printing from a different subnet question

Toggle sidebar Toggle sidebar
L

lagger

Distinguished
Jan 19, 2001
1,922
0
19,780
have a network attached printer ( a Ricoh Laser ). I want
to print FROM a different subnet . The devices that are on the same
subnet can print to the printer just fine. But I cannot see the printer
from a different subnet ( I have more than one router on my home
network ) . So I have to find the router config that will let me
print from one subnet to a printer that is on a different subnet.

any ideas on how to go about this ?

Thanks

 
G

Guest

Guest
You can't due to the fact that private IP addresses are non-routable. You need to have just one subnet.

Grumpy
 
J

JustAGuy51

Distinguished
Oct 1, 2008
180
0
18,690
Actually, you can print from different subnet, whether or not private IP's are used. Ignore the following phrases, intended for google search hits

gateway return icmp host unreachable
router not forward icmp redirect

There are 2 parts for answer: network part and setting up printer part. Gateway, hereafter, means not the cheap SoHo off-the-shelf routers; it means manually configurable ones like Cisco or Linux or BSD gateways.

For the network part, lets say there are gw-A and printer-A in subnet A and gw-B and node-B in subnet B. node-B tries to print to printer-A. printer-A has gw-A as gateway and properly set up IP address but it does not have any ARP entry matched to any IP address in subnet B (and you as an admin cannot put in any static route in printer's host routing table). Here is what happen:

1) node-B prints to printer-A. The packet goes to gw-B which in turn, forwards it to printer-B. gw-B has interfaces in both subnets

2) printer-A replies but when it does, it looks at source IP and finds that it is not in the same broadcast domain. So printer-A sends the packet to its default gateway, gw-A. gw-A has, for i.e, an interface in Internet and in subnet A.

3) gw-A, upon receiving given-up packet from printer-A, consults its routing table and finds that gateway for destination net is gw-B and forwards the packet to gw-B. This is critical point. gw-A CANNOT modify packet's source or destination IP (using for i.e SNAT/DNAT in iptables or nat/rdr in pf) or else the packet will be dropped. So how does it forward to gw-B without IP? Using ARP address of gw-B! If you are still vague, google on ARP IP interactions.
gw-A will also send icmp redirect to printer-A saying a better route is via gw-B. Due to this, printer-A will send directly to gw-B in the future (until its ARP entry expires).
If you are stuck at this point, there are only 2 most likely causes. One is your firewall rules on gw-A are dropping this given-up packet or you have disabled icmp redirects on gw-A. To troubleshoot, run tcpdump at gw-A interface to subnet A.

4) gw-B will then forward the packet to node-B. Viola, everybody's happy!

5) Btw, alternative solution to this network part is to enable NAT on gw-B's subnet A interface. Then, you won't have to deal with this troubleshooting mess. But there are some disadvantages to this approach.

Here is the printer part! This seemingly easy part took out a couple of hours from me. There are 3 ways to set up printer in Windows: local, network, via http.

1) If you try to set up via network, it WON'T work. Why? That network setup assumes one broadcast domain (a.k.a one subnet). Even if you use printer software that comes with printer, the same assumption applies

2) Via http? It will work (in my case) only if you have print server in front of the printer. The printer will connect to print server which will connect to the network. This case is not considered since I don't have print server.

3) Normally, people think of local as printer has to be physically attached. Only partially correct. This is the correct way to set up a printer located in different subnet. In Windows XP, go to Add Printer > Local printer (uncheck auto-detect box) > Create A New Port > Select TCP/IP > [Next] > Type in IP address and follow the rest of instructions to load the driver.

I hope my post saves countless hours of people time. Have fun!!!
 
J

JustAGuy51

Distinguished
Oct 1, 2008
180
0
18,690
I like to add one minor thing for network part #3:

Not only your firewall rules need to allow given-up packet but also allow that packet and subsequent packets to go back out of the same interface to gw-B.
 
S

samerium

Distinguished
Oct 5, 2011
1
0
18,510
Quick question:

3) Normally, people think of local as printer has to be physically attached. Only partially correct. This is the correct way to set up a printer located in different subnet. In Windows XP, go to Add Printer > Local printer (uncheck auto-detect box) > Create A New Port > Select TCP/IP > [Next] > Type in IP address and follow the rest of instructions to load the driver.

In this section, what would you enter for the IP address if the print server is on DHCP?
 
J

JustAGuy51

Distinguished
Oct 1, 2008
180
0
18,690


You should assign your print server a static IP. For other situations, you need to find out the IP address currently assigned to the printer server. Use Nmap (or Zenmap) to scan the network so that you can easily get the IP instead of going through all IPs one by one.
 
A

adamjab

Distinguished
Dec 1, 2011
2
0
18,510
I sort of have the same situation.

I have a main (modem/4port Router0) with two routers connected to it (Router1) and (Router2) Now I want my computer thats on R1 to see the printer on R2. Well that should be easy. Im guessing all I have to do is get onto R2 and setup a DMZ for the printer IP. That will basically expose the Printer and everything should work.

But what if I had two printers on R2. Would I have to setup additional port forwarding or routing. I have to idea about routing and that sounds like something that could do this. I just need someone to point me in the right direction.
 
A

Anonymous 101

Honorable
Mar 7, 2012
1
0
10,510



If you have routed out your network and you can ping the PC 's on subnet A from subnet B you should be able to use the printer on subnet A write?
 
J

JustAGuy51

Distinguished
Oct 1, 2008
180
0
18,690


Sorry to reply so late. Hopefully, it will help others.

My original post in 2008 depicts the following situation:
1. Network A is the outermost network with gw-a having interface to the Internet
2. Network B is an internal network residing inside Network A. Gw-b is another node just like printer-A
3. Printer-A is residing in net-A while node-B is residing in internal network B.

In your situation, with the network behind the modem being outermost network, R1 and R2 are 2 internal networks. In that case, all you have to do is to have static routes pointing to each other. For i.e R1 will have static route to R2 and R2 will have static route to R1.
1. You do not need network address translation (NAT) implemented at R1 and R2. Modem is taking care of NAT
2. You don't need to mess with ARP and IP interaction since you only need to consider Layer 3, aka gateway to gateway interaction

 
J

JustAGuy51

Distinguished
Oct 1, 2008
180
0
18,690


Right.

If those 2 subnets are under one gateway or one entity containing all the gateways (i.e switch stack operating at layer 3), everything should work out.
If 2 distinct gateways involved, depending on how they are set up, you may need to worry about ARP.

 
S

scorpio0679

Reputable
Aug 24, 2014
1
0
4,510


Justaguy51,

Your post was very helpful and I wound up solving my issue (wanting to share a printer across two subnets) primarily based upon the information you provided. I wanted to post briefly on how I solved it because it might provide a quicker/better solution in some instances.

My gateway router, which is behind a cable modem set up in bridge mode, is a SonicWALL TZ 105. The reason for this specific setup is to provide an "always on" Site-to-Site IPSec VPN bridge between my home office (Interface X0) and my business main office while separating the home network (and all of the associated dirty devices). There are three interfaces configured: X0, which is the "Clean" LAN (wired only, and bridged by IPSec VPN to my main office), X1 (WAN), and X2 (Dirty LAN, the home network with WAPs configured).

The printer I have set up in my home office is a Lexmark CX410de, a very nice color printer. My wife wants to be able to scan/print/etc. and to use the http/https web interface.

The X0 interface is configured as 10.1.1.0; the X2 interface is configured as 10.1.2.0. The printer host IP address is 10.1.1.11.

The solution I came up with was to add two static routes between the printer host IP and X2 subnet, and between the X2 subnet and the printer host IP. In SonicWall OS, it is set up as follows:

Source: X2 Subnet
Dest: 10.1.1.11
Service: Any
Gateway: 0.0.0.0
Interface: X0
Metric: 1

Source: 10.1.1.11
Dest: X2 Subnet
Service: Any
Gateway: 0.0.0.0
Interface: X2
Metric: 1

Once the static routes were set up, I was able to ping the printer and access the web server of the printer by entering the IP address of the printer in the browser or ping. However, at this point it was impossible to "add" the printer as a device using any of the methods described in your post. The printer just would not "take" as I believe the response packets were being dropped, for the reasons you describe.

At this point, what I did was create a NAT Translation policy, as follows:

Source:
---Original: X2 Subnet
---Translated: Original
Destination:
---Original: 10.1.2.11 (a "virtual" IP address for the Lexmark CX410de )
---Translated: 10.1.1.11 (the actual IP address for the Lexmark CX410de )
Service:
---Original: Any
---Translated: Any
Interface:
---Inbound: Any
---Outbound: Any

Once this NAT policy was set up, I dumped all of the non-permanent ARP entries in the SonicWall TZ 105 cache.

From my laptop, which has Windows 8.1 installed, and which was connected to the "Dirty" X2 subnet, I then went to "Add Printer". To my surprise, the Lexmark appeared as an available printer which was "discovered" by Windows, with the virtual IP address of 10.1.2.11. My theory as to how Windows discovered the printer is by sniffing all IP addresses in the home subnet and when it hit 10.1.2.11, the SonicWall translated and sent the packet to the printer.

Setup from here was as if the printer was installed on the local subnet. Great! For my wife's computer, running Windows 7, it did not immediately autodiscover the printer but setup went fine by entering the "virtual" IP address as a Network printer.

Thanks for your post and I hope what I've posted here helps others as well!

scorpio0679
 
A

Aris Lampridis

Reputable
Dec 16, 2014
1
0
4,510
Man u are so f...ing GREAT! As simple as connecting my USB phone to my laptop.. GUYS/GIRLS, no need to read all the technical networking instructions that describe this as climbing Everetst! . This WORKS LIKE A CHARM, at least on Win 8.1



 
T

theclawfr

Reputable
Feb 27, 2015
2
0
4,510
Hi everyone,

I've got a rather similar question:

One of the offices of my company has an internet access, a wireless router and laptops connected to the WAN but using a VPN to connect to our company network.

They have a printer connected to the DLink router and can't print on it from the laptops which are in the VPN. That sounds normal to me but do I have a way to allow the printer to be printed on ?

Thanks
 
A

Alabalcho

Titan
Jan 13, 2011
14,019
435
76,290
WHen you use VPN, usually all of the client' traffic is routed thru the tunnel. You should set explicit route to the printer which will take precedence of the default gateway.
How this is done depends on VPN client used, and client OS itself.
 
You must log in or register to reply here.

TRENDING THREADS

Latest posts

Moderators online

Share this page

COMPANY
RESOURCES
FOLLOW
Top Bottom