Joined: 18 Sep 2010
|Posted: Fri Jul 17, 2020 16:27 Post subject:
|If the only thing your dd-wrt router is doing is acting as a WAP, then your problems are likely a function of pfSense, NOT the WAP.
Configuring Avahi as a "reflector" should be sufficient. But I have seen problems where the firewall rules are preventing critical traffic from reaching the router.
For example. In my own case, using a tomato router, I created an IOT network to which I assigned my Chromecast-enabled TV. But now I couldn't Chromecast to that TV from the private network without Avahi. But that wasn't sufficient. I had forgotten that I had a severely restricted set of ports that were accessible by the IOT devices on the router (DHCP, DNS, etc.), that did NOT include mDNS (port 5353). Once I enabled port 5353 as well on the INPUT chain of the IOT network on the router, it all started working.
IOW, the use of Avahi is incredibly simple and not nearly as complicated as ppl sometimes think. It's just a proxy that straddles the two networks that need network discovery between them. And as long as there are no firewall rules in the way, it should work w/ minimal network changes.
I do have one caution. There are some configurations where even Avahi won't work. For example, a wireless ethernet bridge. As implemented in most routers, it's a *hack*. And this hack prevents network discovery from working across the bridge, *even* if the two sides of the bridge are part of the same ethernet network. So even though Avahi is working for me between several PCs on my private network and the Chromecast-enabled devices on the IOT network, any clients behind a wireless ethernet bridge do NOT work. I suspect I'd have to convert those to WDS to make it work. But that's another can of worms itself.
DD-WRT: DNS Leak Detection w/ VPNs (updated 6/5/19)