A few weeks ago Lonnie documented how to use the new avahi Bonjour/mDNS
discovery service coming in AstLinux 1.2.7 to enable connecting to a
printer with AstLinux. This service can also be used to make printers
available onto a guest network.
For example, lets assume your main network is 192.168.xx.0/24 on network
interface eth1 and on that network you have a printer 192.168.xx.10 that
advertises its services by Bonjour (this is how all Apple iOS devices
discover your printer).
Now assume you configure a guest VLAN that is network 192.168.yy.0/24 on
network virtual interface eth1.100 and devices connect to that network
using UniFi access points. Using the UniFi controller (which we assume is
at 192.168.xx.2) we configure the UniFi guest network to connect to VLAN
"100" and enable guest policies with authentication to be done through a
UniFi guest portal.
With that environment do the following setup...
Enable "mDNS/DNS-SD Service Discovery" on the Network tab of user
interface. You will need to reboot before doing next step.
Click on "Configure mDMS/DNS-SD" button on Network tab (this only appears
after above reboot) to edit the avahi-daemon.conf file.
In the [server] section of avahi-daemon.conf add/edit this line...
allow-interfaces=eth1,eth1.100
This enables avahi on both your main network and guest network.
In the [reflector] section of the conf file add these lines...
enable-reflector=yes
reflect-ipv=no
reflect-filters=_printer._tcp.local,_ipp._tcp.local,_pdl-datastream._tcp.local
This tells avahi to only reflect the printing bonjour packets across
networks.
Save this file and now go to the Firewall settings in the AstLinux Network
tab and add the following as "Pass LAN->LAN" rules.
Pass 192.168.yy.0/24 to 192.168.xx.10 ports 515,631,9100
Pass 192.168.yy.0/24 to 192.168.xx.2 ports 8880,8843
The first rule corresponds to the printer protocols that we are publishing
across the LANs and allows any device on the guest LAN to connect to our
printer on our main network. The second rule enables guest devices to
access the UniFi controller on the ports it uses for the guest portal so
guests can authenticate.
Restart mDNS/DNS-SD and restart the firewall.
Now any device that connects to your guest network is able to discover and
print to your printer on your main network.
This technique can also be used to make other services you might want to
share from your main network to a guest network, e.g. a Apple TV / AirPlay
device... add _airplay._tcp.local,_raop._tcp.local to the reflect filter
and set appropriate firewall rules to open access to the AirPlay device.
David
------------------------------------------------------------------------------
What NetFlow Analyzer can do for you? Monitors network bandwidth and traffic
patterns at an interface-level. Reveals which users, apps, and protocols are
consuming the most bandwidth. Provides multi-vendor support for NetFlow,
J-Flow, sFlow and other flows. Make informed decisions using capacity planning
reports. http://sdm.link/zohomanageengine
_______________________________________________
Astlinux-users mailing list
Astlinux-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/astlinux-users
Donations to support AstLinux are graciously accepted via PayPal to
pay...@krisk.org.
