Discussion:
[pfSense] Nat between vlans
Steve Yates
2018-03-30 16:41:37 UTC
Permalink
Wouldn't it be easier to just create a firewall rule to allow the Guest VLAN to the printer IP:port? It would be the same thing...they can only access that IP:port?

--

Steve Yates
ITS, Inc.

-----Original Message-----
From: List <list-***@lists.pfsense.org> On Behalf Of Yilmaz Bilgili
Sent: Friday, March 30, 2018 10:33 AM
To: ***@lists.pfsense.org
Subject: [pfSense] Nat between vlans

Dear all,

I have a multi vlan setup and I want to give access to my printer on
corp vlan from guest vlan. There is no access from guest vlan to corp
vlan at the moment (and will never be). Can I use an IP address from
guest vlan and nat it to printer's IP address on the corp network? My
box is an up to date 2.4.2.

Thanks in advance.

Best regards.

_______________________________________________
pfSense mailing list
https://lists.pfsense.org/mailman/listinfo/list
Support the project with Gold! https://pfsense.org/gold
Kyle Marek
2018-03-30 16:54:54 UTC
Permalink
I have created a similar network and this is exactly what I do. Not
translating addresses greatly simplifies any DNS configuration where you
give names to all of your devices, too.
Post by Steve Yates
Wouldn't it be easier to just create a firewall rule to allow the Guest VLAN to the printer IP:port? It would be the same thing...they can only access that IP:port?
--
Steve Yates
ITS, Inc.
-----Original Message-----
Sent: Friday, March 30, 2018 10:33 AM
Subject: [pfSense] Nat between vlans
Dear all,
I have a multi vlan setup and I want to give access to my printer on
corp vlan from guest vlan. There is no access from guest vlan to corp
vlan at the moment (and will never be). Can I use an IP address from
guest vlan and nat it to printer's IP address on the corp network? My
box is an up to date 2.4.2.
Thanks in advance.
Best regards.
Raphaël RIGNIER
2018-03-30 17:58:07 UTC
Permalink
Thank you for your reply. Especially IOS devices can not find others
if they are not on the same subnet. This is why I want this way.
Native Access is difficult, as Airprint uses Bonjour Protocol wich works
only on the same subnet.
Bonjour is Multicast protocol. You'll have to play with filter Rules
with advanded "allow ip options" checked and set IGMP proxy correctly. I
have never did this on pfsense.

The only success I had with multicast routing is with a Linux box and
pimd service. It works to deploy Os images via multicast between the
server and desktop's subnets.

--
James Ronald
2018-03-30 19:14:06 UTC
Permalink
Yılmaz,

Sorry, but why not attach the Airprint to both VLANs?

- Jim

Regards,

*James Ronald*
Drew Technologies, Inc.
3915 Research Park Dr Ste 10A
Ann Arbor, MI 48108
734-222-5228 x617
www.drewtech.com
Post by Raphaël RIGNIER
Thank you for your reply. Especially IOS devices can not find others if
they are not on the same subnet. This is why I want this way.
Native Access is difficult, as Airprint uses Bonjour Protocol wich works
only on the same subnet.
Bonjour is Multicast protocol. You'll have to play with filter Rules with
advanded "allow ip options" checked and set IGMP proxy correctly. I have
never did this on pfsense.
The only success I had with multicast routing is with a Linux box and pimd
service. It works to deploy Os images via multicast between the server and
desktop's subnets.
--
_______________________________________________
pfSense mailing list
https://lists.pfsense.org/mailman/listinfo/list
Support the project with Gold! https://pfsense.org/gold
Moshe Katz
2018-03-30 19:22:21 UTC
Permalink
Enabling iOS devices to find a printer on a separate subnet is easy - just
install the Avahi package. I have used this in the past, and it works very
well.

Moshe
Thank you for your reply. Especially IOS devices can not find others if
they are not on the same subnet. This is why I want this way.
Post by Steve Yates
Wouldn't it be easier to just create a firewall rule to allow the Guest
VLAN to the printer IP:port? It would be the same thing...they can only
access that IP:port?
_______________________________________________
pfSense mailing list
https://lists.pfsense.org/mailman/listinfo/list
Support the project with Gold! https://pfsense.org/gold
Loading...