Make wired printer's IP available to wireless network

Hi there,

I have attached my printer to the wired network. While this printer can be seen by the machines in the same subnet, the wireless devices don't. As the IP of the printer is set static there must be a way to make this IP being visible in the wireless LAN. I assume that the IP is enough as I am using the HP app on the mobile devices.

How can this be achieved?

Thanks

Please copy the output of the following commands and post it here using the "Preformatted text </> " button:

Remember to redact passwords, MAC addresses and any public IP addresses you may have:

cat /etc/config/network
cat /etc/config/wireless
cat /etc/config/dhcp
cat /etc/config/firewall

{
        "kernel": "5.4.154",
        "hostname": "OpenWrt",
        "system": "ARMv7 Processor rev 5 (v7l)",
        "model": "AVM FRITZ!Box 4040",
        "board_name": "avm,fritzbox-4040",
        "release": {
                "distribution": "OpenWrt",
                "version": "21.02.1",
                "revision": "r16325-88151b8303",
                "target": "ipq40xx/generic",
                "description": "OpenWrt 21.02.1 r16325-88151b8303"
        }
}
package network

config interface 'loopback'
        option device 'lo'
        option proto 'static'
        option ipaddr '127.0.0.1'
        option netmask '255.0.0.0'

config globals 'globals'
        option ula_prefix '####:####:b664::/48'

config device
        option name 'br-lan'
        option type 'bridge'
        list ports 'eth0'

config interface 'lan'
        option device 'br-lan'
        option proto 'static'
        option netmask '255.255.255.0'
        option ip6assign '60'
        option ipaddr '192.168.200.1'

config interface 'wan'
        option device 'eth1'
        option proto 'dhcp'
        option peerdns '0'

config interface 'wan6'
        option device 'eth1'
        option proto 'dhcpv6'
        option peerdns '0'
        option dns '0::1'

config switch
        option name 'switch0'
        option reset '1'
        option enable_vlan '1'

config switch_vlan
        option device 'switch0'
        option vlan '1'
        option ports '1 2 3 4 0'

config interface 'WIFI_50'
        option proto 'static'
        option ipaddr '192.168.160.1'
        option netmask '255.255.255.0'

config interface 'WIFI_24'
        option proto 'static'
        option ipaddr '192.168.150.1'
        option netmask '255.255.255.0'

package wireless

config wifi-device 'radio0'
        option type 'mac80211'
        option hwmode '11g'
        option path 'platform/soc/a000000.wifi'
        option htmode 'HT20'
        option country 'DE'
        option cell_density '0'
        option channel '13'

config wifi-iface 'default_radio0'
        option device 'radio0'
        option mode 'ap'
        option encryption 'psk2'
        option network 'WIFI_24'

config wifi-device 'radio1'
        option type 'mac80211'
        option channel '36'
        option hwmode '11a'
        option path 'platform/soc/a800000.wifi'
        option htmode 'VHT80'
        option country 'DE'
        option cell_density '0'

config wifi-iface 'default_radio1'
        option device 'radio1'
        option mode 'ap'
        option encryption 'psk2'
        option network 'WIFI_50'

package dhcp

config dnsmasq
        option domainneeded '1'
        option boguspriv '1'
        option filterwin2k '0'
        option localise_queries '1'
        option rebind_protection '1'
        option rebind_localhost '1'
        option local '/lan/'
        option domain 'lan'
        option expandhosts '1'
        option nonegcache '0'
        option authoritative '1'
        option readethers '1'
        option leasefile '/tmp/dhcp.leases'
        option resolvfile '/tmp/resolv.conf.d/resolv.conf.auto'
        option nonwildcard '1'
        option localservice '1'
        option ednspacket_max '1232'
        option confdir '/tmp/dnsmasq.d'
        option noresolv '1'
        option dnssec '1'
        option dnsseccheckunsigned '1'
        list server '127.0.0.1#5453'
        list server '0::1#5453'

config dhcp 'lan'
        option interface 'lan'
        option start '100'
        option limit '150'
        option leasetime '12h'
        option dhcpv4 'server'
        option dhcpv6 'server'
        option ra 'server'
        list ra_flags 'managed-config'
        list ra_flags 'other-config'

config dhcp 'wan'
        option interface 'wan'
        option ignore '1'

config odhcpd 'odhcpd'
        option maindhcp '0'
        option leasefile '/tmp/hosts/odhcpd'
        option leasetrigger '/usr/sbin/odhcpd-update'
        option loglevel '4'

config dhcp 'WIFI_50'
        option interface 'WIFI_50'
        option start '100'
        option limit '150'
        option leasetime '12h'
        list ra_flags 'none'

config dhcp 'WIFI_24'
        option interface 'WIFI_24'
        option start '100'
        option limit '150'
        option leasetime '12h'
        list ra_flags 'none'

package firewall

config defaults
        option syn_flood '1'
        option input 'ACCEPT'
        option output 'ACCEPT'
        option forward 'REJECT'

config zone
        option name 'lan'
        option input 'ACCEPT'
        option output 'ACCEPT'
        option forward 'ACCEPT'
        list network 'lan'
        list network 'WIFI_50'
        list network 'WIFI_24'

config zone
        option name 'wan'
        option input 'REJECT'
        option output 'ACCEPT'
        option forward 'REJECT'
        option masq '1'
        option mtu_fix '1'
        list network 'wan'
        list network 'wan6'

config forwarding
        option src 'lan'
        option dest 'wan'

config rule
        option name 'Allow-DHCP-Renew'
        option src 'wan'
        option proto 'udp'
        option dest_port '68'
        option target 'ACCEPT'
        option family 'ipv4'

config rule
        option name 'Allow-Ping'
        option src 'wan'
        option proto 'icmp'
        option icmp_type 'echo-request'
        option family 'ipv4'
        option target 'ACCEPT'

config rule
        option name 'Allow-IGMP'
        option src 'wan'
        option proto 'igmp'
        option family 'ipv4'
        option target 'ACCEPT'

config rule
        option name 'Allow-DHCPv6'
        option src 'wan'
        option proto 'udp'
        option src_ip 'fc00::/6'
        option dest_ip 'fc00::/6'
        option dest_port '546'
        option family 'ipv6'
        option target 'ACCEPT'

config rule
        option name 'Allow-MLD'
        option src 'wan'
        option proto 'icmp'
        option src_ip 'fe80::/10'
        list icmp_type '130/0'
        list icmp_type '131/0'
        list icmp_type '132/0'
        list icmp_type '143/0'
        option family 'ipv6'
        option target 'ACCEPT'

config rule
        option name 'Allow-ICMPv6-Input'
        option src 'wan'
        option proto 'icmp'
        list icmp_type 'echo-request'
        list icmp_type 'echo-reply'
        list icmp_type 'destination-unreachable'
        list icmp_type 'packet-too-big'
        list icmp_type 'time-exceeded'
        list icmp_type 'bad-header'
        list icmp_type 'unknown-header-type'
        list icmp_type 'router-solicitation'
        list icmp_type 'neighbour-solicitation'
        list icmp_type 'router-advertisement'
        list icmp_type 'neighbour-advertisement'
        option limit '1000/sec'
        option family 'ipv6'
        option target 'ACCEPT'

config rule
        option name 'Allow-ICMPv6-Forward'
        option src 'wan'
        option dest '*'
        option proto 'icmp'
        list icmp_type 'echo-request'
        list icmp_type 'echo-reply'
        list icmp_type 'destination-unreachable'
        list icmp_type 'packet-too-big'
        list icmp_type 'time-exceeded'
        list icmp_type 'bad-header'
        list icmp_type 'unknown-header-type'
        option limit '1000/sec'
        option family 'ipv6'
        option target 'ACCEPT'

config rule
        option name 'Allow-IPSec-ESP'
        option src 'wan'
        option dest 'lan'
        option proto 'esp'
        option target 'ACCEPT'

config rule
        option name 'Allow-ISAKMP'
        option src 'wan'
        option dest 'lan'
        option dest_port '500'
        option proto 'udp'
        option target 'ACCEPT'

config rule
        option name 'Support-UDP-Traceroute'
        option src 'wan'
        option dest_port '#####:#####'
        option proto 'udp'
        option family 'ipv4'
        option target 'REJECT'
        option enabled 'false'

config include
        option path '/etc/firewall.user'

# This file is interpreted as shell script.
# Put your custom iptables rules here, they will
# be executed with each firewall (re-)start.

# Internal uci firewall chains are flushed and recreated on reload, so
# put custom rules into the root chains e.g. INPUT or FORWARD or into the
# special user chains, e.g. input_wan_rule or postrouting_lan_rule.
lrwxrwxrwx    1 root     root            16 Oct 24 09:01 /etc/resolv.conf -> /tmp/resolv.conf
-rw-r--r--    1 root     root            47 Jan  6 15:07 /tmp/resolv.conf
-rw-r--r--    1 root     root            69 Jan  8 10:36 /tmp/resolv.conf.d/resolv.conf.auto

/tmp/resolv.conf.d:
-rw-r--r--    1 root     root            69 Jan  8 10:36 resolv.conf.auto
==> /etc/resolv.conf <==
search lan
nameserver 127.0.0.1
nameserver ::1

==> /tmp/resolv.conf <==
search lan
nameserver 127.0.0.1
nameserver ::1

==> /tmp/resolv.conf.d <==
head: /tmp/resolv.conf.d: I/O error

==> /tmp/resolv.conf.d/resolv.conf.auto <==
# Interface wan
nameserver 127.0.0.1
# Interface wan6
nameserver ::1

The printer supports the "Bonjour" protocol so I am able to see it in the wired network when calling:

lpinfo --include-schemes dnssd -v
network dnssd://HP%20Color%20LaserJet%20MFP%20M277dw%20(261505)._ipp._tcp.local./?uuid=######

On the wireless network, this command does not return anything.

I added the following rule to the file /etc/config/firewall:

config rule
        option name 'Allow printer access for WLan networks'
        option src 'WIFI_50'
        option dest 'lan'
        option dest_ip '192.168.200.114'
        option target 'ACCEPT'

but I am receiving the error:

/etc/init.d/firewall reload
Warning: Unable to locate ipset utility, disabling ipset support
Warning: Section @rule[10] (Allow printer access for WLan networks) refers to not existing zone 'WIFI_50'

Your firewall is configured to allow your local networks to connect to each other, so you should be able to make general connections and pings between the wifi and wired networks.

You do not need this rule at all

The above rule does nothing because the network are already allowed to connect to each other per this zone definition:

Where the forward = ACCEPT allows the three networks to be forwarded to each other. And you don't have any other rules that would prohibit inter-network routing.

Bonjour is an mdns based protocol which, by default, does not route between different subnets (it only works on the local subnet). You have 3 options:

1. Don't use Bonjour/autodiscovery for the printer. Instead, use the actual IP address. This will route normally between networks and should work properly.
2. Put everything on the same subnet. Based on your configuration, I can't see any specific benefit to having 3 unique subnets for your network (wired, 2.4G, 5G) as they have permissive routing allowed. The only benefit would be if you have a very large network and you need to limit the broadcast traffic to improve network efficiency. But assuming you have a 'normal' home network (even a somewhat large home network of ~100 devices or so), this should not really be necessary.
3. install an mdns reflector/repeater on your router and configure it to operate across the 3 networks. You'll find these in the opkg package list -- look for the various avahi variants.

OK, I went for option 2 and changed the two wireless networks to use the same IP range as lan but assigned different ranges in the dhcp settings:

config interface 'WIFI_50'
        option proto 'static'
        option netmask '255.255.255.0'
        option ipaddr '192.168.200.7'

config interface 'WIFI_24'
        option proto 'static'
        option netmask '255.255.255.0'
        option ipaddr '192.168.200.6'

config dhcp 'WIFI_50'
        option interface 'WIFI_50'
        option leasetime '12h'
        option start '150'
        option limit '200'
        list ra_flags 'none'

config dhcp 'WIFI_24'
        option interface 'WIFI_24'
        option start '100'
        option limit '150'
        option leasetime '12h'
        list ra_flags 'none'

Now, I cannot access the internet from wireless anymore and the printer is still not visible....

if you want to use the same IP subnet then the networks need to be bridged. Alternatively if you want them to be routed, you can't easily use the Bonjour protocol (it might be possible with some multicast magic, but I would question why you want separate subnets first)

You can't have multiple networks with overlapping subnets. And you can only have a single DHCP server on a network (you won't be able to set specific ranges for wired vs 2.4G vs 5G clients). If you want to make everything one network, you simply do the following:

Delete these:

And modify the radio settings:

First of all: thank you very much for your help!

After performing the changes and restarting the firewall, wifi, network, ... I am now accessing the internet AND I do see the printer on every device.

Awesome!

This topic was automatically closed 10 days after the last reply. New replies are no longer allowed.