Hello everyone,
I have been struggling on successfully setting up my WF3640 multi-functioning printer so that the local clients can use it. Some unsuccessful tests which I ran are pointed below. *one important information, the clients are routed through L2TP VPN so that they don’t receive my real public IP.
printer has a static ip.
- Made the printer in the same subnet network of the clients. Clients can ping the printer IP but cannot find the printer. (FAILED)
- Setting the printer in different subnet and then masquerade the subnet network with the client. (FAILED)
- Setting the printer in different subnet and then masquerade the subnet network with the client also exclusively set firewall filters to accept dst-ip to printer IP. (FAILED)
Below you can find the prints for my current settings with DHCP, IP ADDRESS, IP ROUTE, IP FIREWALL FILTER, IP FIREWALL NAT, IP FIREWALL MANGLE
/ip address> print
[xX_Dark.Angel_Xx@MikroTik_Essen.de] /ip address> print
Flags: X - disabled, I - invalid, D - dynamic
# ADDRESS NETWORK INTERFACE
0 ;;; guests
192.168.100.1/24 192.168.100.0 bridge
1 ;;; dark.angel
192.168.101.1/24 192.168.101.0 bridge
2 ;;; alu
192.168.103.1/24 192.168.103.0 bridge
3 ;;; sam
192.168.102.1/24 192.168.102.0 bridge
4 I 192.168.0.12/24 192.168.0.0 WAN2
5 192.168.0.11/24 192.168.0.0 WAN1
6 ;;; network_devices
192.168.99.1/24 192.168.99.0 bridge
7 D 10.0.1.66/32 1.0.0.1 L2TP-ExpressVPN-02
8 D 10.0.1.219/32 1.0.0.1 L2TP-ExpressVPN-01
9 D 10.0.1.171/32 1.0.0.1 L2TP-ExpressVPN-03
/ip dhcp-server> print
[xX_Dark.Angel_Xx@MikroTik_Essen.de] /ip dhcp-server> print
Flags: X - disabled, I - invalid
# NAME INTERFACE RELAY ADDRESS-POOL LEASE-TIME ADD-ARP
0 defconf bridge guest 10m
/ip dhcp-server network> print/b]
[xX_Dark.Angel_Xx@MikroTik_Essen.de] /ip dhcp-server network> print
# ADDRESS GATEWAY DNS-SERVER WINS-SERVER DOMAIN
0 ;;; network_devices
192.168.99.0/24 192.168.99.1 8.8.8.8
8.8.4.4
1 ;;; guest
192.168.100.0/24 192.168.100.1 8.8.8.8
8.8.4.4
2 ;;; dark.angel
192.168.101.0/24 192.168.101.1 8.8.8.8
8.8.4.4
3 ;;; sam
192.168.102.0/24 192.168.102.1 8.8.8.8
8.8.4.4
4 ;;; alu
192.168.103.0/24 192.168.103.1 8.8.8.8
8.8.4.4
/ip route> print
[xX_Dark.Angel_Xx@MikroTik_Essen.de] /ip route> print
Flags: X - disabled, A - active, D - dynamic,
C - connect, S - static, r - rip, b - bgp, o - ospf, m - mme,
B - blackhole, U - unreachable, P - prohibit
# DST-ADDRESS PREF-SRC GATEWAY DISTANCE
0 A S 0.0.0.0/0 L2TP-ExpressVPN-01 1
1 A S 0.0.0.0/0 L2TP-ExpressVPN-02 1
2 A S 0.0.0.0/0 L2TP-ExpressVPN-03 1
3 A S 0.0.0.0/0 192.168.0.1 1
4 ADC 1.0.0.1/32 10.0.1.66 L2TP-ExpressVPN-02 0
L2TP-ExpressVPN-01
L2TP-ExpressVPN-03
5 ADC 192.168.0.0/24 192.168.0.11 WAN1 0
6 ADC 192.168.99.0/24 192.168.99.1 bridge 0
7 ADC 192.168.100.0/24 192.168.100.1 bridge 0
8 ADC 192.168.101.0/24 192.168.101.1 bridge 0
9 ADC 192.168.102.0/24 192.168.102.1 bridge 0
10 ADC 192.168.103.0/24 192.168.103.1 bridge 0
/ip firewall filter> print
[xX_Dark.Angel_Xx@MikroTik_Essen.de] /ip firewall filter> print
Flags: X - disabled, I - invalid, D - dynamic
0 D ;;; special dummy rule to show fasttrack counters
chain=forward action=passthrough
1 ;;; defconf: accept ICMP
chain=input action=accept protocol=icmp log=no log-prefix=""
2 ;;; defconf: accept established,related
chain=input action=accept connection-state=established,related log=no
log-prefix=""
3 ;;; defconf: drop all from WAN
chain=input action=drop in-interface=WAN1 log=no log-prefix=""
4 ;;; defconf: fasttrack
chain=forward action=fasttrack-connection
connection-state=established,related log=no log-prefix=""
5 ;;; defconf: accept established,related
chain=forward action=accept connection-state=established,related log=no
log-prefix=""
6 ;;; defconf: drop invalid
chain=forward action=drop connection-state=invalid log=no log-prefix=""
7 ;;; defconf: drop all from WAN not DSTNATed
chain=forward action=drop connection-state=new
connection-nat-state=!dstnat in-interface=WAN1 log=no log-prefix=""
/ip firewall nat> print
[xX_Dark.Angel_Xx@MikroTik_Essen.de] /ip firewall nat> print
Flags: X - disabled, I - invalid, D - dynamic
0 ;;; defconf: masquerade
chain=srcnat action=masquerade out-interface=WAN1 log=no log-prefix=""
1 ;;; defconf: masquerade
chain=srcnat action=masquerade out-interface=WAN2 log=no log-prefix=""
2 ;;; L2TP-ExpressVPN-01
chain=srcnat action=masquerade out-interface=L2TP-ExpressVPN-01 log=no
log-prefix=""
3 ;;; L2TP-ExpressVPN-02
chain=srcnat action=masquerade out-interface=L2TP-ExpressVPN-02 log=no
log-prefix=""
4 ;;; L2TP-ExpressVPN-03
chain=srcnat action=masquerade out-interface=L2TP-ExpressVPN-03 log=no
log-prefix=""
5 ;;; Local
chain=srcnat action=masquerade out-interface=bridge log=no log-prefix=""
/ip firewall mangle> print
[xX_Dark.Angel_Xx@MikroTik_Essen.de] /ip firewall mangle> print
Flags: X - disabled, I - invalid, D - dynamic
0 D chain=forward action=change-mss new-mss=1410 tcp-flags=syn protocol=tcp
out-interface=all-ppp tcp-mss=1411-65535
1 D chain=forward action=change-mss new-mss=1410 tcp-flags=syn protocol=tcp
in-interface=all-ppp tcp-mss=1411-65535
2 D ;;; special dummy rule to show fasttrack counters
chain=prerouting action=passthrough
3 D ;;; special dummy rule to show fasttrack counters
chain=forward action=passthrough
4 D ;;; special dummy rule to show fasttrack counters
chain=postrouting action=passthrough
5 chain=prerouting action=passthrough src-address=192.168.99.0/24 log=no
log-prefix=""
6 chain=prerouting action=mark-routing new-routing-mark=L2TP01
passthrough=yes src-address=192.168.100.0/24 dst-address=!192.168.99.0/24
log=no log-prefix=""
7 chain=prerouting action=mark-routing new-routing-mark=L2TP01
passthrough=yes src-address=192.168.101.0/24 dst-address=!192.168.99.0/24
log=no log-prefix=""
8 chain=prerouting action=mark-routing new-routing-mark=L2TP02
passthrough=yes src-address=192.168.102.0/24 dst-address=!192.168.99.0/24
log=no log-prefix=""
9 chain=prerouting action=mark-routing new-routing-mark=L2TP03
passthrough=yes src-address=192.168.103.0/24 dst-address=!192.168.99.0/24
log=no log-prefix=""
Please help me out setting up the network multi-functioning printer. Currently I am using the remote print service of epson which sends documents over the internet to epson’s print server.