Am 19.06.2016 um 00:20 schrieb David Kerr <da...@kerr.net>: > A few weeks ago Lonnie documented how to use the new avahi Bonjour/mDNS > discovery service coming in AstLinux 1.2.7 to enable connecting to a printer > with AstLinux. This service can also be used to make printers available onto > a guest network. > > For example, lets assume your main network is 192.168.xx.0/24 on network > interface eth1 and on that network you have a printer 192.168.xx.10 that > advertises its services by Bonjour (this is how all Apple iOS devices > discover your printer). > > Now assume you configure a guest VLAN that is network 192.168.yy.0/24 on > network virtual interface eth1.100 and devices connect to that network using > UniFi access points. Using the UniFi controller (which we assume is at > 192.168.xx.2) we configure the UniFi guest network to connect to VLAN "100" > and enable guest policies with authentication to be done through a UniFi > guest portal. > > With that environment do the following setup... > > Enable "mDNS/DNS-SD Service Discovery" on the Network tab of user interface. > You will need to reboot before doing next step. > > Click on "Configure mDMS/DNS-SD" button on Network tab (this only appears > after above reboot) to edit the avahi-daemon.conf file. > > In the [server] section of avahi-daemon.conf add/edit this line... > allow-interfaces=eth1,eth1.100 > This enables avahi on both your main network and guest network. > > In the [reflector] section of the conf file add these lines... > enable-reflector=yes > reflect-ipv=no > > reflect-filters=_printer._tcp.local,_ipp._tcp.local,_pdl-datastream._tcp.local > This tells avahi to only reflect the printing bonjour packets across networks. > > Save this file and now go to the Firewall settings in the AstLinux Network > tab and add the following as "Pass LAN->LAN" rules. > Pass 192.168.yy.0/24 to 192.168.xx.10 ports 515,631,9100 > Pass 192.168.yy.0/24 to 192.168.xx.2 ports 8880,8843 > The first rule corresponds to the printer protocols that we are publishing > across the LANs and allows any device on the guest LAN to connect to our > printer on our main network. The second rule enables guest devices to access > the UniFi controller on the ports it uses for the guest portal so guests can > authenticate. > > Restart mDNS/DNS-SD and restart the firewall. > > Now any device that connects to your guest network is able to discover and > print to your printer on your main network. > > This technique can also be used to make other services you might want to > share from your main network to a guest network, e.g. a Apple TV / AirPlay > device... add _airplay._tcp.local,_raop._tcp.local to the reflect filter and > set appropriate firewall rules to open access to the AirPlay device. > > David
Hi David, nicely documented. Very helpful if needed. Why don't you put this (e.g. on an "example" subpage) into our Wiki as well? Thanks Michael http://www.mksolutions.info ------------------------------------------------------------------------------ What NetFlow Analyzer can do for you? Monitors network bandwidth and traffic patterns at an interface-level. Reveals which users, apps, and protocols are consuming the most bandwidth. Provides multi-vendor support for NetFlow, J-Flow, sFlow and other flows. Make informed decisions using capacity planning reports. http://sdm.link/zohomanageengine _______________________________________________ Astlinux-users mailing list Astlinux-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/astlinux-users Donations to support AstLinux are graciously accepted via PayPal to pay...@krisk.org.
