Avahi between VLANs



  • I'm trying to setup Avahi between 3 VLANs, but so far I have had luck only with two. I have floating rule activated on all 3 VLANs:
    1d4396d8-0129-4f05-a230-5697f6d1bf19-image.png
    (ip 224.0.0.251 + port 5353 are included on aliases) and interfaces:
    40c19d14-f305-40fd-ae82-48b81440d19b-image.png

    I have tried all Avahi config options on web-ui, but this basic seem to work as well as any other [/usr/local/etc/avahi/avahi-daemon.conf]:

    # This file is generated by the pfSense Avahi package.
    # Do not edit this file, it will be overwritten automatically.
    
    [server]
    allow-interfaces=igb1.120,igb1.10,igb1.20
    allow-point-to-point=yes
    use-ipv4=yes
    use-ipv6=no
    enable-dbus=no
    cache-entries-max=0
    
    [wide-area]
    enable-wide-area=no
    
    [publish]
    disable-publishing=yes
    publish-addresses=no
    publish-hinfo=no
    publish-workstation=no
    publish-domain=no
    publish-aaaa-on-ipv4=no
    publish-a-on-ipv6=no
    disable-user-service-publishing=yes
    
    [reflector]
    enable-reflector=yes
    

    And system log looks clean:

    Feb 16 21:28:25	php-fpm	349	/avahi_settings.php: Starting service avahi
    Feb 16 21:28:25	avahi-daemon	80437	Found user 'avahi' (UID 558) and group 'avahi' (GID 558).
    Feb 16 21:28:25	avahi-daemon	80437	Successfully dropped root privileges.
    Feb 16 21:28:25	avahi-daemon	80437	avahi-daemon 0.7 starting up.
    Feb 16 21:28:25	avahi-daemon	80437	WARNING: No NSS support for mDNS detected, consider installing nss-mdns!
    Feb 16 21:28:25	avahi-daemon	80437	Loading service file /usr/local/etc/avahi/services/sftp-ssh.service.
    Feb 16 21:28:25	avahi-daemon	80437	Loading service file /usr/local/etc/avahi/services/ssh.service.
    Feb 16 21:28:25	avahi-daemon	80437	Joining mDNS multicast group on interface igb1.120.IPv4 with address 172.16.120.1.
    Feb 16 21:28:25	avahi-daemon	80437	New relevant interface igb1.120.IPv4 for mDNS.
    Feb 16 21:28:25	avahi-daemon	80437	Joining mDNS multicast group on interface igb1.20.IPv4 with address 192.168.20.1.
    Feb 16 21:28:25	avahi-daemon	80437	New relevant interface igb1.20.IPv4 for mDNS.
    Feb 16 21:28:25	avahi-daemon	80437	Joining mDNS multicast group on interface igb1.10.IPv4 with address 192.168.10.1.
    Feb 16 21:28:25	avahi-daemon	80437	New relevant interface igb1.10.IPv4 for mDNS.
    Feb 16 21:28:25	avahi-daemon	80437	Network interface enumeration completed.
    Feb 16 21:28:25	avahi-daemon	80437	Server startup complete. Host name is muuri.local. Local service cookie is 1992892564.
    Feb 16 21:28:25	avahi-daemon	80437	Failed to add service 'muuri' of type '_ssh._tcp', ignoring service group (/usr/local/etc/avahi/services/ssh.service): Not permitted
    Feb 16 21:28:25	avahi-daemon	80437	Failed to add service 'muuri' of type '_sftp-ssh._tcp', ignoring service group (/usr/local/etc/avahi/services/sftp-ssh.service): Not permitted
    

    Problem is that mDNS seem to work only between IOT (igbl.120) and OMALANKA (igb1.10). I assume Chromecast-packege should be generate also log-entry for my WLAN-network. Right?
    96462d0b-0efa-4a47-98db-1d100e3b8232-image.png
    Trying to contact Chromecast with my laptop @VLAN10 is ok and everything works:
    a2c99873-3e9e-4fd3-8d78-5423065408d4-image.png
    But same machine with same wlan (exept VLAN ID) @VLAN20 generate no action on other interfaces:
    7928d730-b3b9-47f6-b8d7-3189882dcbc8-image.png

    Firewall rules are 100 % same on both OMALANKA and OMAWLAN. I have no idea what I'm doing wrong here. How to continue troubleshooting?



  • If I allow all 9 interfaces for Avahi, it selects just 3 first ones and tries them (172.16.120.41 is my Chromecast-dongle):
    b8b8348e-6f80-459a-99b1-493e6436fccd-image.png
    DMZ and LAN do not have multicast rules, so rejecting them is fine. But why Avahi selects just these interfaces?


Log in to reply