I am using shorewall firewall. My firewall have two interfaces: External interface 192.168.9.254 and Internal Interface 192.168.1.1. I have a printer (HP) 192.168.1.200. I want to share my printer with PCs in subnet 192.168.9.*. I use static nat : /etc/shorewall/nat 192.168.9.250 eth0 192.168.1.200 No No And i open all ports for net to local:192.168.1.200 and all ports for local:102.168.1.200 to net. However, it doesnot work. I use a PC in subnet 192.168.9.* to ping 192.168.9.250 then I receive the message "Request time out". What am I wrong? Please help me! Thanks. Phuoc H Nguyen
Mr. Nguyen wrote:> I am using shorewall firewall. My firewall have two interfaces: External > interface 192.168.9.254 and Internal Interface 192.168.1.1. > I have a printer (HP) 192.168.1.200. I want to share my printer with > PCs in subnet 192.168.9.*. I use static nat : > /etc/shorewall/nat > 192.168.9.250 eth0 192.168.1.200 No No > And i open all ports for net to local:192.168.1.200 and all ports for > local:102.168.1.200 to net. > However, it doesnot work. I use a PC in subnet 192.168.9.* to ping > 192.168.9.250 then I receive the message "Request time out". > What am I wrong?If you are trying to use SMB printer sharing, I don''t think it will work. I know of no way that clients in 192.168.9.* will be able to find the printer at 192.168.9.250/192.168.1.200. -Tom -- Tom Eastep \ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \ teastep@shorewall.net
Tom Eastep wrote:> Mr. Nguyen wrote: > >> I am using shorewall firewall. My firewall have two interfaces: >> External interface 192.168.9.254 and Internal Interface 192.168.1.1. >> I have a printer (HP) 192.168.1.200. I want to share my printer with >> PCs in subnet 192.168.9.*. I use static nat : >> /etc/shorewall/nat >> 192.168.9.250 eth0 192.168.1.200 No No >> And i open all ports for net to local:192.168.1.200 and all ports for >> local:102.168.1.200 to net. >> However, it doesnot work. I use a PC in subnet 192.168.9.* to ping >> 192.168.9.250 then I receive the message "Request time out". >> What am I wrong? > > > If you are trying to use SMB printer sharing, I don''t think it will > work. I know of no way that clients in 192.168.9.* will be able to find > the printer at 192.168.9.250/192.168.1.200. >That is to say, you won''t be able to access the printer by the SMB name of 192.168.1.200... -Tom -- Tom Eastep \ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \ teastep@shorewall.net
Tom Eastep wrote:> Mr. Nguyen wrote: > >> I am using shorewall firewall. My firewall have two interfaces: >> External interface 192.168.9.254 and Internal Interface 192.168.1.1. >> I have a printer (HP) 192.168.1.200. I want to share my printer with >> PCs in subnet 192.168.9.*. I use static nat : >> /etc/shorewall/nat >> 192.168.9.250 eth0 192.168.1.200 No No >> And i open all ports for net to local:192.168.1.200 and all ports for >> local:102.168.1.200 to net. >> However, it doesnot work. I use a PC in subnet 192.168.9.* to ping >> 192.168.9.250 then I receive the message "Request time out". >> What am I wrong? > > > If you are trying to use SMB printer sharing, I don''t think it will > work. I know of no way that clients in 192.168.9.* will be able to > find the printer at 192.168.9.250/192.168.1.200. > > -TomThanks Tom. My printer have just worked well. I donot know why. Phuoc H Nguyen
On Mon, 2004-08-02 at 23:39, Tom Eastep wrote:> Mr. Nguyen wrote: > > > I am using shorewall firewall. My firewall have two interfaces: External > > interface 192.168.9.254 and Internal Interface 192.168.1.1. > > I have a printer (HP) 192.168.1.200. I want to share my printer with > > PCs in subnet 192.168.9.*. I use static nat : > > /etc/shorewall/nat > > 192.168.9.250 eth0 192.168.1.200 No No > > And i open all ports for net to local:192.168.1.200 and all ports for > > local:102.168.1.200 to net. > > However, it doesnot work. I use a PC in subnet 192.168.9.* to ping > > 192.168.9.250 then I receive the message "Request time out". > > What am I wrong? > > If you are trying to use SMB printer sharing, I don''t think it will > work. I know of no way that clients in 192.168.9.* will be able to find > the printer at 192.168.9.250/192.168.1.200. > > -TomLet me preface this by saying that I am just now starting the process of setting up shorewall. So there may be something particular with that environment that may make the following mute. For SMB sharing (file or printer) across LAN segments you need a couple of things. The router needs to be able to forward netbios traffic. On Cisco devices they call this a helper address. Another way to handle this is to have a wins server on the network that all devices use. The wins server acts as a name resolution service that matches the netbios names to IP addresses. In a multi-LAN environment a wins server is almost always needed if you are trying to share resources between different LAN segments. Your clients must use the Lan Manager over TCP/IP settings for this. That being said, the OP''s original message appears to indicate that he does not have basic TCP/IP connectivity. The firewall needs to have routing enabled and rules that permit traffic to pass from one segment to the other and back. Running something like ethereal on the machines on each segment should prove if the packets are getting through or not. The other thing to check is the default gateway settings on each device. They need to send packets to the firewall between the two segments. If you have a different default gateway then a static route needs to be added to each device to point to the gateway between the LAN segments. Hope that helps. -- Scot L. Harris webid@cfl.rr.com Fudd''s First Law of Opposition: Push something hard enough and it will fall over.