Need help with Canon MX920 across subnets but post is forbidden
-
I know this is a very specific question, but hoping someone has experience.
I have a Canon MX920 printer (it's a relatively new multi-function inkjet Canon printer). I'm using a "mini-pc" with 4 2.5 gbps Ethernet ports to run pfSense.
I prefer to have the printer (and some other devices) and my PC (and some other devices) connected to two different ports on the pfSense box. This way they can take advantage of the 2.5 gbps ports. The only separate hardware switches I have (ATM) are gigabit only. That said, I see it's recommended that I don't "bridge" the ports, that I instead set them up as different subnets.
The issue is that once the PC and the printer are on different subnets, the Canon printer driver no longer functions - it's unable to find the printer.
I tried installing the avahi package, as that supposedly would "reflect" the UDP broadcasts across both networks. However, after enabling that for the two ports in question, the installer still could not find the printer.
I then tried specifically whitelisting the UDP ports 5353 on destination 224.0.0.251 and 1900 on destination 239.255.255.250 after seeing some notes on various threads. This still did not solve the issue.
Finally, I tried installing the "udpbroadcastrelay" package and starting that for both of the IPs/ports above, instead of using avahi, but it still did not solve the issue.
As a last resort, I went back to connecting the printer and PC to the same port on the pfSense box. This is not ideal, since it will limit the connection to gigabit due to the switch I need to use (I have gig+ on WAN).
Does anyone have any experience with getting the Canon printer to work across subnets, specifically with pfSense? Or any suggestions on analysis I can do to try to figure out what firewall rule or UDP broadcast relay package/settings I need to use?
Thanks!
-
This post is deleted! -
@rkubes Sounds like you need a firewall rule to allow the PC to access the subnet and port the printer is on.
-
@nollipfsense thanks. To rule out firewall issues during testing, I opened and any/any/any rule between the PC and Printer on both interfaces. That didn't solve it. There were also no blocks between the devices reported in the firewall logs.
-
@rkubes Any reason why you cannot have the printer on the same network as the PC using a dumb or smart switch? It seems that the two devices are on different layer of communicating.
-
@nollipfsense that's how they're configured for now, but as noted that puts them on a 1gbps switch. I'd want to take advantage of the 2.5 gbps ports on the pfsense device, particularly for the PC without having to invest in a 2.5gbps switch at the moment.
The issue is that some of the communication between the printer and PC are UDP broadcasts that of course don't jump between the two subnets, and there doesn't seem to be a way to make then do so - or at least I haven't figured it out yet.
Eventually I'll need to solve this, as I want to separate my work/office PC from my personal devices (different subnet), but still want the work PC to be able to print.
-
@rkubes said in Need help with Canon MX920 across subnets but post is forbidden:
I want to separate my work/office PC from my personal devices (different subnet)
You could put work/office PC on a DMZ: https://www.netgate.com/resources/videos-creating-a-dmz-on-pfsense
-
@nollipfsense that's almost what I was doing anyway, but then that again gets the printer on a different subnet from the PC, which puts the barrier between the UDP communication, which would make the printer not function.
That said, I think I may have figured out that the Canon driver potentially is only using UDP broadcast to initially find the printer if it's IP address is changed or it's a new installation. So, if I assign the printer a static IP on its network, and I temporarily move devices that need to print to it to the same network just for the driver install, then I can move the devices back to other subnets on the overall network and maintain functionality.
I'll have to test this through a few reboots and several days to confirm it does indeed work, that would suffice for now. I may eventually try to figure out which UDP ports I need to relay to get the Canon drivers to work without having to move devices around between the networks, if it becomes more problematic and this workaround doesn't hold.