Avahi between VLANs

skeskine

I'm trying to setup Avahi between 3 VLANs, but so far I have had luck only with two. I have floating rule activated on all 3 VLANs:

(ip 224.0.0.251 + port 5353 are included on aliases) and interfaces:

I have tried all Avahi config options on web-ui, but this basic seem to work as well as any other [/usr/local/etc/avahi/avahi-daemon.conf]:

# This file is generated by the pfSense Avahi package.
# Do not edit this file, it will be overwritten automatically.

[server]
allow-interfaces=igb1.120,igb1.10,igb1.20
allow-point-to-point=yes
use-ipv4=yes
use-ipv6=no
enable-dbus=no
cache-entries-max=0

[wide-area]
enable-wide-area=no

[publish]
disable-publishing=yes
publish-addresses=no
publish-hinfo=no
publish-workstation=no
publish-domain=no
publish-aaaa-on-ipv4=no
publish-a-on-ipv6=no
disable-user-service-publishing=yes

[reflector]
enable-reflector=yes

And system log looks clean:

Feb 16 21:28:25	php-fpm	349	/avahi_settings.php: Starting service avahi
Feb 16 21:28:25	avahi-daemon	80437	Found user 'avahi' (UID 558) and group 'avahi' (GID 558).
Feb 16 21:28:25	avahi-daemon	80437	Successfully dropped root privileges.
Feb 16 21:28:25	avahi-daemon	80437	avahi-daemon 0.7 starting up.
Feb 16 21:28:25	avahi-daemon	80437	WARNING: No NSS support for mDNS detected, consider installing nss-mdns!
Feb 16 21:28:25	avahi-daemon	80437	Loading service file /usr/local/etc/avahi/services/sftp-ssh.service.
Feb 16 21:28:25	avahi-daemon	80437	Loading service file /usr/local/etc/avahi/services/ssh.service.
Feb 16 21:28:25	avahi-daemon	80437	Joining mDNS multicast group on interface igb1.120.IPv4 with address 172.16.120.1.
Feb 16 21:28:25	avahi-daemon	80437	New relevant interface igb1.120.IPv4 for mDNS.
Feb 16 21:28:25	avahi-daemon	80437	Joining mDNS multicast group on interface igb1.20.IPv4 with address 192.168.20.1.
Feb 16 21:28:25	avahi-daemon	80437	New relevant interface igb1.20.IPv4 for mDNS.
Feb 16 21:28:25	avahi-daemon	80437	Joining mDNS multicast group on interface igb1.10.IPv4 with address 192.168.10.1.
Feb 16 21:28:25	avahi-daemon	80437	New relevant interface igb1.10.IPv4 for mDNS.
Feb 16 21:28:25	avahi-daemon	80437	Network interface enumeration completed.
Feb 16 21:28:25	avahi-daemon	80437	Server startup complete. Host name is muuri.local. Local service cookie is 1992892564.
Feb 16 21:28:25	avahi-daemon	80437	Failed to add service 'muuri' of type '_ssh._tcp', ignoring service group (/usr/local/etc/avahi/services/ssh.service): Not permitted
Feb 16 21:28:25	avahi-daemon	80437	Failed to add service 'muuri' of type '_sftp-ssh._tcp', ignoring service group (/usr/local/etc/avahi/services/sftp-ssh.service): Not permitted

Problem is that mDNS seem to work only between IOT (igbl.120) and OMALANKA (igb1.10). I assume Chromecast-packege should be generate also log-entry for my WLAN-network. Right?

Trying to contact Chromecast with my laptop @VLAN10 is ok and everything works:

But same machine with same wlan (exept VLAN ID) @VLAN20 generate no action on other interfaces:

Firewall rules are 100 % same on both OMALANKA and OMAWLAN. I have no idea what I'm doing wrong here. How to continue troubleshooting?

skeskine

If I allow all 9 interfaces for Avahi, it selects just 3 first ones and tries them (172.16.120.41 is my Chromecast-dongle):

DMZ and LAN do not have multicast rules, so rejecting them is fine. But why Avahi selects just these interfaces?