Need help with firewall rule
-
Hi, I'm a bit rusty with networking and I have a couple of computers on my local LAN which is 192.168.1.x. I recently got a new wireless router and it is providing IP addresses to all of my wireless devices (home) on 192.168.50.x. I have a new printer that is connected to the wireless router which has an IP address of 192.168.50.96.
My question is how can I allow my computers on the 192.168.1.x network to access the printer with it's 192.168.50.96 address?
-
Sounds like you may be double NAT'd.
- pfSense has no clue the 192.168.50.x network exists because the wireless router translates it to 192.168.1.x
- The wireless router translates all 192.168.50.x traffic to whatever its 192.168.1.x address is and passes this to pfsense to handle.
You should put the new wireless router into access-point mode so pfsense handles handing out a 192.168.1.x IP address to it and the wireless devices connected to it.
If you must keep the 192.168.50.1 network you could create a 192.168.50.x VLAN or 192.168.50.x interface on port the wireless router is plugged. But you will still need to set the wireless router to access-point mode.
If that is not an option you will need to create a NAT firewall rule to to route traffic going to the printer thru the interface the wireless router is connected to. Along with a regular firewall rule allowing the 192.168.1.x devices/network to reach the 192.168.50.x printer. Finally you need to make it so the wireless router allows traffic from pfsense (192.168.1.x) destined for the printer to pass thru it and to the (192.168.50.x) printer.
-
@hieroglyph Thanks for the reply. One thing I forgot to mention is that the wireless is connected to pfSense. The 192.168.50.x network is actually the guest network I have enabled on the wireless router. I wanted to keep all wireless devices separated from my 192.168.1.x network.
-
Easiest Option (in my opinion): You make pfsense the DHCP server for the 192.168.50.x interface (the interface the wireless router is plugged into). You turn off the firewall/routing capability of the wireless router essentially making it an access point. Then you can create a firewall rule on the 192.168.1.x interface to allow devices access to the printer. Then you create a firewall rule on the 192.168.50.x interface to only allow internet access.
-
Thanks for your help. I'm all set now.