Guest User!

You are not Sophos Staff.

Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 6 replies
  • Subscribers 3 subscribers
  • Views 10309 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Printing to WiFi printer across network segments

JimmyM
I'm having a problem printing to my HP Photosmart B210e wireless printer.
I have ASG8.301 with 3 nics. 2 Internal NICs Guest_LAN and Primary_LAN.
Each has a wireless access point connected and everything works as expected. I can surf the net from either.

My printer is connected to the Primary_LAN and it can connect to the internet and I can print to it while connected to the Primary_LAN WAP.
However, I'm trying to set things up so I can print to it from the Guest_LAN. The printer is set up to get a statically assigned IP (which it does). 
I have set up a packet filter that will allow ALL traffic (for testing) from the Guest_LAN to the Primary_LAN. I also have a SNAT rule to change the Guest_LAN address to the Primary_LAN interface IP (Any Service) so it should appear that the printer is being communicated with on the same subnet. While connected to the Guest_LAN I can ping the printer's IP address and also connect via browser to the printers web admin interface on port 8080.
I installed a network monitor on my windows PC to look at traffic. While on the Primary_LAN network, I see traffic to the Printer on UDP-161 as well as TCP-8080 & TCP-9100.
However, while in the Guest_LAN, the Firewall log shows allowed traffic on UDP-161, but that's all, no blocked packets. The Windows network monitor shows the exact same UDP-161 traffic as before but no traffic on TCP-8080 or TCP-9100.

Has anyone had this sort of issue before?


This thread was automatically locked due to age.
Parents
  • 0
    Hi,

    If the printer has a gateway set, then you don't need NAT.
    Turn off the NAT and see if you can still ping the printer.

    Since you can connect to the web interface on the printer, and nothing is showing blocked in the firewall log, then perhaps something else is wrong (non-firewall related).
    However, you should also look at the IPS log on the firewall.

    Barry
  • 0 in reply to BarryG
    Thanks for the reply, Barry. 
    I disabled the SNAT rule and can still connect to the printer on 8080. No problem. However, nothing has changed with respect to the printing problem. I tried shutting off the windows firewall too. No dice.
    I checked the IPS logs. A couple of odd hits on "EXPLOIT Internet Explorer DOM mergeAttributes memory corruption attempt" from a few different IP addresses. I use FireFox in any case.
  • 0 in reply to JimmyM
    Just messing around here. Not sure what I did. But it's working now. I see traffic in my live log on UDP-161, TCP-8080, and TCP-9100. I can print from the Guest_LAN.
    Now to lock things down a bit and hope things still work.
  • 0 in reply to JimmyM
    I locked things down and I could no longer print. But i got it figured out. I've allowed just the following services and it works fine.
    TCP 8080
    TCP 9100
    UDP 161
    UDP 3702
Reply Children
  • 0 in reply to JimmyM

    where did you allow the services?

  • 0 in reply to Russell Wyatt

    Hi, Russell, and welcome to the UTM Community!

    Alone among the logs, the Firewall Live Log presents abbreviated information in a format easier to read quickly.  Usually, you can't troubleshoot without looking at the corresponding line from the full Firewall log file.  Please post one line corresponding to the problem you're having.

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
Share Feedback
×

Submitted a Tech Support Case lately from the Support Portal?

Unfiltered HTML