Re: [pfSense] Nat between vlans
I will look at this. If not work then I will move the printer to the guest network. Then I have to deal with allowing printer access to smtp and nas server on the corp network which helps to document scanning. Thank you. 30-03-2018 22:22 tarihinde Moshe Katz yazdı: Enabling iOS devices to find a printer on a separate subnet is easy - just install the Avahi package. I have used this in the past, and it works very well. ___ pfSense mailing list https://lists.pfsense.org/mailman/listinfo/list Support the project with Gold! https://pfsense.org/gold
Re: [pfSense] Nat between vlans
That sounds complex for printing. Thank you. 30-03-2018 20:58 tarihinde Raphaël RIGNIER yazdı: Native Access is difficult, as Airprint uses Bonjour Protocol wich works only on the same subnet. Bonjour is Multicast protocol. You'll have to play with filter Rules with advanded "allow ip options" checked and set IGMP proxy correctly. I have never did this on pfsense. The only success I had with multicast routing is with a Linux box and pimd service. It works to deploy Os images via multicast between the server and desktop's subnets. ___ pfSense mailing list https://lists.pfsense.org/mailman/listinfo/list Support the project with Gold! https://pfsense.org/gold
Re: [pfSense] Nat between vlans
There is only one lan port on the printer and primary usage is on the corp network. 30-03-2018 22:14 tarihinde James Ronald yazdı: Yılmaz, Sorry, but why not attach the Airprint to both VLANs? ___ pfSense mailing list https://lists.pfsense.org/mailman/listinfo/list Support the project with Gold! https://pfsense.org/gold
Re: [pfSense] Nat between vlans
Enabling iOS devices to find a printer on a separate subnet is easy - just install the Avahi package. I have used this in the past, and it works very well. Moshe On Fri, Mar 30, 2018, 1:03 PM Yılmaz Bilgili wrote: > Thank you for your reply. Especially IOS devices can not find others if > they are not on the same subnet. This is why I want this way. > > > > 30-03-2018 19:41 tarihinde Steve Yates yazdı: > > Wouldn't it be easier to just create a firewall rule to allow the Guest > VLAN to the printer IP:port? It would be the same thing...they can only > access that IP:port? > > ___ > pfSense mailing list > https://lists.pfsense.org/mailman/listinfo/list > Support the project with Gold! https://pfsense.org/gold ___ pfSense mailing list https://lists.pfsense.org/mailman/listinfo/list Support the project with Gold! https://pfsense.org/gold
Re: [pfSense] Nat between vlans
Yılmaz, Sorry, but why not attach the Airprint to both VLANs? - Jim Regards, *James Ronald* Drew Technologies, Inc. 3915 Research Park Dr Ste 10A Ann Arbor, MI 48108 734-222-5228 x617 www.drewtech.com On Fri, Mar 30, 2018 at 1:58 PM, Raphaël RIGNIER wrote: > Le 30/03/2018 à 19:03, Yılmaz Bilgili a écrit : > >> Thank you for your reply. Especially IOS devices can not find others if >> they are not on the same subnet. This is why I want this way. >> >> > Native Access is difficult, as Airprint uses Bonjour Protocol wich works > only on the same subnet. > Bonjour is Multicast protocol. You'll have to play with filter Rules with > advanded "allow ip options" checked and set IGMP proxy correctly. I have > never did this on pfsense. > > The only success I had with multicast routing is with a Linux box and pimd > service. It works to deploy Os images via multicast between the server and > desktop's subnets. > > -- > > ___ > pfSense mailing list > https://lists.pfsense.org/mailman/listinfo/list > Support the project with Gold! https://pfsense.org/gold > ___ pfSense mailing list https://lists.pfsense.org/mailman/listinfo/list Support the project with Gold! https://pfsense.org/gold
Re: [pfSense] Nat between vlans
Le 30/03/2018 à 19:03, Yılmaz Bilgili a écrit : Thank you for your reply. Especially IOS devices can not find others if they are not on the same subnet. This is why I want this way. Native Access is difficult, as Airprint uses Bonjour Protocol wich works only on the same subnet. Bonjour is Multicast protocol. You'll have to play with filter Rules with advanded "allow ip options" checked and set IGMP proxy correctly. I have never did this on pfsense. The only success I had with multicast routing is with a Linux box and pimd service. It works to deploy Os images via multicast between the server and desktop's subnets. -- ___ pfSense mailing list https://lists.pfsense.org/mailman/listinfo/list Support the project with Gold! https://pfsense.org/gold
Re: [pfSense] Nat between vlans
Thank you for your reply. Especially IOS devices can not find others if they are not on the same subnet. This is why I want this way. 30-03-2018 19:41 tarihinde Steve Yates yazdı: Wouldn't it be easier to just create a firewall rule to allow the Guest VLAN to the printer IP:port? It would be the same thing...they can only access that IP:port? ___ pfSense mailing list https://lists.pfsense.org/mailman/listinfo/list Support the project with Gold! https://pfsense.org/gold
Re: [pfSense] Nat between vlans
I have created a similar network and this is exactly what I do. Not translating addresses greatly simplifies any DNS configuration where you give names to all of your devices, too. On 03/30/2018 12:41 PM, Steve Yates wrote: > Wouldn't it be easier to just create a firewall rule to allow the Guest VLAN > to the printer IP:port? It would be the same thing...they can only access > that IP:port? > > -- > > Steve Yates > ITS, Inc. > > -Original Message- > From: List On Behalf Of Yilmaz Bilgili > Sent: Friday, March 30, 2018 10:33 AM > To: list@lists.pfsense.org > Subject: [pfSense] Nat between vlans > > Dear all, > > I have a multi vlan setup and I want to give access to my printer on > corp vlan from guest vlan. There is no access from guest vlan to corp > vlan at the moment (and will never be). Can I use an IP address from > guest vlan and nat it to printer's IP address on the corp network? My > box is an up to date 2.4.2. > > Thanks in advance. > > Best regards. ___ pfSense mailing list https://lists.pfsense.org/mailman/listinfo/list Support the project with Gold! https://pfsense.org/gold
Re: [pfSense] Nat between vlans
Wouldn't it be easier to just create a firewall rule to allow the Guest VLAN to the printer IP:port? It would be the same thing...they can only access that IP:port? -- Steve Yates ITS, Inc. -Original Message- From: List On Behalf Of Yilmaz Bilgili Sent: Friday, March 30, 2018 10:33 AM To: list@lists.pfsense.org Subject: [pfSense] Nat between vlans Dear all, I have a multi vlan setup and I want to give access to my printer on corp vlan from guest vlan. There is no access from guest vlan to corp vlan at the moment (and will never be). Can I use an IP address from guest vlan and nat it to printer's IP address on the corp network? My box is an up to date 2.4.2. Thanks in advance. Best regards. ___ pfSense mailing list https://lists.pfsense.org/mailman/listinfo/list Support the project with Gold! https://pfsense.org/gold ___ pfSense mailing list https://lists.pfsense.org/mailman/listinfo/list Support the project with Gold! https://pfsense.org/gold
[pfSense] Nat between vlans
Dear all, I have a multi vlan setup and I want to give access to my printer on corp vlan from guest vlan. There is no access from guest vlan to corp vlan at the moment (and will never be). Can I use an IP address from guest vlan and nat it to printer's IP address on the corp network? My box is an up to date 2.4.2. Thanks in advance. Best regards. ___ pfSense mailing list https://lists.pfsense.org/mailman/listinfo/list Support the project with Gold! https://pfsense.org/gold
