4. Subnet printing

Subnet printing

  • K

    Hello all

    I know this is not the first question about printing in different subnets but i couldn't find an answer that fits my needs.

    I have a PfSense firewall/router in a public elementary school. I have 3 subnets there.
    And a VPN connection ( remote workers).

    No issues at all... except printing....
    I have a general LAN ( LAN 2) classes and teachers, and a LAN ( LAN3) on administration ( principal,...)
    And one LAN ( LAN1) for visitors ( we have a conference hall/room we rent out).
    On the LAN for administration we have a RICOH copier printing machine ( new).
    From LAN 2 ( teachers and students) i can ping the RICOH and can acces the webpage ( on IP adres).
    But i'm not able to print.. couldt find printer is the error we get.
    Tried it from Apple machine, Windows machine...
    sinsce i couldt print but able to ping and acces the webpage of the printer i don't think it is a firewall issue..
    Even made a rule for the port (9100).. but no luck there...

    When i try to print, i see the printtask is being send, i even see the print job on the printer( taskhistory on the webpage of the printer) .. but is doesnt start to print. after a minute or so i get the error...
    When i check my laptops config page and take a look on the printers, is see the RICOH, i can acces the config, ...

    I even tried to make a change on the printer, i made the gateway the firewalls gateway, the interface gateway.. no luck.

    Still able to ping, still able to acces webpage, but not able to print..
    I even see the printjob on the printer task history.. but always with the status "processing"
    strange problem...
    Can anyone help?
    Thanks in advance!

    0
  • Netgate Administrator

    The common problem with this is 'discovering' the printer in the first place. The operating system will try to find it on the same subnet initially and it can be frustratingly difficult to just tell it where the printer is.
    However that doesn't appear to be the case here. Your clients have the printer setup and are able to send print jobs to it. The printer is even able to see those. It appears pfSense must be allowing that traffic.
    I would check the firewall logs for any other traffic to the printer IP that may be being blocked. You might also try a packet capture to be sure. If you have added your own block rules on LAN2 they may not have logging enabled which could be hiding that blocked traffic.

    Steve

    0
  • LAYER 8 Rebel Alliance

    We have hundreds different RICOH machines like MP C3002, always printing across subnets without any issue.
    ATM we have a lot Users sending printjobs from the homeoffice via OpenVPN, no problems.
    Show your settings...

    -Rico

    0
  • K

    Hi all
    thanks for the info.

    I could do a packat capture.. and see wajts the outcome.
    Already checked the logs but did'nt see anything. i will check again on those interfaces.

    I tried to do a print job from home ( over OpenVPN) and that worked!!
    the subnet for OpenVPN is in another range than the other LAN's .. and over that interface it worked ...
    but inside the school from one subnet to antoher it doesnt work... strange ..
    @Rico : what settings do you want to see?
    did you have to configure other settings to make the printers work over different subnets?
    maybe it could be a Gdata anti virus problem? any guesses?
    From home i have another Anti virus software. And i can perform a print job over OpenVPN.
    The principal has an laptop from school, with the same anti virus software from school and can't print over VPN....

    thanks again
    kind regards
    Kevin

    0
  • Netgate Administrator

    What subnets are you using on those interfaces? It sounds like you have a conflict somewhere perhaps.

    That can certain;y explain why some clients can print over VPN and others can't. The local subnet to each client is probably different.

    Steve

    0
  • K

    Hi Stephen,

    The Vlan is in the range of 192.168.70.0/24
    the others are :
    192.168.20.0/24
    192.168.0.0/24
    and 192.168.30.0/24

    Ricoh is on the 30.0/24 range/subnet
    Later this week i will try to do a packet capture and dive again in to the firewall logs when i perform a print job..

    Kevin

    0
  • Netgate Administrator

    @KDL said in Subnet printing:

    192.168.0.0/24

    That's the only subnet likely to conflict there then. The 192.168.30.0/24 subnet would be very unlikely to.

    Steve

    0
  • K

    Update :
    It is actualy
    192.168.0.1 , 192.168.20.1 and 192.168.30.1
    OpenVPN is 192.168.70.1

    0
  • Netgate Administrator

    Still should conflict with 192.168.30.0/24 where the printer is.

    Also it would be an all-or-nothing type deal. If you can connect at all to the printer it is not a conflict.

    Steve

    0
Log in to reply
 

Products

Services

Support

News

Resources

Company

Our Mission

We provide leading-edge network security at a fair price - regardless of organizational size or network sophistication. We believe that an open-source security model offers disruptive pricing along with the agility required to quickly address emerging threats.

Subscribe to our Newsletter

Product information, software announcements, and special offers. See our newsletter archive for past announcements.

© 2020 Rubicon Communications, LLC | Privacy Policy