are both pfSense A and pfSense B on the same subnet? such that pfSense A is the default gateway for clients, but pfSense B is how they have to get to the printer? if this is the case, and both firewalls are on the same subnet, you're going to have issues. the A firewall will forward the packets to the B firewall, then fire back an ICMP redirect to the originating host. who will no doubt ignore it. if it's TCP traffic, this can often break things since the response may get lost in asymmetric routing, resulting in any number of fun things like TTL timeouts, hitting the wrong interface on a firewall, etc.
On Wed, Oct 23, 2013 at 12:03 PM, <[email protected]> wrote: > I have an issue with printing that I'm hoping you might be able to help > with please. Many thanks in advance. > > 'pfSense A' is the default gateway. It has this configuration: > > - System -> Advanced -> Firewall / NAT -> [*] Bypass firewall rules for > traffic on the same interface > > - System -> Routing -> destination network x.x.x.x (a private address > space) is reached via gateway 'pfsense B' > > 'pfSense B' is a second router on the intranet, it is only intended for > routing to another intranet and the shared printer there. > > Printing with the main gateway 'pfSense A' in place, and 'pfSense B', and > a switch, is broken, which I'll describe below. > Printing from through just 'pfSense B' and a switch, works fine. > This leads me to believe the issue is something to do with 'pfSense A', or > something about the fact that because traffic has first been routed via > 'pfSense A', that 'pfSense B' or the printer has an issue with that. > I have firewall rules in place on 'pfSense B' for dealing with the printer > but I'll not describe them (unless you need me to) because printing works > fine through just 'pfsense B'. > > The issue is that when Windows XP workstations print, sometimes printing > is OK, but mostly multiple copies of the job appear in the printer's > queue, with error code 'NG, end code 857' [1], and the job eventually > prints but only after a great deal of time like 20 minutes. > Perhaps the job is being re-sent multiple times and that's why it appears > multiple times in the queue. > > I've seen the same issue with both Canon iRC3080i and Canon IR ADV C2230i. > > [1] "Data reception timed out, or the job was cancelled at the host. Check > that the network is functioning properly, and then try printing again." > > Any thoughts? > Thanks > > -- > Pete Boyd > > Open Plan IT - http://openplanit.co.uk > The Golden Ear - http://thegoldenear.org > > > _______________________________________________ > List mailing list > [email protected] > http://lists.pfsense.org/mailman/listinfo/list >
_______________________________________________ List mailing list [email protected] http://lists.pfsense.org/mailman/listinfo/list
