Menu
What's new
By:
Filters Better Search

Give Guest Wi-Fi Users Access To Printer?

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

H

HarryMuscle

Senior Member
I currently have my guest Wi-Fi networks setup to allow guests to access each other but they are blocked from accessing the non guest LAN devices, which is exactly what I want. However, it turns out I also need to give my guests access to the printer which is located on the LAN.

I'm assuming this needs to be done via iptable changes (unless there's a way to do this via the GUI which would be ideal). Also since my printer has a web interface, I would prefer to only allow access to certain ports of the printer that are actually used for printing and not to open up the whole IP to the guest Wi-Fi.

Any help in putting together the correct iptable rules would be greatly appreciated.

Thanks,
Harry
 
Check out YazFi.
 
Yota said:
Asuswrt used to use ebtables to isolate guest network and LAN, now they use VLAN to isolate guest network 1, while guest networks 2 and 3 still use ebtables.
Click to expand...
I assume guest network 1 would be the wl0.1 interface which is the first 2.4GHz guest network, correct?
 
HarryMuscle said:
I assume guest network 1 would be the wl0.1 interface which is the first 2.4GHz guest network, correct?
Click to expand...
Yes wl0.1 is 2.4 GHz guest network 1, wl0.2 is 2.4 GHz guest network 2, wl1.1 is 5 GHz guest network 1...
 
HarryMuscle said:
Any way to do it without YazFi (which does quite a bit more than what I'm after)?
Click to expand...
Yes but as you already know, it involves scripting. With YazFi you do have examples of the script to work with at the previously provided links.
 
Yota said:
Yes wl0.1 is 2.4 GHz guest network 1, wl0.2 is 2.4 GHz guest network 2, wl1.1 is 5 GHz guest network 1...
Click to expand...
So VLANs are used to isolate both 2.4GHz wl0.1 and 5GHz wl1.1 networks, correct? Does that mean etables could not be used to bypass the isolation if I'm using those two guest networks?
 
bennor said:
Yes but as you already know, it involves scripting. With YazFi you do have examples of the script to work with at the previously provided links.
Click to expand...
Anyone know if YazFi works with AiMesh nodes? Apparently VLANs are used for the first 2.4 and 5 GHz guest networks so that the AiMesh nodes can also handle guests. Would using YazFi prevent that?
 
Last edited:
HarryMuscle said:
I guess that then becomes the main reason why I'm trying to find a solution that doesn't use YazFi.
Click to expand...

The routing between guest VLAN and main VLAN is already there, IPTables filters what can or can't go through (by default, main LAN can access guest and guest can reply, but cannot initiate to main LAN). So you'll have to find those rules and add one to allow printing from guest.

Option 2 - if your printer has both wired and wireless, use wired for LAN and join the wireless to guest (some printers only allow one or the other, some work on both).

Option 3 - if your printer won't allow both to be used at the same time, enable wifi direct on the printer for guests to use and keep wired for LAN (the ones that don't allow both for regular LAN use do typically allow wired LAN plus wifi direct).

Option 4 - use the print server built into the Asus, not 100% sure if guests can see that, worth a try. You'd still use LAN cable for regular printing and USB to router for guest print server, or you could potentially use USB for both. No idea if it'll work, just an idea.

Option 5 - Just put it on the guest network, since main LAN can access guest network and should be able to print fine. But if you attempt to initiate something from the printer (like scan to pc from the printer control panel) that won't work anymore.
 
drinkingbird said:
The routing between guest VLAN and main VLAN is already there, IPTables filters what can or can't go through (by default, main LAN can access guest and guest can reply, but cannot initiate to main LAN). So you'll have to find those rules and add one to allow printing from guest.

Option 2 - if your printer has both wired and wireless, use wired for LAN and join the wireless to guest (some printers only allow one or the other, some work on both).

Option 3 - if your printer won't allow both to be used at the same time, enable wifi direct on the printer for guests to use and keep wired for LAN (the ones that don't allow both for regular LAN use do typically allow wired LAN plus wifi direct).

Option 4 - use the print server built into the Asus, not 100% sure if guests can see that, worth a try. You'd still use LAN cable for regular printing and USB to router for guest print server, or you could potentially use USB for both. No idea if it'll work, just an idea.

Option 5 - Just put it on the guest network, since main LAN can access guest network and should be able to print fine. But if you attempt to initiate something from the printer (like scan to pc from the printer control panel) that won't work anymore.
Click to expand...
Option 1 is definitely most ideal. I'm just surprised that no one has done it yet on their router and shared the needed iptable changes. I would have thought that it's a fairly common requirement.
 
HarryMuscle said:
Option 1 is definitely most ideal. I'm just surprised that no one has done it yet on their router and shared the needed iptable changes. I would have thought that it's a fairly common requirement.
Click to expand...

Never seen anyone ask for it before, and personally have never needed it. Plus the new Guest setup with different VLANs has only existed since 386 code base so still fairly recent, any IPTABLES rules someone may have come up with for the old design (which GW2 and 3 still use) wouldn't apply to GW1.
 
You must log in or register to reply here.

Similar threads

Siff
Printing from Guest Network (ASUSWRT-Merlin 3004.388.8_2)
Replies
5
Views
554
Jherb
J
J
Guest Network Pro and printer
Replies
7
Views
240
bennor
B
S
Network printer no longer available after activating Guest networks
Replies
18
Views
1K
Tech9
Tech9
B
How to set up guest network on RT-AX86U-PRO
Replies
7
Views
388
BosseSwede
B
G
Access webserver on lan synology from guest network on AX88u router
Replies
1
Views
450
grottoguy
G
Similar threads
Thread starter Title Forum Replies Date
Siff Printing from Guest Network (ASUSWRT-Merlin 3004.388.8_2) Asuswrt-Merlin 5
W Quick Network/Guest question Asuswrt-Merlin 14
R RT-AX86U Pro LAN Port on Guest Network Asuswrt-Merlin 9
I Guest net / subnet for wired connections? Asuswrt-Merlin 4
J Devices connected through wifi extender are showing up under guest IP subnet Asuswrt-Merlin 3
M Any workaround to expand Guest Network 'features' on Mesh for IoT Devices | AX86U Asuswrt-Merlin 2
OakleyFreak Solved Guest network On VPN on 3004-388.8_2 Asuswrt-Merlin 2
F Best 5ghz Guest Wifi Asuswrt-Merlin 5
B Asus - RT-AX88U - USB Application - Network Place (Samba) Share / Cloud Disk - Problem when enabling Allow guest login Asuswrt-Merlin 4
wcoastsands RT-AX88U Guest Network connection issue when Access Intranet is set to Disable Asuswrt-Merlin 5

Similar threads

Latest threads

Support SNBForums w/ Amazon

If you'd like to support SNBForums, just use this link and buy anything on Amazon. Thanks!

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!

Members online

Total: 722 (members: 18, guests: 704)
Top