Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Connect to a printer in DMZ

    Scheduled Pinned Locked Moved Firewalling
    4 Posts 2 Posters 941 Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • P
      Paun
      last edited by Paun

      In the company network on PfSense there are Interfaces for WAN, LAN, DMZ, VoIP. There is no communication between them but I want to enable some computers from LAN (10.0.0.x) to be able to use one printer in the DMZ (192.168.30.x).
      I have tried to make one rule in LAN that would go from LAN to the specific IP address of the printer with port 9100, but this rule didn't work. Apparently I didn't do something right.

      Rules in The LAN are by default 1) allow LAN to any 2) one rule any to LAN address with opened ports 443,80,22
      In DMZ one rule that opens everything except toward the LAN. These rules were set up when I came so they told me it should not be changed.
      I need a help for rule that well allow to connect some computers with the printer.

      johnpozJ 1 Reply Last reply Reply Quote 0
      • johnpozJ
        johnpoz LAYER 8 Global Moderator @Paun
        last edited by johnpoz

        @paun Or what is common with printers, is they do not have a gateway.. Without a gateway you can not talk to them from another network.

        You would either need to setup a gateway on the printer, and or do source natting.

        9100 is a common printer port.. But its possible your printer is using something else, there are other printing protocols on different ports.

        I take it you edited the default lan rule of any any - or if your printer had a gateway you would be able to talk to it on any port. Other thing might be if your forcing traffic out a gateway on your lan rules.

        An intelligent man is sometimes forced to be drunk to spend time with his fools
        If you get confused: Listen to the Music Play
        Please don't Chat/PM me for help, unless mod related
        SG-4860 24.11 | Lab VMs 2.7.2, 24.11

        1 Reply Last reply Reply Quote 1
        • P
          Paun
          last edited by Paun

          So you think I should NAT the printer's address on one network (inside) to the other IP on the second network (outside)? No idea. Maybe al just speaking stupidities

          johnpozJ 1 Reply Last reply Reply Quote 0
          • johnpozJ
            johnpoz LAYER 8 Global Moderator @Paun
            last edited by

            @paun if your printer doesn't have a gateway, then you can either add a gateway to the printer - or you can source nat it. This would be an outbound nat on your printers interface. destination would be the printers IP/32 and source would be either all of lan, or just the people IPs you want to be able to print to that printer.

            That is if your rule is any any on your lan, or you sure your using 9100 on your printer? Or your not forcing traffic out some gateway like your wan dhcp or vpn, etc.

            An intelligent man is sometimes forced to be drunk to spend time with his fools
            If you get confused: Listen to the Music Play
            Please don't Chat/PM me for help, unless mod related
            SG-4860 24.11 | Lab VMs 2.7.2, 24.11

            1 Reply Last reply Reply Quote 0
            • First post
              Last post
            Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.