What's new
  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

OAM

New Around Here
Hi, I am a noob at this hence appreciate your patiene.

I have a Linksys EA6900 router running XWRT-Vortex (AsusWRT-Merlin port for Linksys). I have a wireless printer in the Guest wifi SSID (need this is guest network because my kids friends come over for studies and need access to printer). At the moment I cannot access this printer from by LAN. What do I need to change to access the printer from the systems on the LAN, but still maintain the Guest N/W isolation.

Many thanks in advance for help

OAM
 
You can't have both isolation and access.

You may be able to achieve this with VLAN's and scripting, but that will be for others to suggest.
 
Thank you L&LD. LoL! yes, Isolation and access are opposite poles, agreed. Pardon me for not being clear. I meant access from one direction ie LAN --> Guest N/E and isolation in other direction Guest N/W --> LAN.

Hoping to get more suggestions from others in the forum.
 
Thank you L&LD. LoL! yes, Isolation and access are opposite poles, agreed. Pardon me for not being clear. I meant access from one direction ie LAN --> Guest N/E and isolation in other direction Guest N/W --> LAN.

Hoping to get more suggestions from others in the forum.

Simple and easiet and sure way. Get a cheap WiFi printer and connect it to Guest network for guests to use it. Guest device should have printer driver.
 
Hi OAM, I had exactly the same case you describe, this is how I solved it.
I'll let the most experienced guys in the forum to assess how secure this setup actually is.
  1. Create a new guest network without isolation (Access Intranet = on)
  2. Connect the Printer to this new guest network (it is now accessible from my main wireless network)
  3. Allow communication from/to the printer from the Guest Network using a firewall-start script:
Code:
#!/bin/sh
#Allow access to the printer from Guest Network
PRINTER=00:00:00:00:00:00
ebtables -I FORWARD -i wl0.2 -o wl0.1 -s $PRINTER -j ACCEPT
ebtables -I FORWARD -i wl0.1 -o wl0.2 -d $PRINTER -j ACCEPT

And additionally, I hid the SSID for this guest network used by the printer (does not add any security, but it just bothered me seeing it listed):

Code:
nvram set wl0.2_closed="1"
nvram commit
 
Hi OAM, I had exactly the same case you describe, this is how I solved it.
I'll let the most experienced guys in the forum to assess how secure this setup actually is.
  1. Create a new guest network without isolation (Access Intranet = on)
  2. Connect the Printer to this new guest network (it is now accessible from my main wireless network)
  3. Allow communication from/to the printer from the Guest Network using a firewall-start script:
Code:
#!/bin/sh
#Allow access to the printer from Guest Network
PRINTER=00:00:00:00:00:00
ebtables -I FORWARD -i wl0.2 -o wl0.1 -s $PRINTER -j ACCEPT
ebtables -I FORWARD -i wl0.1 -o wl0.2 -d $PRINTER -j ACCEPT

And additionally, I hid the SSID for this guest network used by the printer (does not add any security, but it just bothered me seeing it listed):

Code:
nvram set wl0.2_closed="1"
nvram commit

As you note, hiding the ssid doesn't do anything for security and may actually hamper performance.

But, having Access Intranet=On doesn't need your script to have the printer available to all and even worse; it allows the guest devices have access to the rest of the network too with no restrictions.
 
Hi OAM, I had exactly the same case you describe, this is how I solved it.
I'll let the most experienced guys in the forum to assess how secure this setup actually is.
  1. Create a new guest network without isolation (Access Intranet = on)
  2. Connect the Printer to this new guest network (it is now accessible from my main wireless network)
  3. Allow communication from/to the printer from the Guest Network using a firewall-start script:
Code:
#!/bin/sh
#Allow access to the printer from Guest Network
PRINTER=00:00:00:00:00:00
ebtables -I FORWARD -i wl0.2 -o wl0.1 -s $PRINTER -j ACCEPT
ebtables -I FORWARD -i wl0.1 -o wl0.2 -d $PRINTER -j ACCEPT

And additionally, I hid the SSID for this guest network used by the printer (does not add any security, but it just bothered me seeing it listed):

Code:
nvram set wl0.2_closed="1"
nvram commit


Thanks jmedaglia,

I was hoping there would be a firewall solution, and iptables entry. But wasn't sure how! Your response gives me some ideas. I don't want to remove Guest N/W isolation, but am hoping with correct rules it might work. I'll play around with this and if successful will post my solution back.

OAM
 

Similar threads

Latest threads

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!
Top