We have a WiFi network that can’t see the the physical network, but some users require AirPrint capabilities from a mobile phone to our printers.
I have separate WiFi for internal connections, but would like to set up some holes in the firewall to allow airprint.
Did anyone tried to do something similar? I don’t have a clue what ports I would have to open, because I presume I have to open both bonjour discovery and airprint stuff for this to work seamlessly. Would probably target printer IPs with port opens.
Quack quack…
Create a vlan for untrusted wifi users.
Create a vlan for ShARED devices
Add firewall rules for the ports in question from one vlan to the other,
since I am not familiar with the requirements this is one case, because one has isolated the printer vlan, to MAYBE allow printer vlan send traffic back to untrusted wifi users.
Try the above and if not completely working perhaps you need the the printer to originate some traffic and if so then add this… add chain=forward action=accept out-interface=untrusted_vlan in-interface=printer_vlan dst-ports=ssss,xxxx,ttttt,yyyy,vvvv etc… protocol= ??
If the above does not work then they all need to be in the same vlan together… as some programs dont care about firewall rules they only SEARCH for or broadcast to devices within the same subnet. Sorry but this means regular home users need their own printer LOL
I will try making holes to IPs for starters for these non-HTTP ports for AirPrint, and then will see how this behaves. Not sure will it work, but won’t know until I test.
Another this that occurred to me is that Android clients won’t be able to print to AirPrint devices. No Google Print services on Canon printers any more…
