MDNS across two interfaces WITHOUT Avahi - help !
-
Kindly post the relevant configuration screenshots here.
I had gone to bed last night when you posted this question. My screenshots and scenario mimick exactly the poster's scenario above. Two subnets and trying to get mDNS packets between them.
-
I'd also like to mention that I've checked off "allow packets with IP options to pass". See additional screen shot.
 -
What I am noticing is a lot of IPv6 traffic with port 5353 attached to it getting blocked at the firewall. Not sure if Apple is implementing mDNS via IPv6 and that's why it's not routing.
Port 5353 is used by mDNS in Apple's implementation. http://support.apple.com/kb/TS1629?viewlocale=en_US&locale=en_US
Or, I could be completely lost, which is how I feel. :)
 -
Are you running IPV6?
-
-
Well, since you are blocking the traffic by disabling IPv6… mDNS is using multicast to 224.0.0.251 and FF02::FB - http://tools.ietf.org/html/rfc6762
-
Well, since you are blocking the traffic by disabling IPv6… mDNS is using multicast to 224.0.0.251 and FF02::FB - http://tools.ietf.org/html/rfc6762
I am confused as to what IPv6 has to do with my mDNS problem? Nothing of mine talks IPv6 and mDNS has been around much longer than IPv6 became mainstream.
-
Oh really? So the traffic comes from… hmmm, another galaxy? :D Pretty much every OS out there is using IPv6 by default these days.
-
Hey - You were nicer than normal that time. It does make for alot of noise in the logs though doesn't it?
-
Yeah, it does. There's a checkbox somewhere in log settings to disable the default rule logging, plus a bunch of others.
-
Got it… Thanks.
Status > System Logs > settings
-
Oh really? So the traffic comes from… hmmm, another galaxy? :D Pretty much every OS out there is using IPv6 by default these days.
So is this a solution ? Do we have to have IPv6 enabled to make mDNS work ?
-
I don't use mDNS nor any Apple device for anything => no such nonsense needed here. As stated by the linked RFC (written by Apple itself, BTW), it uses both IPv4 and IPv6.
-
I don't use mDNS nor any Apple device for anything => no such nonsense needed here. As stated by the linked RFC (written by Apple itself, BTW), it uses both IPv4 and IPv6.
So what's with the hoohaa about me not using IPv6 ?
-
Sigh. I merely replied about the logspam of IPv6 traffic posted in this post. The reply was not aimed at you personally at all, not sure why you've taken is as such or what's the subsequent noise about even. IPv6 is being used on your LAN no matter what checkboxes you disable on the firewall. I frankly don't think you are achieving anything useful by disabling it on the firewall and thus blocking all IPv6 traffic that hit the box (such as the traffic between different subnets).
-
Sigh. I merely replied about the logspam of IPv6 traffic posted in this post. The reply was not aimed at you personally at all, not sure why you've taken is as such or what's the subsequent noise about even. IPv6 is being used on your LAN no matter what checkboxes you disable on the firewall. I frankly don't think you are achieving anything useful by disabling it on the firewall and thus blocking all IPv6 traffic that hit the box (such as the traffic between different subnets).
Sigh… thanks
-
Hi.
Since i originally suggested using the igmp proxy to route the multicast traffic needed for mDNS i should chime in.This was only a suggesting which i think should work.
I don't have any apple devices and don't really use mDNS myself.From your posted screenshot it looks as if the devices in question are trying to communicate via IPv6 for their mDNS communication.
However they probably fall back at some time to IPv4 (or querry v4 and v6 together right from the beginning), and you just don't see this kind of traffic in the log because it's allowed.I'm not really sure how to debug/verify this.
I did just now some short tests but couldn't get anything to traverse the pfSense.
Not sure if i missunderstood something the way the igmp proxy works, or i just can't generate the mDNS lookups the right way. (i'm trying with "dig +short -x 10.0.0.200 @224.0.0.251 -p 5353" and with "getent hosts 10.0.0.200") -
One of the guys I was sorta kinda working with a little earlier does use what seems to be pretty much any apple device he can find and is running 2.1 + avahi and its working. The problems so far seem to be with avahi running on smallish alix type systems that upgraded with avahi already in place and had issues. I've not seem an instance of someone just clean installing 2.1 on alix with avahi yet. Not sure what that might do.
Either way I'm waiting to see how igmp proxy might work out.
-
I had IPv6 running on pfSense with a pass-all rule set up just like the default "LAN -> any" rule. I also checked off the advanced options checkbox like I posted in the IPv4 screen shot too.
pfSense still wants to block the port 5353 IPv6 traffic and it doesn't want to route the IPv6 traffic. I don't know squat about IPv6, but I put the IPv6 address of the firewall into the IGMP settings and it still didn't work.
There's a good chance it's how I am setting up my IPv4 settings in IGMP. Can anyone give me guidance on that (based on my screen shots included in this thread)? It should fail back to IPv4 and work, I'm not sure my proxy settings are correct.
-
Well - If you don't need IPV6 block it, then just ignore the noise in your logs about it getting blocked.
Thats assuming you are on IPV4 and like it that way.
