In my setup I have the opnsense router connected to the ISP modem. Connected to one of the physical interfaces on the opnsense router is a second router. Connected to that second router is a printer. I want to access that printer from other interfaces on the opnsense router. Can I:
1. Define that second router's IP as a gateway
2. Define a route for the ip of the printer as going to the gateway defined in step 1
How do I keep internet requests from going to the second router?
If this doesn't work does anyone have any other ideas?
The second router needs a route to your LAN via OPNsense and OPNsense needs a static route to the printer via the second router. You need firewall rules for your printer protocol(s). Run a packet trace to see what is going on - Interfaces: Diagnostics: Packet Capture
Wireshark is your friend https://www.wireshark.org/
Bart...
As far as OPNsense is concerned, you can do that. No "internet requests" would be affected, since those wouldn't be destined for the IP address in your static route. Whether or not access to the printer works depends a lot on what "second router" is doing... Is it use OPNsense as its default gateway? If not, it'll need a route back to whatever is trying to access the printer. Is it doing NAT? That may or may not be an issue, depending on how it handles incoming connections...
For the benefit of anyone else trying to do this I did get it to work defining the second router as a gateway and defining a route for the ip of the printer going to that gateway. A few gotchas I had to get around:
1. The route configuration requires a network so I had to put in the ip as 192.168.xxx.xxx/32.
2. Do not define the gateway as an upstream gateway.
3. On the second router define a port forward to the ip of the printer for the protocol and port used by the printer. I had to define two since the printer uses both TCP and UDP. Initially I only defined the UDP protocol and it didn't work.
4. Define firewall rules on the interface sending the print requests to allow the requests to go through
Thank you all for your responses.
There's a few further optimisations you can make:
Ad 1. use the real subnet mask of the network so you can access more devices on it
Ad 3. you should not need NAT since both networks are RFC 1918