Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Avahi between VLANs

    Scheduled Pinned Locked Moved pfSense Packages
    2 Posts 1 Posters 1.6k Views 1 Watching
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • S Offline
      skeskine
      last edited by skeskine

      I'm trying to setup Avahi between 3 VLANs, but so far I have had luck only with two. I have floating rule activated on all 3 VLANs:
      1d4396d8-0129-4f05-a230-5697f6d1bf19-image.png
      (ip 224.0.0.251 + port 5353 are included on aliases) and interfaces:
      40c19d14-f305-40fd-ae82-48b81440d19b-image.png

      I have tried all Avahi config options on web-ui, but this basic seem to work as well as any other [/usr/local/etc/avahi/avahi-daemon.conf]:

      # This file is generated by the pfSense Avahi package.
      # Do not edit this file, it will be overwritten automatically.
      
      [server]
      allow-interfaces=igb1.120,igb1.10,igb1.20
      allow-point-to-point=yes
      use-ipv4=yes
      use-ipv6=no
      enable-dbus=no
      cache-entries-max=0
      
      [wide-area]
      enable-wide-area=no
      
      [publish]
      disable-publishing=yes
      publish-addresses=no
      publish-hinfo=no
      publish-workstation=no
      publish-domain=no
      publish-aaaa-on-ipv4=no
      publish-a-on-ipv6=no
      disable-user-service-publishing=yes
      
      [reflector]
      enable-reflector=yes
      

      And system log looks clean:

      Feb 16 21:28:25	php-fpm	349	/avahi_settings.php: Starting service avahi
      Feb 16 21:28:25	avahi-daemon	80437	Found user 'avahi' (UID 558) and group 'avahi' (GID 558).
      Feb 16 21:28:25	avahi-daemon	80437	Successfully dropped root privileges.
      Feb 16 21:28:25	avahi-daemon	80437	avahi-daemon 0.7 starting up.
      Feb 16 21:28:25	avahi-daemon	80437	WARNING: No NSS support for mDNS detected, consider installing nss-mdns!
      Feb 16 21:28:25	avahi-daemon	80437	Loading service file /usr/local/etc/avahi/services/sftp-ssh.service.
      Feb 16 21:28:25	avahi-daemon	80437	Loading service file /usr/local/etc/avahi/services/ssh.service.
      Feb 16 21:28:25	avahi-daemon	80437	Joining mDNS multicast group on interface igb1.120.IPv4 with address 172.16.120.1.
      Feb 16 21:28:25	avahi-daemon	80437	New relevant interface igb1.120.IPv4 for mDNS.
      Feb 16 21:28:25	avahi-daemon	80437	Joining mDNS multicast group on interface igb1.20.IPv4 with address 192.168.20.1.
      Feb 16 21:28:25	avahi-daemon	80437	New relevant interface igb1.20.IPv4 for mDNS.
      Feb 16 21:28:25	avahi-daemon	80437	Joining mDNS multicast group on interface igb1.10.IPv4 with address 192.168.10.1.
      Feb 16 21:28:25	avahi-daemon	80437	New relevant interface igb1.10.IPv4 for mDNS.
      Feb 16 21:28:25	avahi-daemon	80437	Network interface enumeration completed.
      Feb 16 21:28:25	avahi-daemon	80437	Server startup complete. Host name is muuri.local. Local service cookie is 1992892564.
      Feb 16 21:28:25	avahi-daemon	80437	Failed to add service 'muuri' of type '_ssh._tcp', ignoring service group (/usr/local/etc/avahi/services/ssh.service): Not permitted
      Feb 16 21:28:25	avahi-daemon	80437	Failed to add service 'muuri' of type '_sftp-ssh._tcp', ignoring service group (/usr/local/etc/avahi/services/sftp-ssh.service): Not permitted
      

      Problem is that mDNS seem to work only between IOT (igbl.120) and OMALANKA (igb1.10). I assume Chromecast-packege should be generate also log-entry for my WLAN-network. Right?
      96462d0b-0efa-4a47-98db-1d100e3b8232-image.png
      Trying to contact Chromecast with my laptop @VLAN10 is ok and everything works:
      a2c99873-3e9e-4fd3-8d78-5423065408d4-image.png
      But same machine with same wlan (exept VLAN ID) @VLAN20 generate no action on other interfaces:
      7928d730-b3b9-47f6-b8d7-3189882dcbc8-image.png

      Firewall rules are 100 % same on both OMALANKA and OMAWLAN. I have no idea what I'm doing wrong here. How to continue troubleshooting?

      1 Reply Last reply Reply Quote 0
      • S Offline
        skeskine
        last edited by

        If I allow all 9 interfaces for Avahi, it selects just 3 first ones and tries them (172.16.120.41 is my Chromecast-dongle):
        b8b8348e-6f80-459a-99b1-493e6436fccd-image.png
        DMZ and LAN do not have multicast rules, so rejecting them is fine. But why Avahi selects just these interfaces?

        1 Reply Last reply Reply Quote 0
        • First post
          Last post
        Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.