I recently set up my home network with a “IOT” subnet. This is configured with my new UDM Pro SE, which has a 2.5 GBE WAN port and built in PoE which I quite like. Basically:
- Separate subnet (10.29.1.1/24 instead of 192.168.1.1/24 for the main subnet)
- Firewall rules to:
- Permit traffic from the IOT subnet to the other subnet
- Block traffic out to the WAN
I verified that I could connect between the two and not to the internet, and I assigned it to some of the ports on the UDM Pro SE.
For whatever reason, enterprise class printers don’t seem to be a huge fan of getting the scanner to work over AirPrint which was a bit annoying. As a result, I wanted the printer (which is located in the IOT subnet since printers shouldn’t phone home to Russia) to scan to a SMB share on the main subnet.
I maintain an old Windows laptop with RDP for running windows applications and browsing over RDP from my work laptop when I don’t want the mothership company to see my personal info. I simply created an SMB share there, and figured the printer could scan to that share. NOPE!
Windows 10 by default sets up firewall rules for SMB which define that the SMB related processes can only be connected to from the local subnet. Thus I could not connect to my SMB share from the DMZ subnet (although RDP worked fine).
To fix this, opened the magical firewall msc application:
For each of these SMB things, I modified it so that any subnet which can connect to SMB can connect to the shares:
Now it works! Hopefully you’ll find this helpful.