Ubuntu/Linux: Use WiFi to access a specific LPD/LPR network print server and use Ethernet to access everything else

Question

I want to make traffic to a specified LPD/LPR print server (specified via URL) pass through the authentication and routing, gateway, etc for the WiFi interface, and keep all other incoming/outgoing outgoing traffic through the Ethernet interface.

Edit 1: I'm also happy to have a scripted solution that retrieves IP addresses and updates the routing table, if it's not possible to set this up in terms of the server's URL.

Configuration:

• Ubuntu 22.04.1 LTS system
• Ethernet and Wifi network interfaces are both present and correctly configured. They each dial out to different limited subsets of the Internet, but with different authentication, rules for port blocking, firewalls, address translation, etc.
• I can access a specific LPD/LPR print server via its URL over the WiFi interface. But, activating Ethernet as well as WiFi changes the routes and makes this server inaccessible.

Prior research

• I tried to follow this answer to route some traffic through the WiFi interface specifically. Copying the commands naïvely gave a SIOCADDRT: No such process error from the route command.
• I tried to follow this answer to work around it, and ended up with a routing table that ... looks plausible, but I still couldn't reach the server via the WiFi route if Ethernet was also enabled.
• traceroute never really completes. I think it needs authentication information for the print server to make it all the way to the final IP and port. But, I can see that the initial gateway for WiFi-only configuration is the one I want; In the Wifi+Ethernet enabled configuration this changes to the wrong gateway despite my attempted modifications to the routing table.

Other Stack Exchange Questions

• This related question does not apply, since it is about setting up a home printer with physical access to a router/switch.
• This question seems to have a vaguely related goal but seems to be for Windows, and has no answers.
• Stack Exchange thinks this question is related, but I'm pretty sure it's about briding or somesuch.
• This one is explicitly Windows.
• This question is in the same ballpark, and I have no doubt that "change the routing tables" is the correct approach, but I don't know exactly how to achieve what I want in Ubuntu/Debian Linux.
• Ditto here—routing tables are an answer but how?
• This answer may be applicable but I do not yet understand it.

---

Happy to provide more redacted details of configuration as requested if it will help. Flipping the network interface in order to print and back again after is fine, but I'm curious if I can get an even smoother solution.

Answer 1

Edit 1: I'm also happy to have a scripted solution that retrieves IP addresses and updates the routing table, if it's not possible to set this up in terms of the server's URL.

IP routing cannot work in terms of DNS names – the translation of domain to IP address is a separate step that can't easily be correlated with subsequent packets.

It's technically doable but not via regular IP routing; it would involve some kind of proxy/relay software (i.e. you connect to localhost and the program relays data).

It would actually be easier to set it up in terms of TCP port; e.g. if you're only connecting to this one LPR server, then you could make Linux use different routing for "TCP dst port 515" packets specifically.

I tried to follow this answer to route some traffic through the WiFi interface specifically. Copying the commands naïvely gave a SIOCADDRT: No such process error from the route command.

The overall approach seems right, but you probably specified the wrong gateway address. Make sure to specify the gateway that you get when connected only to the WiFi interface.

1. Disconnect Ethernet, leave Wi-Fi connected;

2. Run ip route to see what gateway you're using for the default route (look for the via XXXX dev wlan0 parameters of the default entry).

3. Connect Ethernet.

4. Run ip route add LPR_IP/32 via XXXX dev wlan0 src ZZZZ, where XXXX is the Wi-Fi network's gateway address and ZZZZ is your own Wi-Fi IP address (software will use it as a hint). Ideally you won't need the src ZZZZ part but in some cases it can definitely help.

If this works, then making it persistent is a separate topic; it depends on what you're using to configure network in general (NetworkManager? Netplan? Something else?)

You shouldn't need to add routes for the gateway itself, as it is by nature already locally reachable, so the via XXXX part should always be accepted by the system.

On a related note, when dealing with Linux systems, avoid the route command in general. (Likewise avoid ifconfig and netstat -r.) They work to an extent, but they are ports of BSD tools that haven't been updated for decades; the Linux-specific ip, while still arcane in its own ways, will at least show slightly better error messages and will omit less information (that the old tools don't know how to display).

traceroute never really completes. I think it needs authentication information for the print server to make it all the way to the final IP and port.

Doesn't work that way. IP packets don't carry authentication information for their travel – unless you were using IPsec, and IPsec is enough of a pain in the rear that you'd know if you were using IPsec (and if you were, then the above routing configuration will likely not work at all).

In all other cases, the only authentication is done either at the network boundary (i.e. your Wi-Fi password) or at the service itself (i.e. delivered to the LPR service as part of the LPR-specific packet data), whereas firewall rules in the middle have to rely on just the source/destination headers for authorization.

So if traceroute doesn't really complete, the most likely reason is simply that a firewall is blocking the traceroute probes by default, which is very common. (The Linux variant uses UDP probes on high-numbered ports; the Windows tracert uses ICMP probes that are less likely to be blocked.)

You can try traceroute -I to use the ICMP mode (more likely to go through, as it's the same packet type as 'ping' requests), or traceroute -T -p 515 to send TCP probes to the LPR port specifically.

Answer 2

Tools change over time, and some of the old answers contain stale information. For Ubuntu 24.04 on August 19, 2024, this solution using the ip route add command worked for me.

Here is a shell script that automates this process.

# Translate your server URL to an IP
PRINTSERVER_IP=`dig +short YOUR_PRINTSERVER_URL_GOES_HERE | tail -n1`
echo $PRINTSERVER_IP
Get the name of your WiFi interface
WIFI_DEVICE_NAME=iw dev | awk '$1=="Interface"{print $2}'
echo $WIFI_DEVICE_NAME
Get the gateway IP of your WiFi interface
GATEWAY_IP=nmcli device show $WIFI_DEVICE_NAME | grep "IP4.GATEWAY" | awk '{print $2}'
echo $GATEWAY_IP
Route your printserver IP through the WiFi gateway
sudo ip route add $PRINTSERVER_IP via $GATEWAY_IP
Check the resulting changes in the routing table
netstat -rn

Presently, I need to run this to modify the kernel's routing tables every time the machine reboots, or any of the network interfaces are toggled off and on again (system tools automatically rewrite the routing table when this happens).