4. routing from staffwlan to 2 IP's in LAN1

routing from staffwlan to 2 IP's in LAN1

  • M

    Hi guys

    I've setup a staffwlan interface(192.168.251.0), guestwlan interface(192.168.252.0), and LAN1(192.168.254.0) - this is setup this way so that all systems are connected to LAN 1, and things like phones or personal laptops connect to staffwlan - this is simply because staff phones and laptops wont/may not have the same protection as company systems.

    Okay, so, we have 2 printers I would like StaffWLAN to access on LAN 1, these being; 192.168.254.201 - .202

    I've setup the following rules;
    0_1541594522524_firefox_2018-11-07_12-41-31.png
    On the StaffWLAN interface, this didn't work.

    I then also setup the following rules on the LAN1 interface;
    0_1541594641220_firefox_2018-11-07_12-43-37.png

    As you can see, I've set it up in 2 different ways here to see if one would make a difference (neither still work)

    Can anybody see what's going wrong here? A ping from 192.168.251.1 to 192.168.254.202/201 sends to the printers, but I receive nothing back - and the printer is Offline when connected to the StaffWLAN

    Hope this is enough information? :)

    0
  • A

    You might have to install the Avahi package. It is designed to make cross-subnet/network service discovery (like printing or file sharing) very easy.

    https://www.netgate.com/docs/pfsense/packages/avahi-package.html

    That's probably what's happening here, the printer discovery across your 2 networks is being blocked, even though you've written firewall rules to pass them.

    By the way - I'm assuming your first screenshot of rules is on your STAFFWLAN interface. If I've learned anything from lurking on these forums, it's that rules should be written with all the "blocks" at the top, followed by all the "allows" at the bottom.

    Jeff

    1
    M
     1 Reply
  • Netgate Administrator

    You only need rules on the STAFFWLAN interface and (assuming that's the first screenshot) those should be OK.

    Can the printers actually respond to ping from outside their own subnet?

    Maybe they have a bad subnet mask or route.

    Steve

    1
  • M

    @akuma1x I'll give that a go! Thanks. Would having the block to LAN 1 above the other rules not stop the staffwlan subnet reaching the printers?
    or does the firewall work in a differennt order to how I thought it does?

    0
  • M

    Whoops think I realised my mistake.. we haven't fully moved over to the pfsense yet, thus the printers aren't yet on the network!!! sorry, completely forgot about that

    0
  • Netgate Administrator

    That'll do it! 😉

    0
firewall 37 routing 34
Log in to reply
 

Products

Services

Support

News

Resources

Company

Our Mission

We provide leading-edge network security at a fair price - regardless of organizational size or network sophistication. We believe that an open-source security model offers disruptive pricing along with the agility required to quickly address emerging threats.

Subscribe to our Newsletter

Product information, software announcements, and special offers. See our newsletter archive for past announcements.

© 2020 Rubicon Communications, LLC | Privacy Policy