How To Connect to a Network Printer from Outside the Network?

[Just Checking]

I have a network printer (Brother MFC9330CDW) connected to one LAN by T100 ethernet. I have several servers and clients on that network which has a Asus RT-AC68 router running the Asus-Merlin 374.43_2-6j9527 Fork firmware.

I have a second LAN with a secure data server and clients which has a Asus RT-AC66 router running the same version 374.43_2-6j9527 firmware. I want to be able to share the printer between each of the LAN's without having to switch the clients from one network to the other. Is there a way to set up the connection while still keeping the security of the data server network?

Right now, I use the printer by switching a client from one network to another that has the network printer on it by changing the wireless adapter connection. It is not too painful but I cannot connect from my data server to the printer directly since that server does not have a wireless adapter card. Also, I don't want to expose my "secure" network to my "less secure" network, if at all possible.

I can put the network printer on my "secure" network and have the clients and servers of my "less secure" network switch over when printing but that kind of defeats the purpose of having separate networks.

I have limited space so I don't want to purchase, and maintain two copiers/printers, with low usage.

I have to believe that this is a very common situation and I don't want to "reinvent the wheel". Help on how to do this would be appreciated.

 

[azazel1024]

Meh. Network printers (and printers in general) are horribly insecure, so having it exposed to the less secure network in any way and then having anything from the secured network connect to it is inherently not a good idea. At least if you are at "paranoid" level of security here.

As for what to do, point to the WAN IP address of the router that the network printer is behind and then setup a port forwarding rule on that router to forward print requests to the IP of the network printer that is behind it.

Of course you'd have to make sure that the two networks are physically connected in some way (through the WAN ports, or through WWAN bridging).

 

[System Error Message]

you can do it securely with advanced routing or tunneling depending on how the networks are seperated.

 

[vnangia]

Have you considered connecting the printer to both networks? One via the LAN jack, and one wireless? Both sets of clients could then use the printer as natively within their LAN, without allowing all external clients to address the printer.

Two other options:
1. if the printer is relatively new (and it seems to be based on the model number), it may support Cloud Print, or Brother's direct printing. You could just set it up so you can email to an address that prints it out.

2. Print server connected to the USB?

 

[Motofixxer]

I have heard rumors that Google has painless cloudprint setup that works well but no firsthand experience.

 

[Samir]

I think there's an easy way, but I need some more information.

What are your subnets and addressing like on each of your networks?

 

[Just Checking]

Each of my networks has a separate WAN IP.

Each WAN has a separate router on it. I have 3 - Asus RT-AC66 routers and 1 - Asus RT68 router running separate networks.

The LAN IP Addresses for each network I set up sequentially
Network 1 - 192.168.1.1 (stock Asus LAN IP) Router 1
Network 2 - 192.168.2.1 Router 2
Network 3 - 192.168.3.1 Router 3
Network 4 - 192.168.4.1 Router 4

Subnet for each of them is the same standard 255.255.255.0

Within each network I assign a static IP address to each individual MAC address of the devices. I use numbers within the 253 IP addresses allowed.
Asus routers allow me to assign up to 128 IP addresses on each router which is plenty for me.

Example 1:
WAN 1
ll
Router 1 LAN IP (192.168.1.1) Subnet Mask (255.255.255.0)
ll ll
Server 1 Server 2
Ethernet Port 1 (192.168.1.11) Ethernet Port 1 (192.168.1.21)
Ethernet Port 2 (192.168.1.12) Ethernet Port 2 (192.168.1.22)

Since I have 5 ethernet ports on each of the 3 servers I am most concerned about, I wanted to connect a couple from each to a different WAN and LAN.

Example 2:
WAN 2
ll
Router 2 LAN IP (192.168.2.1) Subnet Mask (255.255.255.0)
ll ll
Server 1 (Same as Example 1) Server 2 (Same as Example 1)
Ethernet Port 3 (192.168.2.11) Ethernet Port 3 (192.168.2.21)
Ethernet Port 4 (192.168.2.12) Ethernet Port 4 (192.168.2.22)

The NIC's that I have are Intel i350-T4's which are "smart". I can manually assign them port #'s in their firmware and they also do "port aggregation" (not really, but something close) by themselves.

My thought is that, with the totally separate WANs, LANs, and IP port addresses, I am hoping not to cause conflicts. I will not get any increased bandwidth with two networks simultaneously operating but that is acceptable.

My concern is how the servers and programs will know which network to use for communication. Inside the network, it shouldn't matter since any particular application could choose either network for communication with the other servers with no difference. I can see problems if the application sees "two" of everything and cannot decide which one to use. I am not sure how to prevent that.

Outside the network is another problem. How the application (like Plex or TeamViewer) finds a particular IP address for a device when there are two of them visible is a question.

The other concern I have is how systems will react if one of the network goes down. Will it "fail-over" and direct all traffic to the other network? What about all the client devices that were on Network 1? They have no communication to Network 2 since they are connected to either Network 1 or network 2, but not both. I have not had time to test this arrangement out yet . Hope to get to it by next week.

If you have an alternate solution that is implementable and solves these concerns, I am more than willing to try it out.

 

[Samir]

Each of my networks has a separate WAN IP.

Each WAN has a separate router on it. I have 3 - Asus RT-AC66 routers and 1 - Asus RT68 router running separate networks.

The LAN IP Addresses for each network I set up sequentially
Network 1 - 192.168.1.1 (stock Asus LAN IP) Router 1
Network 2 - 192.168.2.1 Router 2
Network 3 - 192.168.3.1 Router 3
Network 4 - 192.168.4.1 Router 4

Subnet for each of them is the same standard 255.255.255.0

Within each network I assign a static IP address to each individual MAC address of the devices. I use numbers within the 253 IP addresses allowed.
Asus routers allow me to assign up to 128 IP addresses on each router which is plenty for me.

Example 1:
WAN 1
ll
Router 1 LAN IP (192.168.1.1) Subnet Mask (255.255.255.0)
ll ll
Server 1 Server 2
Ethernet Port 1 (192.168.1.11) Ethernet Port 1 (192.168.1.21)
Ethernet Port 2 (192.168.1.12) Ethernet Port 2 (192.168.1.22)

Since I have 5 ethernet ports on each of the 3 servers I am most concerned about, I wanted to connect a couple from each to a different WAN and LAN.

Example 2:
WAN 2
ll
Router 2 LAN IP (192.168.2.1) Subnet Mask (255.255.255.0)
ll ll
Server 1 (Same as Example 1) Server 2 (Same as Example 1)
Ethernet Port 3 (192.168.2.11) Ethernet Port 3 (192.168.2.21)
Ethernet Port 4 (192.168.2.12) Ethernet Port 4 (192.168.2.22)

The NIC's that I have are Intel i350-T4's which are "smart". I can manually assign them port #'s in their firmware and they also do "port aggregation" (not really, but something close) by themselves.

My thought is that, with the totally separate WANs, LANs, and IP port addresses, I am hoping not to cause conflicts. I will not get any increased bandwidth with two networks simultaneously operating but that is acceptable.

My concern is how the servers and programs will know which network to use for communication. Inside the network, it shouldn't matter since any particular application could choose either network for communication with the other servers with no difference. I can see problems if the application sees "two" of everything and cannot decide which one to use. I am not sure how to prevent that.

Outside the network is another problem. How the application (like Plex or TeamViewer) finds a particular IP address for a device when there are two of them visible is a question.

The other concern I have is how systems will react if one of the network goes down. Will it "fail-over" and direct all traffic to the other network? What about all the client devices that were on Network 1? They have no communication to Network 2 since they are connected to either Network 1 or network 2, but not both. I have not had time to test this arrangement out yet . Hope to get to it by next week.

If you have an alternate solution that is implementable and solves these concerns, I am more than willing to try it out.

This is a pretty complicated setup, and I'm wondering if it's overly complex. What is the overall goal with this 'mesh' of wans, lans, and servers? Redundancy? Segmenting? Speed?

To answer some of your questions, applications on clients will connect to a server and just stick to that server IP address. They will not know that there is a second server IP address to connect to unless you tell it. And then it will probably just stick to that one if you change it to that IP.

When a LAN goes down, it can happen in several ways. WAN for a LAN goes down=LAN still can connect to internal servers that it is directly connected to, but nothing outside. LAN switch fails=clients cannot connect to anything including each other. That's the only two failure scenarios really.

For outside applications, you can direct (port forward) the service to just one IP on most routers (not sure about the Asus), so that shouldn't be an issue. Even if you can put in multiple entries for both IP addresses, I don't think both would be used.

There probably is a much, much simpler way to meet the goals for your networks than what you currently have. I think that's the best place to start because I think the current setup can't be the optimal solution for your networking requirements.