Bonjour (IPP & Samba) Bridging Fails After 24 Hours
-
After about 24 hours PFSense sense stops Bridging my Samba and IPP Traffic Over Bonjour. The SSH/SFTP services seem to still work over Bonjour. I am determining this via the "Bonjour Browser." Anyone ever seen this? It's starting to drive me nuts. I can fix it by restarting the PFSense box, but I'd like to find a permanent solution.
-
Bonjour is just a discover service (zeroconf), with avahi as the open source implementation, it doesn't provide any connectivity. I also didn't think it was available as a packge for pfSense (and miniupnpd doesn't seem to support zeroconf).
Knowing details of your setup would be useful. What version of pfSense are you running? What does your network look like? When you say "bridging", do you mean that you've bridged interfaces?
-
I have a PCEngines WRAP. It has 2 eth ports and a wireless card. ETH0 => WAN, ETH1 => LAN, Wireless => Bridged w/ ETH1. In the firewall rules I have an allow all in both the Wireless section and the LAN section. DHCP etc are setup on the LAN side. Everything works fine including bonjour for about 24 hours, then it just stops working. PFSense is the latest 1.2 release. I also think that in theory it doesn't matter if PFSense supports bonjour or not since all it is really doing is bridging the broadcast traffic correct? I have UPNP turned on for other reasons (iChat), and everything else works correctly. Anything else you need?
-
So, if you're bridging and both the LAN and Wireless interfaces have a rule to allow all traffic to the other interface then Bonjour is a red herring ;)
With your 24 hour problem, what happens if you change the default DHCP lease from 24 hours to, say, 1 hour? Does the problem start happening after an hour?
-
I looked at the DHCP settings and I have it set to the default. So a 2 hour default and a 24 hour max. I am going to try playing with the time some more, but it didn't seem to have an impact. It just seems that the pfsense box stops bridging ANYTHING (I thought it was just Bonjour), but it seems to be all bridging. A bit more about my setup. I have Static ARP turned on in the DHCP server and have all my computers statically assigned. It just seems a bit odd that everything else would continue to work except bonjour (e.g. seems like broadcast traffic isn't going across or something). I also tried manually refreshing the DHCP leases and still no go. It seems the only way to repair it is to reboot the pfsense. Any other settings I should look at? Could it be a routing table problem?
-
After some more research the timeout didn't seem to effect it. It set it to 2 minutes and nothing happened. Could it be related to the static ARP?
-
It could be many things ;)
The reason for checking the lease is that when a client can't contact the DHCP server it'll keep using the allocated IP until the lease expires.
Why did you enable static ARP? Have you tried disabling it?
-
Security…. I'm going to try disabling it. And after playing with it a bunch more today it seems that ping does still work after bonjour fails. So it may well have to do with the ARP stuff.
-
I have tracked it down …. I think, but I'm not sure how to fix it.... the firewall logs show....
Nov 8 17:30:44 pf: 000185 rule 68/0(match): block in on ath0: (hlim 255, next-header: UDP (17), length: 331) fe80::223:6cff:fe82:a0c9.5353 > ff02::fb.5353: [|domain]
Nov 8 17:30:44 pf: 000563 rule 68/0(match): block in on bridge0: (hlim 255, next-header: UDP (17), length: 331) fe80::223:6cff:fe82:a0c9.5353 > ff02::fb.5353: [|domain]port 5353 is the mDNS protocol. But I have a rule on both the Lan and Wireless Interfaces to allow ALL traffic. Any ideas?
-
Have you enabled uPNP?
-
Yep. It is enabled on LAN & Wireless Interfaces with Default options.