Share files and printers



  • ok have all interfaces up and running can see net and browse,

    setup 5 nics
    wan –> internet static ip
    lan -->192.168.0.0/24
    subnet172 -->172.16.0.0/24
    kidssubnet -->192.168.5.0/24
    wifi --> 192.168.6.0/24

    on lan interface have 2 printers attached to machines.
    samsung running on ubuntu @ ip 192.168.0.130
    brother running on ubuntu server @ ip 192.168.0.100
    everyone on the lan can print to both printers
    on the kids and wifi can't print or access files on ubuntu server
    rules for lan

    • LAN net * * * * none
    • LAN net * WIFI net * * none
      ICMP * * LAN net * * none   allow ping firewall pfsense_AP

    rules for kidssubnet

    • KIDSSUBNET net * * * * none   allow to all other interfaces

    rules for wifi

    • WIFI net * * * * none   allow clients on AP to access clietns on lan and wan
      • WIFI net * * none   allow ping firewall pfsense_AP

    i don't want the wifi and kidssubnet access to all just 2 ips the printers and the server

    so this is what i think should work
    under kidssubnet the rules would be

    • KIDSSUBNET net * 192.168.0.130 * * none   allow to samsung printer 
      KIDSSUBNET net * 192.168.0.100 * * none   allow access to printer and file server

    and repeat for wifi

    and in the lan interface have these
    KIDSSUBNET net * 192.168.0.100 * * none   allow access to printer and file server 
    KIDSSUBNET net * 192.168.0.130 * * none   allow to samsung printer 
    any input if  i got the right idea would be great
    thanks



  • What you use to share those printers in ubuntu? what is in those conf-files? does those confs allow which subnets?

    Maybe this question had to split into ubuntu and pfsense forums. ubuntu print sharing, pfsense port opening.
    So what is the software to share those printers in lan? so there we could get the port number to open up as an example cups uses tcp:631



  • Since the printers are attached to PC's and not network IP based printers I would think you might have to either bridge the subnets in PFsense or modify the hosts file on the kids PC's so those PC's know where the server and print share PC's are.



  • @Metu69salemi:

    What you use to share those printers in ubuntu? what is in those conf-files? does those confs allow which subnets?

    Maybe this question had to split into ubuntu and pfsense forums. ubuntu print sharing, pfsense port opening.
    So what is the software to share those printers in lan? so there we could get the port number to open up as an example cups uses tcp:631

    cups server on both machines running standard 631 port



  • What else you run? smb?



  • @Metu69salemi:

    What else you run? smb?

    NFS file shares
    on the same 2 machines that share printers
    And twonky media server on 192.168.0.100



  • Do you have any firewalls in those ubuntu machines?
    Here is quote from this site

    Allow only traffic from authorised NFS clients to the NFS server (on server)

    Supposing that an NFS server only provides the NFS service but nothing else so there are three ports available to use on the server, i.e., RPC Portmapper (on port 111), NFS (on port 2049), and Mountd (on port 2219). Here we can do some filtering on traffic that goes to the NFS server. Through the iptables firewall running locally on the NFS server (you must install iptables to use the following commands), allow only traffic from any authorised NFS client to the server. Allow traffic from an authorised subnet 10.226.43.0/24 to the ports Portmapper, NFS, and Mountd.
    #iptables -A INPUT -i eth0 -s 10.226.43.0/24 -dport 111 -j ACCEPT
    #iptables -A INPUT -i eth0 -s 10.226.43.0/24 -dport 2049 -j ACCEPT
    #iptables -A INPUT -i eth0 -s 10.226.43.0/24 -dport 2219 -j ACCEPT

    So for nfs you should allow tcp ports: 111, 2049 and 2219. If you also use dns port 53 should be open and even udp easys a little (TCP dns query works, but it's slower)



  • so my rule would be in the lan interface

    TCP KIDSSUBNET net * 192.168.0.100 111 * none   allow access to file server 
    TCP KIDSSUBNET net * 192.168.0.100 2049 * none   allow access to file server 
    TCP KIDSSUBNET net * 192.168.0.100 2219 * none   allow access to file server

    TCP wifi net * 192.168.0.100 111 * none   allow access to file server 
    TCP wifi net * 192.168.0.100 2049 * none   allow access to file server
    TCP wifi net * 192.168.0.100 2219 * none   allow access to file server 
    probley create a alias with both server ips
    would this be right !



  • Almost right.. pfsense works in ingress. So if you want to allow traffic from kidssubnet to lan, you'll need to create that rule in kidssubnet interface.

    and to ease up, you can create two aliases:
    port alias with following: 111, 631, 2049 & 2219
    host alias with both server ip's

    and then create rule
    tcp/udp    !!THAT INTERFACE WHERE YOU WANT TO ALLOW TRAFFIC!! * ServerAlias PortAlias * none NFS/CUPS traffic

    And if that wont work i'll give up, cause i've nothing else on my sleeves to get this work, except checking linux configs



  • i got to get pfsense works in ingress in my head and i think i should be able to figure the rest of filtering out
    thanks Again
    created to alias nfsports with the 4 ports
    and created fileservers with the serverips
    hope this works got it setup and will try it, see what  happens



  • I'm also having problems allowing access to standard file and printer sharing on a 2 LAN 2 Gateway setup..

    any help would be appreciated.



  • You're not telling important info, what kind of printer sharing etc



  • @pcboarders:

    i got to get pfsense works in ingress in my head and i think i should be able to figure the rest of filtering out
    thanks Again
    created to alias nfsports with the 4 ports
    and created fileservers with the serverips
    hope this works got it setup and will try it, see what  happens

    seems to work for all printers and files that are ubuntu based (nfs)
    samba is having a canary re-configuring samba to see if that works


Locked