Connect to printer on a different vlan

  • Hi All

    I am pretty new to Pfsense but so far I LOVE the program.

    I am trying to set up a pfsense box at a small school and I am running into some problems with accessing a printer in a different vlan. Here is how my network is setup,

    /–lan1 (admin/anti-lockout)                          | -- vlan 10 (OPT1) Native/trunking
    --[WAN]–[Pfsense]–(trunked port (OPT1-4))--[Cisco 2960]–  -- vlan 20 (OPT2) Staff
                                                                                     | -- vlan 30 (OPT3) Students
                                                                                        -- vlan 40(OPT4) Guest

    I am running the newest version of pfsense (2.0 RC-2 i think)
    I want to from the student network use a printer that is on the staff network but I cant figure out what firewall rules I need to put in so that I can do that.  I am running a Windows 7 workstation and have done the find new printer as well as clicking on printer not found and putting in the IP address manually but nether seem to work.   It is pretty much a clean install and as I have tried different firewall rules and they have not worked I have removed them again (other then the ones that get me to the internet).  I get proper DHCP address on each of the networks and they are set up xx.xx.20-40.xx and the printer has a static ip address outside the DHCP range but within the scope of that subnet.  
    I am pretty new to all of this so any help would be amazing.  If you need any more information that I have not given or need screen shots just ask.

    Thanks in advance!


  • By default only lan has got access to anywhere, and any other ports don't have.

    So you need to create pass rule for opt3 port to allow traffic to printers in opt2 subnet. As a hint use aliases so you can easily figure out what rule does what kind of actions

  • Ok, I have been trying to do different rules but dont think i have them quite right.  Do i put OPT3 in my sources and an alias for my printers as the destination and any for the port.  This rule would be on OPT2.  Does that sound right at all or should I do it by certain ports?

  • If you want to allow traffic from opt3, then you put rule on opt3. so it's working on ingress.

    source is opt3 subnet and destination is your printer alias in other network. Hope this clarifies even a bit. If you're having further problems you should add screenshots to help us to help you

  • That helps a lot for what side to put the rules on thank you. If I still cant get it to work I will put up screen shots.

