Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    routing from staffwlan to 2 IP's in LAN1

    Scheduled Pinned Locked Moved Firewalling
    routingfirewall
    6 Posts 3 Posters 919 Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • M
      Mozza7
      last edited by

      Hi guys

      I've setup a staffwlan interface(192.168.251.0), guestwlan interface(192.168.252.0), and LAN1(192.168.254.0) - this is setup this way so that all systems are connected to LAN 1, and things like phones or personal laptops connect to staffwlan - this is simply because staff phones and laptops wont/may not have the same protection as company systems.

      Okay, so, we have 2 printers I would like StaffWLAN to access on LAN 1, these being; 192.168.254.201 - .202

      I've setup the following rules;
      0_1541594522524_firefox_2018-11-07_12-41-31.png
      On the StaffWLAN interface, this didn't work.

      I then also setup the following rules on the LAN1 interface;
      0_1541594641220_firefox_2018-11-07_12-43-37.png

      As you can see, I've set it up in 2 different ways here to see if one would make a difference (neither still work)

      Can anybody see what's going wrong here? A ping from 192.168.251.1 to 192.168.254.202/201 sends to the printers, but I receive nothing back - and the printer is Offline when connected to the StaffWLAN

      Hope this is enough information? :)

      1 Reply Last reply Reply Quote 0
      • A
        akuma1x
        last edited by

        You might have to install the Avahi package. It is designed to make cross-subnet/network service discovery (like printing or file sharing) very easy.

        https://www.netgate.com/docs/pfsense/packages/avahi-package.html

        That's probably what's happening here, the printer discovery across your 2 networks is being blocked, even though you've written firewall rules to pass them.

        By the way - I'm assuming your first screenshot of rules is on your STAFFWLAN interface. If I've learned anything from lurking on these forums, it's that rules should be written with all the "blocks" at the top, followed by all the "allows" at the bottom.

        Jeff

        M 1 Reply Last reply Reply Quote 1
        • stephenw10S
          stephenw10 Netgate Administrator
          last edited by

          You only need rules on the STAFFWLAN interface and (assuming that's the first screenshot) those should be OK.

          Can the printers actually respond to ping from outside their own subnet?

          Maybe they have a bad subnet mask or route.

          Steve

          1 Reply Last reply Reply Quote 1
          • M
            Mozza7 @akuma1x
            last edited by

            @akuma1x I'll give that a go! Thanks. Would having the block to LAN 1 above the other rules not stop the staffwlan subnet reaching the printers?
            or does the firewall work in a differennt order to how I thought it does?

            1 Reply Last reply Reply Quote 0
            • M
              Mozza7
              last edited by

              Whoops think I realised my mistake.. we haven't fully moved over to the pfsense yet, thus the printers aren't yet on the network!!! sorry, completely forgot about that

              1 Reply Last reply Reply Quote 0
              • stephenw10S
                stephenw10 Netgate Administrator
                last edited by

                That'll do it! 😉

                1 Reply Last reply Reply Quote 0
                • First post
                  Last post
                Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.