News: This forum is now permanently frozen.
linktree m0n0wall Forum  >  m0n0wall Support (English)  >  General Questions
linktree Topic: Routing from internet-PC to LAN-printer in other net
Pages: [1]
Topic: Routing from internet-PC to LAN-printer in other net  (Read 1395 times)
« on: January 05, 2009, 17:14:47 »
ksinbln *
Posts: 7
Hi,

I hope, somebody can explain my fault...

I have a m0n0wall as Firewall, a Fritzbox as Router on WAN side, and 2 networks: one for internet pcs (192.168.181.0/24 - connected to Fritzbox directly) and one network behind m0n0wall (LAN, 192.168.0.0/24). Printing protocol is raw (port 9100).

To print from internet pc 192.168.181.20 to printer 192.168.0.110

Internet-PC ---------  Fritzbox ----------- M0n0wall  ------------ printer
        ..181.20      ..181.1     ..178.1     ..178.20    ..0.6            ..0.110
                           NetA         NetB         WAN         LAN

I took the following actions:

Fritzbox:
Adding Routing Rule:
Gateway for 192.168.0.0/24 is 192.168.178.20


M0n0wall:
- Removed Rule, that blocks incoming traffic from standard local network adresses
- Added rule for WAN-Port (finally not very restricted):
Allow: from *   source port *   to destination port 9100 to adress 192.168.0.110 (port stays the same).

The logfile for this rule shows me, that the packets pass.

But on the Internet-PC the program TCPView shows me, that a SYNC has been sent but no answer arrives.

So, what is the fault in my idea?

Thank you very much,
Knut

P.S.: Alternatively I tried to manage this by a simple NAT-Rule (in combination with the proper firewall-rule, that monowall creates automaticly - but this didn't work, too
P.S.II: I hava a M0n0wall V.1235 on a WRAP-board.
P.S.III: If you need more information please tell me..
« Last Edit: January 05, 2009, 17:28:53 by ksinbln »
« Reply #1 on: January 06, 2009, 10:19:42 »
markb ****
Posts: 331
As you are not needing to use the Monowall as a NAT router, if you enable Advanced NAT to remove all automatic NAT rules and have a rule that allows the TCP:9100 traffic from the WAN interface, it should work.  You will also need a static route on your Fritzbox for the 192.168.0.0/24 subnet through the WAN Ip address on the Monowall which sits on your 192.168.181.0/24 segment.
« Reply #2 on: January 06, 2009, 15:17:05 »
ksinbln *
Posts: 7
Thank you for your answer.

But there is a problem:

I do need NAT, because PCs of the LAN net need access to special internet adresses, i.e. to the fiscal authority to transfer electronic tax forms.

Ciao,
Knut
 
Pages: [1]
 
 
Powered by SMF 1.1.20 | SMF © 2013, Simple Machines