I use pfSense for the network at my work. Recently I setup a Guest Network with vlan tagging and it's working well.
I wanted to share the printers from the main network to the guest network to allow printing. So I setup an alias for the ports and setup the proper rules and it works to print from the guest network from IP.
Now I am setting up the Avahi package to allow iPhone and iPad devices on the Guest Network to print. Just using the basic settings to proxy the mDNS stuff works well and now they can print.
So now I have 2 questions:
Is it possible to configure Avahi to only proxy certain mDNS data? For example the Internet Printing Protocol "_ipp._tcp." & Print Spooler "_printer._tcp?"
Can Avahi only PUSH rather than broadcast from both networks? I only need to send data to the guest network, not back to the main network.
- This is probably my fault. The printers themselves broadcast using the .local. domain (I think that's the default with how bonjour works for apple products) So that is the domain I have setup to broadcast. Not sure if there is a way to set the printer domain to what I want and then have it broadcast properly.
I ask for #1 cause people on the guest network can see file shares on the main network. They can't connect to them because I have the ports blocked but I don't like spreading that much information into a guest network.
The reason behind #2 is that the printers will start renaming themselves because of old mDNS data. Over time the Printer that is called "01 Sales" will become "01 Sales (2)" and then "01 Sales (3)" etc. I guess I just don't have a handle on how the avahi proxy works and why it is doing this… Maybe I need to fix things on my DHCP server because I do have the option checked that says something like "Register host names on the domain."
If I am misunderstanding anything on how I should do this setup, let me know.
Avahi either reflects things or not between networks. If you don't want things published, don't publish them. If you don't want them reflected, do not reflect them. As for the "duplicate" crap, maybe hit someone @Bitten Fruit Co. with a cluebat repeatedly. Never got the thing. What on earth is wrong with using DNS for printers?
Thank you for your reply, I think the "Reflector Options" at the bottom of the Avahi Package page might be what I need. I will post back and let you know.
For your last question: "What on earth is wrong with using DNS for printers?"
- Nothing. But in Apple's world when you go to print on an iOS device, it only lists printers that are broadcasted with bonjour (You do not have the ability to type in an IP or DNS name). That's why I need Avahi to broadcast the printers onto the Guest network which is not the same subnet as the printers themselves. (Printers are on the main untagged LAN interface)
I will play around with the reflector & publishing settings and let you know for that part. Having only one active (like reflect or publish might solve the printer renaming issue)
For the second part when you say "If you don't want things published, don't publish them."
- Do you mean from each device themselves or do you mean from the pfSense router involving Avahi publish/reflect?
- I need them to broadcast themselves for browsing/bonjour on the main network (all mac environment).
- If you mean the pfSense side of things, I would LOVE extra options or even command line examples on how I can Publish/Reflect certain types of bonjour data. OR even from Avahi command line manually enter the services I want to broadcast with their IP to just the GST interface so only the printer data is being broadcasted. I am just not sure how to do that.
As I do more research, the Reflector part of Avahi is exactly what I want/need. What's missing is the ability to filter what gets reflected.
This link is a GitHub pull request that adds the option "reflect-filters" inside the avahi-daemon.conf file. Which I found on pfSense resides in "/usr/local/etc/avahi/" (in case anyone needs to know that didn't already.)
I am now going to compile my own avahi FreeBSD package with the PR (pull request) to put on the router to give me the feature I need.
Thanks for everyone's help!