i have this printer wifi widget (TP-LINK TL-WPS5510U) that doesn't support WPA2 AES (only TKIP). And the
No problem, i'll just put it on the guest network, that's Open anyway.
However, now i cannot print from the non guest hosts, the isolation is both ways (e.g. the guest network cannot be reached from non-guest hosts).
I tried a bunch of ideas....
1. iptables D/SNAT redirect:
iptables -t nat -A PREROUTING -p tcp --dport 9100 --dst 172.16.0.1 -j DNAT --to 172.16.0.222:9100
iptables -t nat -A POSTROUTING -p tcp --src 172.16.0.222 --sport 9100 -j SNAT --to-source 172.16.0.1
but that didn't work (i'm not sure why... the router (.0.1) can reach the printer).
2. Installed 'entware' and ncat, ran:
ncat -l 9100 -k --sh-exec "/opt/bin/ncat 172.16.0.222 9100
(after killing lpd).
but that didn't work. I'm not sure why, it does connect, data flows, but the printer doesn't seem happy with the stream, and ultimately doesn't print.
I've been using this widget+printer for the last few years on my previous router (which supported WPA2-TKIP so i didn't bother with using it on the guest network).
What i'd really prefer is some way to allow non-guest hosts to reach the guest network but not vice-versa (i'm ok w/ guests being able to print, who cares).
I can't figure out how the guest isolation is done, it doesn't seem to be an iptable rule. and the guest network seems to be on the same bridge (br0) and vlan.
So, questions...
a) how is the guest isolation achieved?
b) how can I allow non-guest hosts to reach a certain TCP port on the guest network device?
c) any other suggestions on how to make this work?
No problem, i'll just put it on the guest network, that's Open anyway.
However, now i cannot print from the non guest hosts, the isolation is both ways (e.g. the guest network cannot be reached from non-guest hosts).
I tried a bunch of ideas....
1. iptables D/SNAT redirect:
iptables -t nat -A PREROUTING -p tcp --dport 9100 --dst 172.16.0.1 -j DNAT --to 172.16.0.222:9100
iptables -t nat -A POSTROUTING -p tcp --src 172.16.0.222 --sport 9100 -j SNAT --to-source 172.16.0.1
but that didn't work (i'm not sure why... the router (.0.1) can reach the printer).
2. Installed 'entware' and ncat, ran:
ncat -l 9100 -k --sh-exec "/opt/bin/ncat 172.16.0.222 9100
(after killing lpd).
but that didn't work. I'm not sure why, it does connect, data flows, but the printer doesn't seem happy with the stream, and ultimately doesn't print.
I've been using this widget+printer for the last few years on my previous router (which supported WPA2-TKIP so i didn't bother with using it on the guest network).
What i'd really prefer is some way to allow non-guest hosts to reach the guest network but not vice-versa (i'm ok w/ guests being able to print, who cares).
I can't figure out how the guest isolation is done, it doesn't seem to be an iptable rule. and the guest network seems to be on the same bridge (br0) and vlan.
So, questions...
a) how is the guest isolation achieved?
b) how can I allow non-guest hosts to reach a certain TCP port on the guest network device?
c) any other suggestions on how to make this work?