Routing Apple Bonjour?

jlepthien

Hi there,

on my pfSense box I have got a LAN (10.0.100.254) interface and a WLAN (10.0.250.254) interface. When I am trying to use Apple Bonjour stuff on my iPhone like the iTunes remote or anything that relies on bonjour for syncing my iPhone with a desktop application it doesn't work anymore. It does work, when I bridge my WLAN interface to the LAN interface but that is not what I want.

From what I know is that Apple Bonjour uses multicasts. I have set up rules that allow any protocol from LAN to any and from WLAN to any. Still it does not work.
Has anyone a setup like mine and has this gotten to work?

Thanks in advance for your help guys.

jimp

Load up the Avahi package, it will bridge Bounjour across subnets.

I even run it at both ends of an OpenVPN tunnel and bridge Bonjour chat to my work network from home.

jlepthien

Hey jimp. That works really well! Awesome. Thank you so much. Cheers from Germany ;)

sollostech

This is very interesting to me. Do I need Avahi running on the firewalls on both sides of a IPsec VPN for this to work?

jimp

@sollostech:

This is very interesting to me. Do I need Avahi running on the firewalls on both sides of a IPsec VPN for this to work?

I am not sure it will work over IPsec. It works over OpenVPN because each end of the OpenVPN tunnel has a real IP address and will see broadcasts from the other end.

You can, however, setup OpenVPN with no "remote" subnets and simply have a link between the two pfSense routers and run Avahi and that should also work.

jlepthien

Hey. Avahi is running for me, but eventually it sometimes stops working. The daemon is running at all times but I need to restart it in order to work again. Nothing is seen in the logs. Anyone knows about this? I am running 1.2.3-rel on embedded…

jimp

I've seen that happen before. That may happen if the VPN tunnel drops for some reason.

jlepthien

I am not running it through a VPN. Just through my LAN and OPT (WLAN) interfaces…

jimp

Really? Huh. I haven't seen it fail in those cases. Usually my home-to-work connectivity will spaz out but not between segments here at the office.

Would there have been any reason that either LAN or OPT would have been reconfigured?

jlepthien

No. No change at all. And 'suddenly' this behaviour appeared. I also tried reinstalling avahi.

jimp

Anything in the logs at all to indicate what may have happened?

jlepthien

At the moment it is working and the log shows the following:

Mar 30 14:47:35	avahi-daemon[18176]: Invalid query packet.
Mar 30 14:47:35	avahi-daemon[18176]: Invalid query packet.
Mar 30 14:47:35	avahi-daemon[18176]: Invalid query packet.
Mar 30 14:47:36	avahi-daemon[18176]: Invalid query packet.
Mar 30 14:47:54	avahi-daemon[18176]: Invalid query packet.
Mar 30 14:47:54	avahi-daemon[18176]: Invalid query packet.
Mar 30 14:57:07	avahi-daemon[18176]: Invalid query packet.
Mar 30 14:57:07	avahi-daemon[18176]: Invalid query packet.
Mar 30 15:24:51	avahi-daemon[18176]: Invalid query packet.
Mar 30 15:24:51	avahi-daemon[18176]: Invalid query packet.
Mar 30 15:25:54	avahi-daemon[18176]: Invalid query packet.
Mar 30 15:25:54	avahi-daemon[18176]: Invalid query packet.
Mar 30 15:41:37	avahi-daemon[18176]: Invalid query packet.
Mar 30 15:41:37	avahi-daemon[18176]: Invalid query packet.
Mar 30 15:45:33	avahi-daemon[18176]: Invalid query packet.
Mar 30 15:45:33	avahi-daemon[18176]: Invalid query packet.
Mar 30 15:47:35	avahi-daemon[18176]: Invalid query packet.
Mar 30 15:47:35	avahi-daemon[18176]: Invalid query packet.
Mar 30 15:48:02	avahi-daemon[18176]: Invalid query packet.
Mar 30 15:48:02	avahi-daemon[18176]: Invalid query packet.
Mar 30 15:52:45	avahi-daemon[18176]: Invalid query packet.
Mar 30 15:52:45	avahi-daemon[18176]: Invalid query packet.
Mar 30 16:06:21	avahi-daemon[18176]: Invalid query packet.
Mar 30 16:06:21	avahi-daemon[18176]: Invalid query packet.
Mar 30 16:19:47	avahi-daemon[18176]: Invalid query packet.
Mar 30 16:19:47	avahi-daemon[18176]: Invalid query packet.
Mar 30 16:19:47	avahi-daemon[18176]: Invalid query packet.
Mar 30 16:19:47	avahi-daemon[18176]: Invalid query packet.
Mar 30 16:20:39	avahi-daemon[18176]: Invalid query packet.
Mar 30 16:20:39	avahi-daemon[18176]: Invalid query packet.
Mar 30 16:21:33	avahi-daemon[18176]: Invalid query packet.
Mar 30 16:21:33	avahi-daemon[18176]: Invalid query packet.
Mar 30 16:22:06	avahi-daemon[18176]: Invalid query packet.
Mar 30 16:22:06	avahi-daemon[18176]: Invalid query packet.
Mar 30 16:24:10	avahi-daemon[18176]: Invalid query packet.
Mar 30 16:24:10	avahi-daemon[18176]: Invalid query packet.
Mar 30 16:28:43	avahi-daemon[18176]: Invalid query packet.
Mar 30 16:28:43	avahi-daemon[18176]: Invalid query packet.
Mar 30 16:29:27	avahi-daemon[18176]: Invalid query packet.
Mar 30 16:29:27	avahi-daemon[18176]: Invalid query packet.
Mar 30 16:32:42	avahi-daemon[18176]: Invalid query packet.
Mar 30 16:32:42	avahi-daemon[18176]: Invalid query packet.
Mar 30 16:33:15	avahi-daemon[18176]: Invalid query packet.
Mar 30 16:33:15	avahi-daemon[18176]: Invalid query packet.
Mar 30 16:33:49	avahi-daemon[18176]: Invalid query packet.
Mar 30 16:33:49	avahi-daemon[18176]: Invalid query packet.
Mar 30 16:33:50	avahi-daemon[18176]: Invalid query packet.
Mar 30 16:33:50	avahi-daemon[18176]: Invalid query packet.
Mar 30 16:38:40	avahi-daemon[18176]: Invalid query packet.
Mar 30 16:38:40	avahi-daemon[18176]: Invalid query packet.

jimp

Huh, that's a new one.

I wonder if there is a new version of Avahi out there. There may have been some changes to the protocol that Apple and others have starting using.

jlepthien

Hi jimp,

also now my Apple Remote app on my iPhone is not working anymore. The curious thing I see in the firewall logs when I open the app is that multicast packets from ng0(WAN) to LAN get blocked. But why is that? What has WAN to do with this? My iPhone is on OPT(WLAN) and my iMac is on LAN….

Thx

jimp

For kicks and grins, go to the Avahi settings, and then save twice there.

Then go to the system logs and copy/paste the startup messages from Avahi here, you can sanitize the external IPs if any are shown.

There is an odd packages bug we're trying to track down that causes some packages to behave erratically until they are saved twice, and I'm wondering if Avahi has a latent problem in that regard.

jlepthien

Hey jimp,

done. Here is the log:

Apr 1 14:00:35 	avahi-daemon[29798]: Joining mDNS multicast group on interface vr0.IPv4 with address 10.0.100.254.
Apr 1 14:00:35 	avahi-daemon[29798]: New relevant interface vr0.IPv4 for mDNS.
Apr 1 14:00:35 	avahi-daemon[29798]: Network interface enumeration completed.
Apr 1 14:00:35 	avahi-daemon[29798]: Registering new address record for fe80::20d:b9ff:fe13:54a8 on ng0.*.
Apr 1 14:00:35 	avahi-daemon[29798]: Registering new address record for xxxx on ng0.IPv4.
Apr 1 14:00:35 	avahi-daemon[29798]: Registering new address record for fe80::280:48ff:fe62:fa57 on ath0.*.
Apr 1 14:00:35 	avahi-daemon[29798]: Registering new address record for 10.0.250.254 on ath0.IPv4.
Apr 1 14:00:35 	avahi-daemon[29798]: Registering new address record for fe80::20d:b9ff:fe13:54a8 on vr0.*.
Apr 1 14:00:35 	avahi-daemon[29798]: Registering new address record for 10.0.100.254 on vr0.IPv4.
Apr 1 14:00:35 	avahi-daemon[29798]: Registering HINFO record with values 'I386'/'FREEBSD'.
Apr 1 14:00:36 	avahi-daemon[29798]: Server startup complete. Host name is voldemort.hogwarts.local. Local service cookie is 1070838840.
Apr 1 14:00:37 	avahi-daemon[29798]: Service "voldemort" (/usr/local/etc/avahi/services/ssh.service) successfully established.
Apr 1 14:00:37 	avahi-daemon[29798]: Service "SFTP File Transfer on voldemort" (/usr/local/etc/avahi/services/sftp-ssh.service) successfully established.
Apr 1 14:00:39 	avahi-daemon[29798]: Got SIGTERM, quitting.
Apr 1 14:00:39 	avahi-daemon[29798]: Leaving mDNS multicast group on interface ng0.IPv4 with address xxxx.
Apr 1 14:00:39 	avahi-daemon[29798]: Leaving mDNS multicast group on interface ath0.IPv4 with address 10.0.250.254.
Apr 1 14:00:39 	avahi-daemon[29798]: Leaving mDNS multicast group on interface vr0.IPv4 with address 10.0.100.254.
Apr 1 14:00:44 	avahi-daemon[29907]: Found user 'avahi' (UID 1003) and group 'avahi' (GID 1003).
Apr 1 14:00:44 	avahi-daemon[29907]: Successfully dropped root privileges.
Apr 1 14:00:44 	avahi-daemon[29907]: avahi-daemon 0.6.24 starting up.
Apr 1 14:00:44 	avahi-daemon[29907]: WARNING: No NSS support for mDNS detected, consider installing nss-mdns!
Apr 1 14:00:44 	avahi-daemon[29907]: WARNING: No NSS support for mDNS detected, consider installing nss-mdns!
Apr 1 14:00:44 	avahi-daemon[29907]: Loading service file /usr/local/etc/avahi/services/sftp-ssh.service.
Apr 1 14:00:44 	avahi-daemon[29907]: Loading service file /usr/local/etc/avahi/services/ssh.service.
Apr 1 14:00:44 	avahi-daemon[29907]: Joining mDNS multicast group on interface ng0.IPv4 with address xxxx.
Apr 1 14:00:44 	avahi-daemon[29907]: New relevant interface ng0.IPv4 for mDNS.
Apr 1 14:00:44 	avahi-daemon[29907]: Joining mDNS multicast group on interface ath0.IPv4 with address 10.0.250.254.
Apr 1 14:00:44 	avahi-daemon[29907]: New relevant interface ath0.IPv4 for mDNS.
Apr 1 14:00:44 	avahi-daemon[29907]: Joining mDNS multicast group on interface vr0.IPv4 with address 10.0.100.254.
Apr 1 14:00:44 	avahi-daemon[29907]: New relevant interface vr0.IPv4 for mDNS.
Apr 1 14:00:44 	avahi-daemon[29907]: Network interface enumeration completed.
Apr 1 14:00:44 	avahi-daemon[29907]: Registering new address record for fe80::20d:b9ff:fe13:54a8 on ng0.*.
Apr 1 14:00:44 	avahi-daemon[29907]: Registering new address record for xxxx on ng0.IPv4.
Apr 1 14:00:44 	avahi-daemon[29907]: Registering new address record for fe80::280:48ff:fe62:fa57 on ath0.*.
Apr 1 14:00:44 	avahi-daemon[29907]: Registering new address record for 10.0.250.254 on ath0.IPv4.
Apr 1 14:00:44 	avahi-daemon[29907]: Registering new address record for fe80::20d:b9ff:fe13:54a8 on vr0.*.
Apr 1 14:00:44 	avahi-daemon[29907]: Registering new address record for 10.0.100.254 on vr0.IPv4.
Apr 1 14:00:44 	avahi-daemon[29907]: Registering HINFO record with values 'I386'/'FREEBSD'.
Apr 1 14:00:45 	avahi-daemon[29907]: Server startup complete. Host name is voldemort.hogwarts.local. Local service cookie is 2044989570.
Apr 1 14:00:46 	avahi-daemon[29907]: Service "voldemort" (/usr/local/etc/avahi/services/ssh.service) successfully established.
Apr 1 14:00:46 	avahi-daemon[29907]: Service "SFTP File Transfer on voldemort" (/usr/local/etc/avahi/services/sftp-ssh.service) successfully established.

jimp

Huh. Usually WAN is excluded from being used for Avahi becuase you almost ever want that to be used.

Can you try to reselect the Deny interface in your settings, and be sure that WAN is really highlighted?
I thought I put some code in there to catch the PPPoE case, but it's been so long since I touched it, I can't remember.

jlepthien

Okay. Did that. Now ng0 is not mentioned in the avahi logs anymore…
I will check my iPhone app when I get home and then I can tell you if it is working again.

Thanks

jlepthien

Nope. It does not work anymore. I also told iTunes to forget all remotes. I can finely add my iPhone and enter the code number given by the iPhone and then I should be able to control iTunes but the app keeps spinning and nothing happens…

The blocked logs show nothing...

Besides everything from WLAN to LAN and vice versa is allowed...

jimp

Was there a recent update to either iTunes or your iPhone?

I wonder if there has been an update to Avahi either recently. I may need to compile a new version.