I want to set up a computer as a dedicated firewall with 3 NICs (external internet, internal LAN and a DMZ for a wifi router) for a small office network. Will probably use Untangle Firewall software or such on the dedicated firewall computer.
What I am trying to do is figure out the firewall's topology, IP ranges and rules / forwarding that would allow untrusted laptops visiting the office to connect to the wifi router in the DMZ, access the internet and also print to the networked HP printer on the internal LAN without giving the visiting laptops access to anything else on the trusted LAN.
I imagine have to do this via creating appropriate ranges and possibly rules or exclusions or port forwarding on the firewall but I have little experience at the particulars of this.
I would appreciate if anyone could advise me at to the topology, steps and particulars of getting the DMZ > LAN printing working or refer me to detailed info on the subject.
I would think it would be a common need for small offices but can't find much material on the subject.
I do understand that such would slightly weaken the firewall but feel that I would gain more security overall.
The work around I used was to connect an alternate IP printer as both an IP printer and a windows shared USB printer. The IP side is on the DMZ side and the USB is on the protected LAN side. That way people can print to at least this printer from both zones of our segmented system. All the visiting laptops print via the DMZ / IP printer connection.