Thu Jul 5 13:31:34 EDT 2012

Printer on guest network

After moving to new network setup the network printer is no longer
accessible from guest network.  It seems safest to move it back to
guest by untagging a particular port, or to just transport only the
secure net and have the rest be insecure.

For now I just add an IP-specific rule for the printer:

for if in $IF_GUEST; do
    for ip in $GUEST_IP_OK; do
        $IPTABLES -A FORWARD -i $if --dst $ip -j ACCEPT

Fix should be something like this:

# Switch port 0 ("wired 4" on case) is printer which is accessible to
# untrusted net VLAN0.  Rest of the ports is trusted network with
# encapsulated untrusted VLAN11.
echo '   1  2  3  8t' >/proc/switch/eth0/vlan/0/ports ; \
echo '0  1t 2t 3t 8t' >/proc/switch/eth0/vlan/11/ports