Forwarding Broadcasts to pfSense

Post new topic   Reply to topic    DD-WRT Forum Forum Index -> Advanced Networking
Author Message
windyboi
DD-WRT User


Joined: 01 Dec 2015
Posts: 111

PostPosted: Tue May 26, 2020 8:45    Post subject: Forwarding Broadcasts to pfSense Reply with quote
Hi

I am using a Netgear R7000 with DD-WRT as a WAP / Switch. pfSense is plugged into the WAN port and is used as my router.

I am trying to get Apple Homekit to work across different VLANs and it is currently not because the mDNS protocol it uses cannot get from one VLAN to the other currently.

I have installed Avahi on the pfSense but I believe I need to somehow get the mDNS broadcasts to 224.0.0.251 to go up to the pfSense box to route instead of just broadcasting locally on DDWRT.

However, I am not sure what the correct process to achieve this would be. Is it as simple as creating an iptables rule on DDWRT to forward the broadcast packets up to pfSense? I couldn't seem to get this to work when I tried.

Thanks in advance
Sponsor
eibgrad
DD-WRT Guru


Joined: 18 Sep 2010
Posts: 8349

PostPosted: Fri Jul 17, 2020 16:27    Post subject: Reply with quote
If the only thing your dd-wrt router is doing is acting as a WAP, then your problems are likely a function of pfSense, NOT the WAP.

Configuring Avahi as a "reflector" should be sufficient. But I have seen problems where the firewall rules are preventing critical traffic from reaching the router.

For example. In my own case, using a tomato router, I created an IOT network to which I assigned my Chromecast-enabled TV. But now I couldn't Chromecast to that TV from the private network without Avahi. But that wasn't sufficient. I had forgotten that I had a severely restricted set of ports that were accessible by the IOT devices on the router (DHCP, DNS, etc.), that did NOT include mDNS (port 5353). Once I enabled port 5353 as well on the INPUT chain of the IOT network on the router, it all started working.

IOW, the use of Avahi is incredibly simple and not nearly as complicated as ppl sometimes think. It's just a proxy that straddles the two networks that need network discovery between them. And as long as there are no firewall rules in the way, it should work w/ minimal network changes.

I do have one caution. There are some configurations where even Avahi won't work. For example, a wireless ethernet bridge. As implemented in most routers, it's a *hack*. And this hack prevents network discovery from working across the bridge, *even* if the two sides of the bridge are part of the same ethernet network. So even though Avahi is working for me between several PCs on my private network and the Chromecast-enabled devices on the IOT network, any clients behind a wireless ethernet bridge do NOT work. I suspect I'd have to convert those to WDS to make it work. But that's another can of worms itself.

_________________
DD-WRT: DNS Leak Detection w/ VPNs (updated 6/5/19)
ddwrt-ovpn-split-basic.sh (UPDATED!)
ddwrt-ovpn-split-advanced.sh (UPDATED!)
ddwrt-blacklist-domains.sh (UPDATED!)
ddwrt-ovpn-client-backup.sh
ddwrt-mount-usb-drives.sh
ddwrt-ovpn-remote-access.sh
ddwrt-pptp-policy-based-routing.sh
Display posts from previous:    Page 1 of 1
Post new topic   Reply to topic    DD-WRT Forum Forum Index -> Advanced Networking All times are GMT

Navigation

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You cannot download files in this forum