Printing from Guest Network (ASUSWRT-Merlin 3004.388.8_2)

Siff · 2024-10-04T11:08:54-0400

Hi All,

I'm looking to configure printing from a guest network to a printer, which is in the main network. I'm using AsusWRT-Merlin 3004.388.8_2 on RT-AX88U Pro. I have AiMesh with one RT-AX88U Pro node and I have 2 guest networks which I need to be available on the node as well.

I also have a USB printer, connected to the main router, which I would like to be used from the main network as well as one of the guest networks. I tried with iptables and with ebtables, I looked at @Martineau's scripts, but I couldn't make it work from the "Guest" guest network (see below). The printer works flawlessly from the main network, of course. I'm sure that I'm missing something and I would appreciate your help.

Here are the details:

Main router: 192.168.1.1, RT-AX88U PRO
AiMesh node, RT-AX88U PRO
"IoT" guest network, Guest Network #1 on 2.4 GHz, wl0.1, br1, no need to access the printer, 192.168.101.0/24, access to main LAN disabled in order to get a different IP range from the main network
"Guest" guest network, Guest Network #1 on 5 GHz, wl1.1, br2, this is the guest network which I would like to access the printer, 192.168.102.0/24, access to main LAN disabled in order to get a different IP range from the main network
Both "IoT" and "Guest" guest networks have to be available on the AiMesh node, i.e. I cannot use YazFi and they both have to be set as Guest Network #1

What I have tried:

Bash:

iptables -I FORWARD -i br2 -o br0 -d 192.168.1.1/32 -j ACCEPT

and

Bash:

ebtables -I FORWARD -p IPv4 -i wl1.1 --ip-dst 192.168.1.1 --ip-proto tcp -j ACCEPT
ebtables -I FORWARD -p IPv4 -o wl1.1 --ip-src 192.168.1.1 --ip-proto tcp -j ACCEPT

Neither works.

Thank you!

eibgrad · 2024-10-04T12:09:04-0400

What you've tried so far won't work since the wl1.1 network interface is assigned to a bridge (br2). Also, it's probably not a good idea to enable ALL tcp traffic to the router (that would include the GUI, SSH, etc.).

What you probably need is the BROUTING chain of the broute table.

Code:

admin@lab-merlin1:/tmp/home/root# ebtables -t broute -L
Bridge table: broute

Bridge chain: BROUTING, entries: 5, policy: ACCEPT
-p IPv4 -i wl1.1 --ip-dst 192.168.102.1 --ip-proto icmp -j ACCEPT
-p IPv4 -i wl1.1 --ip-dst 192.168.102.0/24 --ip-proto icmp -j DROP
-p IPv4 -i wl1.1 --ip-dst 192.168.1.0/24 --ip-proto icmp -j DROP
-p IPv4 -i wl1.1 --ip-dst 192.168.102.0/24 --ip-proto tcp -j DROP
-p IPv4 -i wl1.1 --ip-dst 192.168.1.0/24 --ip-proto tcp -j DROP

Since the printer is apparently running on the router itself (192.168.1.1), it may already be listening on the Guest #1 network as well (192.168.102.1). So first try that IP.

Code:

ebtables -t broute -I BROUTING -p IPv4 -i wl1.1 --ip-dst 192.168.102.1 --ip-proto tcp --ip-dport 9100 -j ACCEPT

If that doesn't work (perhaps the printer is only bound to 192.168.1.1), then change the rule from 192.168.102.1 to 192.168.1.1.

Siff · 2024-10-04T13:17:28-0400

Thank you @eibgrad!

Yes, my first ties included the protocol and the port, but since they didn't work, I removed them to see whether that will make it work (it didn't).

I tried with both 192.168.102.1 and 192.168.1.1, but neither worked.

Here is my current broute table:

Code:

ebtables -t broute -L
Bridge table: broute

Bridge chain: BROUTING, entries: 13, policy: ACCEPT
-p IPv4 -i wl1.1 --ip-dst 192.168.1.1 --ip-proto tcp --ip-dport 9100 -j ACCEPT
-p IPv4 -i wl0.1 --ip-dst 192.168.101.1 --ip-proto icmp -j ACCEPT
-p IPv4 -i wl0.1 --ip-dst 192.168.101.0/24 --ip-proto icmp -j DROP
-p IPv4 -i wl0.1 --ip-dst 192.168.1.0/24 --ip-proto icmp -j DROP
-p IPv4 -i wl0.1 --ip-dst 192.168.101.0/24 --ip-proto tcp -j DROP
-p IPv4 -i wl0.1 --ip-dst 192.168.1.0/24 --ip-proto tcp -j DROP
-p IPv4 -i wl0.1 --ip-dst 192.168.101.0/24 -j SKIPLOG
-p IPv4 -i wl1.1 --ip-dst 192.168.102.1 --ip-proto icmp -j ACCEPT
-p IPv4 -i wl1.1 --ip-dst 192.168.102.0/24 --ip-proto icmp -j DROP
-p IPv4 -i wl1.1 --ip-dst 192.168.1.0/24 --ip-proto icmp -j DROP
-p IPv4 -i wl1.1 --ip-dst 192.168.102.0/24 --ip-proto tcp -j DROP
-p IPv4 -i wl1.1 --ip-dst 192.168.1.0/24 --ip-proto tcp -j DROP
-p IPv4 -i wl1.1 --ip-dst 192.168.102.0/24 -j SKIPLOG

I also tried adding ICMP, but ping didn't work either.

Thread starter	Title	Forum	Replies	Date
W	Quick Network/Guest question	Asuswrt-Merlin	12	Monday at 10:54 AM
R	RT-AX86U Pro LAN Port on Guest Network	Asuswrt-Merlin	6	Sep 25, 2024
I	Guest net / subnet for wired connections?	Asuswrt-Merlin	4	Sep 13, 2024
J	Devices connected through wifi extender are showing up under guest IP subnet	Asuswrt-Merlin	3	Sep 5, 2024
M	Any workaround to expand Guest Network 'features' on Mesh for IoT Devices \| AX86U	Asuswrt-Merlin	2	Aug 28, 2024
	Solved Guest network On VPN on 3004-388.8_2	Asuswrt-Merlin	2	Aug 14, 2024
F	Best 5ghz Guest Wifi	Asuswrt-Merlin	5	Aug 1, 2024
B	Asus - RT-AX88U - USB Application - Network Place (Samba) Share / Cloud Disk - Problem when enabling Allow guest login	Asuswrt-Merlin	4	Jul 29, 2024
	RT-AX88U Guest Network connection issue when Access Intranet is set to Disable	Asuswrt-Merlin	5	Jun 12, 2024
G	Access webserver on lan synology from guest network on AX88u router	Asuswrt-Merlin	1	Jun 1, 2024

Search

Search

Printing from Guest Network (ASUSWRT-Merlin 3004.388.8_2)

Siff

Occasional Visitor

eibgrad

Part of the Furniture

Siff

Occasional Visitor

Similar threads

Similar threads

Latest threads

Support SNBForums w/ Amazon

Sign Up For SNBForums Daily Digest

Members online