Printing to a printer on another local network across a Netgear router

[timeshifter]

I'm having trouble envisioning this will work. My client, a small to medium sized business has a network. A vendor of lab equipment has their own network of stuff inside our network. Essentially they plug the WAN port of their Netgear router in to our local subnet then connect their computer(s) and other devices to their own local subnet behind the Netgear. Their machine can get to the Internet and they can remote control their system from their HQ too. Sure, their doing double-NAT but it works for them. Been on our network for years like this.

Now we're planning to print to a printer on our network from their network. It's making my head spin. I guess my understanding of networking is just enough to get by. They claim that if I just tell them the IP address of the printer and provide drivers then they can print to it. They didn't imply that they would have to do any route statements in their router.

A computer on their network (say it's 10.0.0.22) can print to a printer on our network (call it 192.168.0.55). The device in between is a consumer style Netgear router of recent vintage. Our printer is on the WAN side of this network.

Can this really work?

 

[YeOldeStonecat]

When double NAT'ing....with basic NAT routers, all outbound traffic is trusted and allowed. Typically computers inside the second router can access anything in the network in front of them. The routing will handle it...give it a try, add as an IP printer.

 

[mikeroq]

Like Stonecat said. It's like how your main router goes out to the internet. You can access everything going out. It's the other direction that's more complex.

 

[Diggs]

Typically computers inside the second router can access anything in the network in front of them.

Depending on the router and the settings. Some can run the subnet in isolation which wouldn't let the subnet see the main network resources. Browse the settings.

 

[NETWizz]

When double NAT'ing....with basic NAT routers, all outbound traffic is trusted and allowed. Typically computers inside the second router can access anything in the network in front of them. The routing will handle it...give it a try, add as an IP printer.

Yes, that is all true that the inside 10.0.0.0/?? can get to the 192.168.0.0/24?? network at least with regard to trust.

The reason it gets out is because the router goes... 192.168.0.55 is not me, so I have a default route. Let me just forward it out to the Internet, which in this case merely means the WAN port and the router cross-fingers... Now I could see a home router dropping this traffic because it is technically an RFC1918 (private), and these are generally meant for Internet, but let's just assume that works.

The printer 192.168.0.55 sees the packets if it doesn't drop RFC1918's before sending them. Wireshark could check for sure.

The communication to a printer is generally from an ephemeral port to a port like 9100 It works like this...

10.0.0.22:12345 --> 192.168.0.55:9100 ("Hola... Aloha... Print this for me...")

It NEEDS to be Bi-Directional to work though, and This is likely your problem.

192.168.0.55:9100 --> 10.0.0.22:12345 ("Okay... If you acknowledge two-way communication with me, I will print for you.)


Let's break that down:

• the printer knows it needs to respond can can do that only from 192.168.0.55
• The printer knows 10.0.0.0/?? is not a subnet on its Local-Area-Network
• The printer therefore looks at its default-gateway say 192.168.0.1/24 and ARPs for the MAC address of that GW
• The Layer-4 TCP socket (/w ports) is 192.168.0.55:9100 --> 10.0.0.22:12345
• Layer-3 is still simple packets 192.168.0.55:9--> 10.0.0.22 ,
• BUT Layer-2 the printer is changing the MAC address to deliver the FRAMES containing the above PACKETS to ITS router on the 192.168.0.0/24 LAN Subnet.
• Next the outer router above the Netgear.. (i.e. the One with directly-connected network 192.168.0.0/24) receives the packets and examines them...
• Does it know where 10.0.0.0/?? is located? If not, it probably hits the default-route and gets forwarded out the Internet or dropped as an RFC1918 for being a private address. (Connection CAN Break here)
  • Maybe it is only returning from source port 80, 443 etc but not 9100 (printing??)

Most likely your Netgear is stateful enough to let the traffic back in for an established TCP, so I would expect it to print if the routes above are good assuming the printer sends it to the outer router.

What I don't know is how the Internet would be working work if there is no return route (unless it is port filtered), but you never said a word about the Internet... maybe they don't even have that.


Bottom line:

You will need to look at the configuration of both devices and the printer to figure out why it is not working.

It IS possible there is a simpler explanation:

If the printer is missing a Default-Gateway... It will print fine from computers in the same Local Area Network subnet 192.168.0.0/24, but when it sees the job sourced from 10.0.0.0/?? it will simply drop the packets vs forwarding them to its router, which would probably know how to find you if you get Internet through it for your 10.0.0.0/?? subnet.

That said this 192.168.0.55:9100 --> 10.0.0.22:12345 breaks if there is no Default-Gateway configured no the printer...


Hope this helps.

***

If you take a look at everything and it is not obvious (it probably will be easy to fix), you can always validate how it is working with Wireshark but this is probably not going to take but 5 to 10 minutes to fix once you have access to everything.