Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Weird problem with multiple VLANs and airprint

    Routing and Multi WAN
    1
    2
    1.8k
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • N
      nerd1701
      last edited by

      Not sure if I'm posting this in right forum, but I figured this sounded like the best place.  If it's not, please forgive me and suggest where to move the discussion to..

      Here's my scenario:

      I've got 2 Wireless LANs.  One is a private LAN running with a pfSense box on VLAN 2 on a hidden SSID coming from several D-Link 2553 WAPs.  The other is a public wireless running on the default VLAN from the same WAPs using a different pfSense box.

      There are 3 networks involved here:

      Office network (connected only to the private pfSense box)
      "Dirty LAN" - Where the wireless traffic is running - It has VLAN 2 and the default VLAN.
      WAN connection.  Each box has it's own WAN connection to the internet (we have 5 static IPs)

      I have another box running Ubuntu to provide printer access to the wireless network and Airprint.  It is connected to the office network to reach the printers and VLAN 2 of the "dirty LAN" to provide access to the private wireless.

      Here's the problem.  The airprint service is seen and usable on the public network, despite having no connection to the Ubuntu box.  The Ubuntu box cannot be pinged or otherwise reached.  I do NOT want the public wireless seeing the airprint devices or being able to use them.

      I have done packet captures and I see the traffic going from the Apple device to the 224.0.0.251 port 5353, but no traffic going back to the device.  I have blocked UDP traffic to both port 5353 and UDP traffic to 224.0.0.251, however it is still working.  I thought it might be "leaking" through the WAN interface, but I shut down the WAN interface and it could still be seen.  Turning off the Ubuntu box (obviously) shuts off the airprint service :)

      There is NO connection from the Ubuntu box to the default VLAN.

      Does anyone have any possible insight on this?

      Thanks,
      Doug

      1 Reply Last reply Reply Quote 0
      • N
        nerd1701
        last edited by

        In case anyone is interested, I have solved this problem.  Here's what the story was:

        There were 3 interfaces on the Ubuntu box:

        eth0 - Base NIC - No VLAN - No IP address configured
        eth0.2 - VLAN 2 - 192.168.124.21
        eth0.3 - VLAN 3 - 192.168.125.21

        The Avahi daemon (Bonjour) was sending the broadcast packets to all 3 protocols.  To my surprise, they were being sent out the base interface, despite the fact that it had no IP address.

        I solved the problem by creating new portgroups on the vSwitch which were dedicated to VLAN 2 and 3 respectively.  I then created new NICs in the Ubuntu VM to attach to each of these.  Now everything is working as expected.

        1 Reply Last reply Reply Quote 0
        • First post
          Last post
        Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.