. But the printer can't seem to be found via programs like word or others. What am I doing wrong?So here are my LAN rules:
And here the OPT1 rules:
-
@YannickBon said in One printer, two networks:
But the printer can't seem to be found via programs like word or others. What am I doing wrong?
You add printers at the system level. Word can only see printers that Windows sees. So what happens when you try adding the printer to Windows? What error messages? What is in the firewall block log?
-
@YannickBon Printers and clients connect via ports like these. So being able to see can be different that able to print.
When you said "...see/use...", you might be looking at some of these (some printer-dependent, some client OS-dependent):
TCP 80 (HTTP)
TCP 443 (HTTPS)
UDP 137 (WINS)
UDP 161 (SNMP)
UDP 162 (SNMP Traps)
TCP 515 (LPR/LPD)
TCP 631 (IPP)
TCP 5000 (XML)
TCP 5001 (IPDS)
UDP 5353 (MDNS)
TCP 8000 (HTTP)
TCP 9000 (Telnet)
TCP 9100 (Raw Print)
TCP 9200 (IR Alerts)
UDP 9200 (Discovery)
UDP 9300 (NPAP)
TCP 9400 (Lexmark Print Port)
TCP 9500 (NPAP)
TCP 9600 (IPDS)
UDP 9700 (Plug-n-Print)
TCP 10000 (Telnet)SMB/NMB ports on windows devices, for example, are used to browse not just printers, but things with shares. Some utilize SNMP if available, etc.
If you are using either a domain, or a print server, this is a much easier task. Either of these can be set to only advertise resources you choose, restricting same by users, machines, user groups, or more.
Is the firewall the only tool in your arsenal to do what you need?
-
@KOM said in One printer, two networks:
You add printers at the system level. Word can only see printers that Windows sees.
That's for sure.
But we're mid 2019 now, so, know that this works :
I run a OPT1 network, using firewall rules that forbid direct LAN access, OPT1 is using a captive portal for 'unknow (non trusted) visitors.I run Avahi, harvetsing and publisheding devices on LAN and OPT1.
I have a bunch of Bonjour (AirPrint ?) printers on LAN.
People that look for printers on my OPT1 (captive portal) users can print ..... on any of my printers (who live on LAN).
On an iPhone (that's what I'm using myself), with a tap on the "Printers" button the list with available printers populated, and user can choose ..... it's that easy.If not, install the printer using an IP, add needed firewall rules on OPT1, and you're up and running.
No need to use the old 'SMB' (Windows Network Explorer) tricks.
-
Devices can be found by broadcast on the local subnet, but that won't cross a router. I suspect that you will have to manually add the printer because it can't be found via auto-discovery.