Guest Printer

[ColH]

Hi,
Using Merlin's latest release build on RT-N66U.
Is it possible to have a printer which is already on the Main wireless network also available on the Guest wireless network?
Alternatively, is it possible for guests to access the printer and only the printer while on the Main wireless network.

Many thanks for any suggestions.

 

[jobongo]

suggestion for guest access to printer

This can be done. I did a quick test on my own network using a wireless printer. I could ping from the guest network to only the printer and no other devices of the main LAN. You will have to add some ebtables rules to allow the the printer and only the printer to access from the guest network. Here are the commands that I used. These can be added to the firewall rules in jffs partition to make it so that it saves through reboot.

ebtables -I FORWARD -i (interface that printer connects to) -s (MAC address of printer) -o (virtual interface of guest wireless network) -j ACCEPT
ebtables -I FORWARD -p arp -i (virtual interface of guest wireless network) -o (interface that the printer is connected to) -j ACCEPT

For instance my ebtables filter tables are as follows:

Bridge table: filter

Bridge chain: INPUT, entries: 0, policy: ACCEPT

Bridge chain: FORWARD, entries: 4, policy: ACCEPT
-s 2c:76:8a:76:a7:f9 -i eth1 -o wl0.1 -j ACCEPT
-p ARP -i wl0.1 -o eth1 -j ACCEPT
-i wl0.1 -o ! eth0 -j DROP
-i ! eth0 -o wl0.1 -j DROP

The setting for arp allows arp requests from the guest network to the other devices so that it can dynamically assign a mac address to an IP address. The other additional command only allows traffic from the printer on the main lan to the guest SSID. The last 2 limit traffic from the guest network to the internet and vice versa. If anyone else has a better way please let me know. ebtables seems pretty straight forward, but I don't use them a lot so there probably is a better way of doing this. I will look at the second question later. I think the only way is to set static IP's or know that mac address of the devices that connect to the main SSID in order to limit who they can talk to. Let me know if this works for you.

 

[RMerlin]

Note that ebtables is broken in build 23b. You will probably need to use an older version (build 21 was the previous one that worked if I recall), or switch to a build 24 beta.

 

[ColH]

Thanks for the info, both of you.

I will try with new beta build probably over the next week.

There's always someone with a helpful answer!

 

[jobongo]

printer help

I would have to trust merlin on the ebtables being broken. I compiled my own based on the latest merlin beta and I didn't have any problems. You may have to change some other rules to allow guests to automatically see the printer on the network. Let me know how it works.

 

[jobongo]

Merlin build

FYI. I am currently using Merlin Build 3.0.0.4.266.24 compiled from source.