Getting Two Networks to Access One Printer

Post new topic   Reply to topic    DD-WRT Forum Index -> Broadcom SoC based Hardware
View previous topic :: View next topic  
Author Message
Skirmisher111
DD-WRT Novice


Joined: 08 Jul 2012
Posts: 1
PostPosted: Sun Jul 08, 2012 18:29    Post subject: Getting Two Networks to Access One Printer Reply with quote
I started working at a small library and currently the public access and staff computers are on the same network. I want to to split these into two separate networks while still being able to access one printer.
My current layout is a WRT54G with build 14929 firmware as the gateway. One LAN port goes to a Sputnik enabled router that is a WAP for public wireless use that allows us to fulfill a State requirement of counting wireless users. The other LAN port goes to a Linksys 54G with the original factory firmware(not DD-WRT)that all computers and printers are connected to.
I could set up two VLAN's on the WRT54G one connected to the public computers and the other to the staff computers but how do I get both VLAN's to access one printer? This is a small public library and cost is an issue so I need to work with what I have or incur very little additional cost.
Back to top View user's profile Send private message
Sponsor
TreborG2
DD-WRT Novice


Joined: 20 Jun 2010
Posts: 20
PostPosted: Mon Jul 09, 2012 2:52    Post subject: Reply with quote
Public = Outside
Patron = library patrons
Staff = library staff

If you put the printer into the Patron network, they would be more easily able to "see" it, however it also means its more easily abused.

Putting it into the Staff Network, means its easy to see by staff, and you need only open ports from the patron network for the printer.

In the patron router, you would put a static route for the ip address of the printer, pointing to router for staff, which then forwards into the printer.

You want the patron router to know three things.
1) the gateway
2) about the patrons
3) the single route for the single ip address that maps to the Staff Printer

In a best case scenario, you would have two or more public IP addresses, one for patron, one for staff. Thus the patron router does NAT for patrons, the staff router does NAT for staff ... and neither gets natted behind your gateway ... a Double NAT is a bad thing for many reasons..

If you can't get more than 1 ip address.. then you have to have your gateway NAT for all, and still setup two networks, the gateway then has to route, and perform the firewall blocking access from patron to staff, and vice versa, except for the printer ip.

If you've followed a modified version of this:
http://www.dd-wrt.com/wiki/index.php/VLAN_Detached_Networks_%28Separate_Networks_With_Internet%29

then all you're left with needing is routing (permitting) the printer access.

And if you have done the VPN'ing link.. you may already have another option, patrons, printers, staff ... three separate subnets.. though that adds to wiring complexity unless you have a good wiring closet.

Then, just need to update IPTables allowing one ip through.
Back to top View user's profile Send private message
Display posts from previous:    Page 1 of 1
Post new topic   Reply to topic    DD-WRT Forum Index -> Broadcom SoC based Hardware All times are GMT

Navigation

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You can attach files in this forum
You can download files in this forum