allow LAN clients to "see" OPT1 printer

  • I need to setup wireless printing in rural libraries with only one printer. Docs about AirPrint, google Cloud print, etc. indicate that the printer needs to be on the same network as the wifi clients. Currently the printer is on the LAN network. It would be easier for me to put the printer on the OPT1 network and make a NAT rule so that when the LAN clients print to a LAN address the print job would automatically go to the printer. If I can't do that I will have to manually change printer ports on every desktop in each of 8 branches, 140 total.
    Is it possible to make a NAT rule so that I don't have to change the printer settings on each wired computer? If not does anyone with experience with wireless printing have another way to do this?

  • @trombone

    If the printer is not on the same subnet, it will not be visible to users. In that case, they have to configure the printer. This is because Windows relies on broadcasts to advertise those printers, but broadcasts do not pass through routers.

  • @JKnott
    Configuring is what I was hoping to avoid. I was hoping there was a way to avoid it with NAT but I know very little about it. I was hoping someone might know a way to allow the LAN devices to keep printing to what was already configured and have the firewall get it to the printer.

  • @trombone I'm assuming that these wireless printers also have USB ports, right? If so, but it is considered networking taboo, you "could" add a USB network adapter and run the printer on 2 networks at the same time - LAN and OPT1.

    You would have to run actual network cable to this USB print server box thing, but that's not the end of the world.


  • @akuma1x
    thanks. I am going to wait to see any other suggestions that might show up and then I will probably start the slow process of changing the printer address and then changing all the printer settings on all the computers. I appreciate your replying and your idea.

  • @trombone There are only a couple options, one of which @JKnott talked about above, to get printing to work like this at the firewall level.

    1. keep printers on the SAME subnet where they will be used the most

    2. assign the printer a STATIC IP address, then use a firewall rule from your LAN network to your OPT network, for this specific printer traffic.

    3. There's plugins called Avahi and/or pimd, but I'm not sure they support printing like this.

    For option 2, the printer has to have a static IP address, and you have to setup the printer in the COMPUTER to print to this static IP address. It's not the "simple" way of adding a printer, but a couple of additional steps, but not too bad. I think that's the leg-work you are fretting and don't necessarily want to do. But, that's it, that's all that can be done on the firewall.


  • @akuma1x You nailed it Jeff. 140 computers scattered over 8 locations in 3 counties. It is doable but I wanted to avoid it if I could.

  • @trombone Do you have access to these computers, or do you have to do physical access and get into the car and drive to these locations?

    If you can access them, like thru a VPN or something, yeah, it's gonna suck, but you could do it. Not saying it's gonna be fun, however...


  • LAYER 8 Global Moderator

    The easiest solution and better in my opinion is if your wanting wifi clients to use airprint to get to the printer for example.. Then put the printer on that network.

    Wired clients are normally things that run actual OSes and support adding printers by IP, etc

    Wireless devices are normally stuff outside your control - users tablet or phone, which can be problematic setting a printer IP, etc. And rely on discovery.

    Out of the box the lan rules would allow printing to the printer, since default is any any. If you have adjusted that, and you move the printer to different network - then yeah you would have to make sure you rules allow for access to the printer IP and protocol your using for printing.

    Im not a fan of allowing discovery protocols across L2 boundaries. So yeah moving the printer to the L2 where discovery will be used is better option.

  • Or, I might have the BEST suggestion... :) LOL

    Buy another low-cost network printer, specifically for the OPT networks, and let those guests have at it. How much is your time worth? Here's a network laser printer for $149 US at Amazon.


  • Jeff. Yep. I have to go in person. they are mainly public access computers and I have to login to admin, unlock non admin local group policy, log into public, set as default, login to admin and re-lock the group policy.
    johnpoz. I think what you are saying is correct. I haven't tried it yet but it sounds like the printers need to be in the wired network with the wifi and of course the LAN users can access the OPT1 printer once they are setup to do so.

  • @akuma1x I like that idea! Now if my boss would come up with eight times $150.

  • @trombone said in allow LAN clients to "see" OPT1 printer:

    @akuma1x I like that idea! Now if my boss would come up with eight times $150.

    Give us the phone number, we'll give him/her a call... :)


Log in to reply