Apple Home/HomeKit on a isolated network results in very slow IoT devices

Installing and Using OpenWrt
27

Exactly what I thought, but instead this setup isn’t working. I'd lke to keep the things easy, but I don’t know, maybe I configured something wrong with the interfaces or firewall or I don't know what...

Here are the few interesting configuration, if you spot something wrong or have an idea!

(remember that if I join the "iot" wifi network from a iOS device, everything is working as expected. Only the propagation of mDNS is not working.

Network

config device
	option name 'br-lan'
	option type 'bridge'
	list ports 'lan1'
	list ports 'lan2'
	list ports 'lan3'
	list ports 'lan4'
	option ipv6 '0'

config interface 'lan'
	option device 'br-lan'
	option proto 'static'
	option netmask '255.255.255.0'
	option gateway '192.168.1.2'
	option ipaddr '192.168.1.3'

config interface 'guest'
	option proto 'static'
	list ipaddr '192.168.3.1/24'
	list dns '192.168.1.4'

config interface 'iot'
	option proto 'static'
	list dns '192.168.1.4'
	list ipaddr '192.168.5.1/24'

Wifi

config wifi-iface 'default_radio0'
        option device 'radio0'
        option mode 'ap'
        option encryption 'sae-mixed'
        option key 'x'
        option ssid 'Magnifico_IoT'
        option network 'iot'

Firewall (DHCP rule is not necessary)

config forwarding
	option src 'iot'
	option dest 'lan'

config rule
	option name 'IoT DHCP'
	list proto 'udp'
	option src 'iot'
	option dest_port '67-68'
	option target 'ACCEPT'

config rule
	option name 'IoT DNS'
	option src 'iot'
	option dest_port '53'
	option target 'ACCEPT'

config rule
	option target 'ACCEPT'
	option name 'IoT 80'
	option dest_port '80'
	option src 'iot'

config rule
	option name 'IoT 443'
	option dest_port '443'
	option target 'ACCEPT'
	option src 'iot'

config rule
	option name 'IoT 5353'
	option dest_port '5353'
	option target 'ACCEPT'
	option src_port '5353'
	option src 'iot'
	list proto 'udp'
	option dest 'lan'
	list src_ip '224.0.0.251'
	list dest_ip '224.0.0.251'

config rule
	option name 'Block IoT LAN'
	option src 'iot'
	option dest 'lan'
	option target 'DROP'
	list proto 'all'
	list dest_ip '192.168.1.0/24'

And the avahi-daemon.conf 

[server]
#host-name=foo
#domain-name=lan
#browse-domains=lan
use-ipv4=yes
use-ipv6=yes
check-response-ttl=no
use-iff-running=no
#allow-interfaces=wl0-ap0 #this doesn't change anything

[publish]
publish-addresses=yes
publish-hinfo=yes
publish-workstation=no
publish-domain=yes
#publish-dns-servers=192.168.1.4
#publish-resolv-conf-dns-servers=yes

[reflector]
enable-reflector=yes
reflect-ipv=yes
28

I am focussing on one piece at a time, mDNS.

Please show info on 'iot' lan connectivity on WAX206. (filter any sensitive info)
ip neigh show
ip addr show
ip route
tcpdump -D

29

Oh thank you very much for the help! Remember that other IoT devices (I mean Alexa, wifi weather stations, etcc..) are working, only the HomeKit devices aren't working (or are very slow to respond from iOS Home app).

I

root@WAX206:~# ip neigh show
192.168.5.208 dev wl0-ap0 lladdr xx:xx:xx:15:94:5f ref 1 used 0/0/0 probes 1 REACHABLE
192.168.1.11 dev br-lan lladdr xx:xx:xx::b0:2c:58 used 0/0/0 probes 1 STALE
192.168.5.113 dev wl0-ap0 lladdr xx:xx:xx::14:c5 ref 1 used 0/0/0 probes 1 REACHABLE
192.168.5.143 dev wl0-ap0 lladdr xx:xx:xx: 27:b9:e3 ref 1 used 0/0/0 probes 1 REACHABLE
192.168.1.10 dev br-lan lladdr f8 xx:xx:xx: a3:5f:54 ref 1 used 0/0/0 probes 1 REACHABLE
192.168.5.183 dev wl0-ap0 lladdr 48:43: xx:xx:xx::c5 used 0/0/0 probes 1 STALE
192.168.5.210 dev wl0-ap0 lladdr 90: xx:xx:xx: c3:f1 ref 1 used 0/0/0 probes 1 REACHABLE
192.168.5.223 dev wl0-ap0 lladdr 48:e1:e9xx:xx:xx: ref 1 used 0/0/0 probes 1 REACHABLE
192.168.5.142 dev wl0-ap0 lladdr 48:e1xx:xx:xx::da ref 1 used 0/0/0 probes 1 DELAY
192.168.5.182 dev wl0-ap0 lladdr 2c:71:ffxx:xx:xx:ref 1 used 0/0/0 probes 1 REACHABLE
192.168.5.205 dev wl0-ap0 lladdr 38:exx:xx:xx:2f ref 1 used 0/0/0 probes 1 REACHABLE
192.168.5.124 dev wl0-ap0 lladdr 48:exx:xx:xx: ref 1 used 0/0/0 probes 1 REACHABLE
192.168.5.204 dev wl0-ap0 lladdr 48:e1:xx:xx:xx: ref 1 used 0/0/0 probes 1 REACHABLE
192.168.5.247 dev wl0-ap0 lladdr 70:ee:xx:xx:xx:80 ref 1 used 0/0/0 probes 1 REACHABLE
192.168.1.6 dev br-lan lladdr dc:a6:32xx:xx:xx:a ref 1 used 0/0/0 probes 0 REACHABLE
192.168.5.178 dev wl0-ap0 lladdr 48:xx:xx:xx:9:04 ref 1 used 0/0/0 probes 1 DELAY
192.168.5.201 dev wl0-ap0 lladdr 24:xx:xx:xx:6c ref 1 used 0/0/0 probes 1 REACHABLE
192.168.5.191 dev wl0-ap0 lladdr 4c:xx:xx:xx:b:f7:7f ref 1 used 0/0/0 probes 1 REACHABLE
192.168.1.4 dev br-lan lladdr e4:5f:01:xx:xx:xx: ref 1 used 0/0/0 probes 1 REACHABLE
192.168.5.110 dev wl0-ap0 lladdr 48:exx:xx:xx:0:40 ref 1 used 0/0/0 probes 1 REACHABLE
192.168.5.150 dev wl0-ap0 lladdr 7xx:xx:xx:65:73:4a ref 1 used 0/0/0 probes 1 REACHABLE
192.168.5.190 dev wl0-ap0 lladdr 48:exx:xx:xx:fc ref 1 used 0/0/0 probes 1 REACHABLE
192.168.5.230 dev wl0-ap0 lladdr 48:41:exx:xx:xx:f3 ref 1 used 0/0/0 probes 1 REACHABLE
192.168.5.185 dev wl0-ap0 lladdr a0:43xx:xx:xx::89 ref 1 used 0/0/0 probes 1 REACHABLE
192.168.1.2 dev br-lan lladdr b6:75:c6:1cxx:xx:xx: 1 used 0/0/0 probes 1 DELAY
192.168.5.116 dev wl0-ap0 lladdr 48xx:xx:xx:66 ref 1 used 0/0/0 probes 1 REACHABLE
fe80::72ee:50ff:65:738a dev wl0-ap0 lladdr 70:eexx:xx:xx:3:8a used 0/0/0 probes 0 STALE
fe80::4a43:ddff:5:4fc5 dev wl0-ap0 lladdr 48:43:dxx:xx:xx:4f:c5 used 0/0/0 probes 0 STALE
fe80::72ee:50ff:f:c680 dev wl0-ap0 lladdr 70:ee:5xx:xx:xx:80 used 0/0/0 probes 0 STALE
root@WAX206:~# 

root@WAX206:~# ip addr show
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
    inet6 ::1/128 scope host 
       valid_lft forever preferred_lft forever
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1504 qdisc mq state UP qlen 1000
    link/ether 000:: 000: 000::8d:37 brd ff:ff:ff:ff:ff:ff
    inet6 000:: 000: 000:feeb:8d37/64 scope link 
       valid_lft forever preferred_lft forever
3: lan1@eth0: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc noqueue master br-lan state LOWERLAYERDOWN qlen 1000
    link/ether 000: 000: 000:eb:8d:37 brd ff:ff:ff:ff:ff:ff
4: lan2@eth0: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc noqueue master br-lan state LOWERLAYERDOWN qlen 1000
    link/ether 000: 000: 000:eb:8d:37 brd ff:ff:ff:ff:ff:ff
5: lan3@eth0: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc noqueue master br-lan state LOWERLAYERDOWN qlen 1000
    link/ether 000: 000: 000:eb:8d:37 brd ff:ff:ff:ff:ff:ff
6: lan4@eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue master br-lan state UP qlen 1000
    link/ether 000: 000: 000:eb:8d:37 brd ff:ff:ff:ff:ff:ff
7: wan@eth0: <BROADCAST,MULTICAST> mtu 1500 qdisc noop state DOWN qlen 1000
    link/ether 000: 000: 000:eb:8d:37 brd ff:ff:ff:ff:ff:ff
10: br-lan: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP qlen 1000
    link/ether 000: 000:9c:eb:8d:37 brd ff:ff:ff:ff:ff:ff
    inet 192.168.1.3/24 brd 192.168.1.255 scope global br-lan
       valid_lft forever preferred_lft forever
12: wl1-ap0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue master br-lan state UP qlen 1000
    link/ether xx: xx: xx:26:46:38 brd ff:ff:ff:ff:ff:ff
    inet6 000:: 000:43ff:fe26:4638/64 scope link 
       valid_lft forever preferred_lft forever
13: wl1-ap1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP qlen 1000
    link/ether xx: xx:xx:xx:46:38 brd ff:ff:ff:ff:ff:ff
    inet 192.168.3.1/24 brd 192.168.3.255 scope global wl1-ap1
       valid_lft forever preferred_lft forever
    inet6 000::c: 000:fe26:4638/64 scope link 
       valid_lft forever preferred_lft forever
15: wl0-ap0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP qlen 1000
    link/ether 00:0c:43:26:60:30 brd ff:ff:ff:ff:ff:ff
    inet 192.168.5.1/24 brd 192.168.5.255 scope global wl0-ap0
       valid_lft forever preferred_lft forever
    inet6 000:: 000: 000:fe26:6030/64 scope link 
       valid_lft forever preferred_lft forever

root@WAX206:~# ip route
default via 192.168.1.2 dev br-lan 
192.168.1.0/24 dev br-lan scope link  src 192.168.1.3 
192.168.3.0/24 dev wl1-ap1 scope link  src 192.168.3.1 
192.168.5.0/24 dev wl0-ap0 scope link  src 192.168.5.1 

root@WAX206:~# tcpdump -D
1.eth0 [Up, Running, Connected]
2.lan4 [Up, Running, Connected]
3.br-lan [Up, Running, Connected]
4.wl1-ap0 [Up, Running, Connected]
5.wl1-ap1 [Up, Running, Connected]
6.wl0-ap0 [Up, Running, Connected]
7.any (Pseudo-device that captures on all interfaces) [Up, Running]
8.lo [Up, Running, Loopback]
9.lan1 [Up, Disconnected]
10.lan2 [Up, Disconnected]
11.lan3 [Up, Disconnected]
12.wan [none, Disconnected]

(I've edited the iv4/6 addresses)

30

Great! Now I see what should be a system directly connecting 192.168.1.0/24 and 192.168.5.0/24

mDNS reflection should be able to work on WAX206.

Test it. :slight_smile:
Do a tcpdump -i any port 5353 on WAX206 and the mDNS query on your mac. What shows up?

Since there are devices in the network between multiple routers to some networks...
On your mac:
show ip route
and traceroute 192.168.5.1
and traceroute 192.168.5.210

Any way to show the route table on your homepod?

Thanks,

1 Like
31

Ehm no it's not workinkg, it's already running on the WAX206

root@WAX206:~# service avahi-daemon status
running

with this config

root@WAX206:~# cat /etc/avahi/avahi-daemon.conf
[server]
#host-name=foo
#domain-name=lan
#browse-domains=lan
use-ipv4=yes
use-ipv6=yes
check-response-ttl=no
use-iff-running=no
#allow-interfaces=wl0-ap0

[publish]
publish-addresses=yes
publish-hinfo=yes
publish-workstation=no
publish-domain=yes
#publish-dns-servers=192.168.1.4
#publish-resolv-conf-dns-servers=yes

[reflector]
enable-reflector=yes
reflect-ipv=yes

listening on any, link-type LINUX_SLL2 (Linux cooked v2), snapshot length 262144 bytes
19:22:25.408965 lan4  M   IP 192.168.1.5.5353 > 224.0.0.251.5353: 0 PTR (QM)? _hap._tcp.local. (33)
19:22:25.409000 wl0-ap0 Out IP 192.168.1.5.5353 > 224.0.0.251.5353: 0 PTR (QM)? _hap._tcp.local. (33)
19:22:25.409038 wl1-ap0 Out IP 192.168.1.5.5353 > 224.0.0.251.5353: 0 PTR (QM)? _hap._tcp.local. (33)
19:22:25.408965 br-lan M   IP 192.168.1.5.5353 > 224.0.0.251.5353: 0 PTR (QM)? _hap._tcp.local. (33)
19:22:25.409704 wl0-ap0 Out IP6 fe80::c:43ff:fe26:6030.5353 > ff02::fb.5353: 0 PTR (QM)? _hap._tcp.local. (33)
19:22:25.409964 wl1-ap1 Out IP6 fe80::c:43ff:fe26:4638.5353 > ff02::fb.5353: 0 PTR (QM)? _hap._tcp.local. (33)
19:22:25.410151 wl1-ap1 Out IP WAX206.lan.5353 > 224.0.0.251.5353: 0 PTR (QM)? _hap._tcp.local. (33)
19:22:25.410318 wl1-ap0 Out IP6 fe80::20c:43ff:fe26:4638.5353 > ff02::fb.5353: 0 PTR (QM)? _hap._tcp.local. (33)
19:22:25.410488 eth0  Out IP6 fe80::82cc:9cff:feeb:8d37.5353 > ff02::fb.5353: 0 PTR (QM)? _hap._tcp.local. (33)
19:22:25.410919 lo    In  IP localhost.5353 > 224.0.0.251.5353: 0 PTR (QM)? _hap._tcp.local. (33)
19:22:25.442009 lan4  M   IP 192.168.1.5.5353 > 224.0.0.251.5353: 0*- [0q] 25/0/0 PTR Homebridge 27ED._hap._tcp.local., (Cache flush) TXT "c#=2" "ff=0" "id=:F3:6E" "md=homebridge" "pv=1.1" "s#=1" "sf=1" "ci=2" "sh=zeQfPA==", (Cache flush) SRV homebridge.local.:51625 0 0, (Cache flush) A 192.168.1.5, PTR Broadlink RM 4A8F._hap._tcp.local., (Cache flush) TXT "c#=2" "ff=0" "id=0E:B7:47:FD:F0:28" "md=homebridge" "pv=1.1" "s#=1" "sf=0" "ci=2" "sh=eKzYEw==", (Cache flush) SRV homebridge.local.:33440 0 0, PTR SwitchBot E202._hap._tcp.local., (Cache flush) TXT "c#=3" "ff=0" "id=0E:59:5F" "md=homebridge" "pv=1.1" "s#=1" "sf=0" "ci=2" "sh=yE+FFA==", (Cache flush) SRV homebridge.local.:49850 0 0, PTR Televisione 7492._hap._tcp.local., (Cache flush) TXT "c#=21" "ff=0" "id=0B:7:70:6B" "md=OLED55C14LB" "pv=1.1" "s#=1" "sf=0" "ci=31" "sh=IFwVEg==", (Cache flush) SRV homebridge.local.:43467 0 0, PTR homebridge-prometheus-exporter 6097._hap._tcp.local., (Cache flush) TXT "c#=2" "ff=0" "id=0E:C6:E7:21:D6:C4" "md=homebridge" "pv=1.1" "s#=1" "sf=0" "ci=2" "sh=wOpYyw==", (Cache flush) SRV homebridge.local.:35834 0 0, PTR Meross 5B65._hap._tcp.local., (Cache flush) TXT "c#=4" "ff=0" "id=0E:66:A1:4E:B2:EA" "md=homebridge" "pv=1.1" "s#=1" "sf=0" "ci=2" "sh=kMp34A==", (Cache flush)

etc...

From the WAX206 I see all the packets, same on the Mac, but I see only the mDNS devices on the 192.168.1.x subnet. And not on the 192.168.5.x subnet.

I think on macOS the command is

Home@MacBook_Air ~ % netstat -r
Routing tables

Internet:
Destination        Gateway            Flags           Netif Expire
default            nanopi-r4s         UGScg             en6       
default            nanopi-r4s         UGScIg            en0       
127                localhost          UCS               lo0       
localhost          localhost          UH                lo0       
169.254            link#14            UCS               en6      !
169.254            link#12            UCSI              en0      !
192.168.1          link#14            UCS               en6      !
192.168.1          link#12            UCSI              en0      !
192.168.1.2/32     link#14            UCS               en6      !
nanopi-r4s         xx:xx:xx:dd  UHLWIir           en0   1153
192.168.1.2/32     link#12            UCSI              en0      !
nanopi-r4s         xx:xx:xx:xx:dd  UHLWIir           en6   1192
wax206             xx:xx:xx:eb:8d:37  UHLWIi            en6    726
pi.hole            e4:5f:1:ba:e4:c2   UHLWIi            en6   1174
homebridge xx:xx:xx b3:3a:8d   UHLWIi            en6     83
ipad-air-eth       0 xx:xx:xx:0:c:ff     UHLWI             en0   1080
ipad-air-eth       xx:xx:xx:0:c:ff     UHLWI             en6   1080
192.168.1.10/32    link#14            UCS               en6      !
macbook-air        f8:e4:3b:a3:5f:54  UHLWIi            en0    578
lg-oled55c1        xx:xx:xx:b0:2c:58  UHLWI             en0    154
lg-oled55c1        xx:xx:xx:b0:2c:58  UHLWI             en6    154
192.168.1.103/32   link#12            UCS               en0      !
macbook-air-wifi   xx:xx:xx:ea:46:61  UHLWI             lo0       
ipad-pro           link#12            UHLWI             en0      !
ipad-pro           xx:xx:xx:8c:53:57  UHLWI             en6    578
iphone-14-pro      xx:xx:xx:1d:5e:d9   UHLWI             en0    171
iphone-14-pro      xx:xx:xx:1d:5e:d9   UHLWI             en6     80
homepod-mini      xx:xx:xx:84:c2:d3  UHLWIi            en0    894
ipad-mini          f8:b1:dd:a6:53:80  UHLWI             en6    576
192.168.1.150      70:ee:50:65:73:8a  UHLWI             en6   1199
192.168.1.255      ff:ff:ff:ff:ff:ff  UHLWbI            en0      !
192.168.1.255      ff:ff:ff:ff:ff:ff  UHLWbI            en6      !
224.0.0/4          link#14            UmCS              en6      !
224.0.0/4          link#12            UmCSI             en0      !
224.0.0.251        1:0:5e:0:0:fb      UHmLWI            en0       
224.0.0.251        1:0:5e:0:0:fb      UHmLWI            en6       
255.255.255.255/32 link#14            UCS               en6      !
255.255.255.255/32 link#12            UCSI              en0      !
broadcasthost      ff:ff:ff:ff:ff:ff  UHLWbI            en6      !

Home@MacBook_Air ~ % traceroute 192.168.5.1
traceroute to 192.168.5.1 (192.168.5.1), 64 hops max, 52 byte packets
 1  nanopi-r4s (192.168.1.2)  0.839 ms  0.383 ms  0.445 ms
 2  * * *

Home@MacBook_Air ~ % traceroute 192.168.5.210
traceroute to 192.168.5.210 (192.168.5.210), 64 hops max, 52 byte packets
 1  nanopi-r4s (192.168.1.2)  1.029 ms  0.510 ms  0.485 ms
 2  * *

Unfortunately no :frowning:

32

You need to configure the „allow-interfaces“ section in your avahi config and add both interfaces (iot and lan) and uncomment the line.

1 Like
33

I've already done it, indeed I've commented it because if it's commented Avahi should listen on all the interfaces, I tried everything:

What should work: allow-interfaces=br-lan,wl0-ap0

And also in this way: allow-interfaces=iot,lan

Both aren't working.

34

I think the reflector may be working. Notice the Out flag on interfaces wl0-ap0 and wl1-ap0 log lines.

I don't know why there are not any replies though.

Are you sure _hap._tcp.local. is a valid name to query? Did the devices on 192.168.1.x respond to the query from the mac?

I think macs now use ip for setting and checking network parameters. My mac has/uses ip. Legacy tools like netstat may still work. Your reply shows what I wanted to see. Route or no route to 192.168.5.0/24.

Checking the route info is starting on step 2 of debug.

Back to mDNS...
Double check the interface for ssid 'iot' and please do another mDNS query test with your mac only connected to wifi ssid 'iot' on WAX206. and the following tcpdump on WAX206:
tcpdump -i wl0-ap0 port 5353
Capture on the mac and share as well please (tcpdump is likely available but needs to be run with sudo). The capture on WAX206 should at least show the queries but hopefully replies as well.

Thanks

PS - I will be busy with home chores for a couple hours.

35

Yes but it shows only the Homebridge hubs inside the 192.168.1.x subnet

Home@MacBook_Air ~ % dns-sd -Z _hap._tcp local.
Browsing for _hap._tcp.local.
DATE: ---Sun 22 Jan 2023---
 1:07:57.289  ...STARTING...

; To direct clients to browse a different domain, substitute that domain in place of '@'
lb._dns-sd._udp                                 PTR     @

; In the list of services below, the SRV records will typically reference dot-local Multicast DNS names.
; When transferring this zone file data to your unicast DNS server, you'll need to replace those dot-local
; names with the correct fully-qualified (unicast) domain name of the target host offering the service.

_hap._tcp                                       PTR     Homebridge\03227ED._hap._tcp
Homebridge\03227ED._hap._tcp                    SRV     0 0 51625 homebridge.local. ; Replace with unicast FQDN of target host
Homebridge\03227ED._hap._tcp                    TXT     "c#=2" "ff=0" "id= xx:xx:x:C8:F3:6E" "md=homebridge" "pv=1.1" "s#=1" "sf=1" "ci=2" "sh=zeQfPA=="

_hap._tcp                                       PTR     Broadlink\032RM\0324A8F._hap._tcp
Broadlink\032RM\0324A8F._hap._tcp               SRV     0 0 33440 homebridge.local. ; Replace with unicast FQDN of target host
Broadlink\032RM\0324A8F._hap._tcp               TXT     "c#=2" "ff=0" "id= xx:xx:x:FD:F0:28" "md=homebridge" "pv=1.1" "s#=1" "sf=0" "ci=2" "sh=eKzYEw=="

_hap._tcp                                       PTR     SwitchBot\032E202._hap._tcp
SwitchBot\032E202._hap._tcp                     SRV     0 0 49850 homebridge.local. ; Replace with unicast FQDN of target host
SwitchBot\032E202._hap._tcp                     TXT     "c#=3" "ff=0" "id=xx:xx:x:8A:59:5F" "md=homebridge" "pv=1.1" "s#=1" "sf=0" "ci=2" "sh=yE+FFA=="

_hap._tcp                                       PTR     Televisione\0327492._hap._tcp
Televisione\0327492._hap._tcp                   SRV     0 0 44509 homebridge.local. ; Replace with unicast FQDN of target host
Televisione\0327492._hap._tcp                   TXT     "c#=22" "ff=0" "id= xx:xx:x:D6:70:6B" "md=Model Name" "pv=1.1" "s#=1" "sf=0" "ci=31" "sh=IFwVEg=="

_hap._tcp                                       PTR     homebridge-prometheus-exporter\0326097._hap._tcp
homebridge-prometheus-exporter\0326097._hap._tcp SRV     0 0 35834 homebridge.local. ; Replace with

If I join only the "iot" wifi on the Mac, first I get this error

Screenshot 2023-01-22 at 01.10.36
Screenshot 2023-01-22 at 01.10.36744×876 111 KB

Then the Mac is able to discovery some "others" devices, the real devices (but not all, only the neatamo relays that are connected via native HomeKit and not Homebride):

Home@MacBook_Air ~ % dns-sd -Z _hap._tcp local.
Browsing for _hap._tcp.local.
DATE: ---Sun 22 Jan 2023---
 1:11:08.492  ...STARTING...

; To direct clients to browse a different domain, substitute that domain in place of '@'
lb._dns-sd._udp                                 PTR     @

; In the list of services below, the SRV records will typically reference dot-local Multicast DNS names.
; When transferring this zone file data to your unicast DNS server, you'll need to replace those dot-local
; names with the correct fully-qualified (unicast) domain name of the target host offering the service.

_hap._tcp                                       PTR     Homebridge\03227ED._hap._tcp
Homebridge\03227ED._hap._tcp                    SRV     0 0 51625 homebridge.local. ; Replace with unicast FQDN of target host
Homebridge\03227ED._hap._tcp                    TXT     "c#=2" "ff=0" "id= xx:xx:xx:xx::6E" "md=homebridge" "pv=1.1" "s#=1" "sf=1" "ci=2" "sh=zeQfPA=="

_hap._tcp                                       PTR     homebridge-lgwebos-tv\0329992._hap._tcp
homebridge-lgwebos-tv\0329992._hap._tcp         SRV     0 0 33600 homebridge.local. ; Replace with unicast FQDN of target host
homebridge-lgwebos-tv\0329992._hap._tcp         TXT     "c#=2" "ff=0" "id= xx:xx:xx:xx::85:24" "md=homebridge" "pv=1.1" "s#=1" "sf=0" "ci=2" "sh=xZ2SGg=="

_hap._tcp                                       PTR     RPi\0322EDD._hap._tcp
RPi\0322EDD._hap._tcp                           SRV     0 0 35521 homebridge.local. ; Replace with unicast FQDN of target host
RPi\0322EDD._hap._tcp                           TXT     "c#=4" "ff=0" "id= xx:xx:xx:xx: E1:5C" "md=homebridge" "pv=1.1" "s#=1" "sf=0" "ci=2" "sh=foRhag=="

_hap._tcp                                       PTR     homebridge-prometheus-exporter\0326097._hap._tcp
homebridge-prometheus-exporter\0326097._hap._tcp SRV     0 0 35834 homebridge.local. ; Replace with unicast FQDN of target host
homebridge-prometheus-exporter\0326097._hap._tcp TXT     "c#=2" "ff=0" "id= xx:xx:xx:xx::D6:C4" "md=homebridge" "pv=1.1" "s#=1" "sf=0" "ci=2" "sh=wOpYyw=="

_hap._tcp                                       PTR     Televisione\0327492._hap._tcp
Televisione\0327492._hap._tcp                   SRV     0 0 41529 homebridge.local. ; Replace with unicast FQDN of target host
Televisione\0327492._hap._tcp                   TXT     "c#=22" "ff=0" "id= xx:xx:xx:xx::70:6B" "md=Model Name" "pv=1.1" "s#=1" "sf=0" "ci=31" "sh=IFwVEg=="

_hap._tcp                                       PTR     Meross\0325B65._hap._tcp
Meross\0325B65._hap._tcp                        SRV     0 0 53167 homebridge.local. ; Replace with unicast FQDN of target host
Meross\0325B65._hap._tcp                        TXT     "c#=4" "ff=0" "id= xx:xx:xx:xx::EA" "md=homebridge" "pv=1.1" "s#=1" "sf=0" "ci=2" "sh=kMp34A=="

_hap._tcp                                       PTR     SwitchBot\032E202._hap._tcp
SwitchBot\032E202._hap._tcp                     SRV     0 0 49850 homebridge.local. ; Replace with unicast FQDN of target host
SwitchBot\032E202._hap._tcp                     TXT     "c#=3" "ff=0" "id= xx:xx:xx:xx: 8A:59:5F" "md=homebridge" "pv=1.1" "s#=1" "sf=0" "ci=2" "sh=yE+FFA=="

_hap._tcp                                       PTR     Broadlink\032RM\0324A8F._hap._tcp
Broadlink\032RM\0324A8F._hap._tcp               SRV     0 0 33440 homebridge.local. ; Replace with unicast FQDN of target host
Broadlink\032RM\0324A8F._hap._tcp               TXT     "c#=2" "ff=0" "id= xx:xx:xx:xx::F0:28" "md=homebridge" "pv=1.1" "s#=1" "sf=0" "ci=2" "sh=eKzYEw=="

_hap._tcp                                       PTR     Netatmo\032Relay\032(2)._hap._tcp
Netatmo\032Relay\032(2)._hap._tcp               SRV     0 0 5001 Netatmo\032Relay-6.local. ; Replace with unicast FQDN of target host
Netatmo\032Relay\032(2)._hap._tcp               TXT     "c#=9" "s#=1" "ff=1" "sf=0" "pv=1.1" "md=Netatmo Relay" "id= xx:xx:xx:xx::AA:08" "na_tkn=c69f3a30d4f9" "ci=2" "sh=C9CoeQ=="

_hap._tcp                                       PTR     Weather\032Station\032(2)._hap._tcp
Weather\032Station\032(2)._hap._tcp             SRV     0 0 5001 Weather\032Station-6.local. ; Replace with unicast FQDN of target host
Weather\032Station\032(2)._hap._tcp             TXT     "c#=11" "s#=1" "ff=1" "sf=0" "pv=1.1" "md=Weather Station" "id=xx:xx:xx:xx:43:B8" "na_tkn=806e7234ae43" "ci=2" "sh=PQgp5A=="

What you mean for "double che the interface iot"? What I have to check?

Anyway if I've joined only the 'iot' SSID I'm unable to SSH into the WAX206, because -as I want- it's not reachable. If I enable the ethernet adapter on the Mac, I join my main network 192.168.1.x and the output of

tcpdump -i wl0-ap0 port 5353

on the WAX206 is:

Summary 
root@WAX206:~# tcpdump -i wl0-ap0 port 5353
tcpdump: verbose output suppressed, use -v[v]... for full protocol decode
listening on wl0-ap0, link-type EN10MB (Ethernet), snapshot length 262144 bytes

01:19:44.640652 IP6 fe80::20c:43ff:fe26:6030.5353 > ff02::fb.5353: 0*- [0q] 22/0/0 (Cache flush) TXT "rpBA=E0:00:28:D1:C9:76" "rpVr=420.5" "rpAD=b3460028eb48", OPT UDPsize=1440 [Opt4 00643ea09d42c78970b3061d5ed9], (Cache flush) NSEC, (Cache flush) NSEC, (Cache flush) NSEC, (Cache flush) NSEC, (Cache flush) NSEC, (Cache flush) NSEC, (Cache flush) AAAA fd91:e81d:cbd3:4623:1076:22e4:f83b:8ceb, (Cache flush) A 192.168.1.109, (Cache flush) SRV Giulios-iPhone.local.:32498 0 0, (Cache flush) PTR Giulios-iPhone.local., (Cache flush) PTR Giulios-iPhone.local., (Cache flush) PTR Giulios-iPhone.local., PTR xx:xx:xx1d:5e:d9@fe80::72b3:6ff:fe1d:5ed9-supportsRP._apple-mobdev2._tcp.local., PTR xx:xx:xx:1d:5e:d9@fe80::72b3:6ff:fe1d:5ed9-supportsRP._apple-mobdev2._tcp.local., PTR _apple-mobdev2._tcp.local., (Cache flush) TXT "", (Cache flush) SRV Giulios-iPhone.local.:49154 0 0, TXT "model=D73AP", PTR GiulioM-bM-^@M-^Ys iPhone._rdlink._tcp.local., PTR _rdlink._tcp.local. (798)
01:19:44.641916 IP WAX206.lan.5353 > 224.0.0.251.5353: 0*- [0q] 22/0/0 (Cache flush) TXT "rpBA=xx:xx:xx:D1:C9:76" "rpVr=420.5" "rpAD=b3460028eb48", OPT UDPsize=1440 [Opt4 00643ea09d42c78970b3061d5ed9], (Cache flush) NSEC, (Cache flush) NSEC, (Cache flush) NSEC, (Cache flush) NSEC, (Cache flush) NSEC, (Cache flush) NSEC, (Cache flush) AAAA fd91:e81d:cbd3:4623:1076:22e4:f83b:8ceb, (Cache flush) A 192.168.1.109, (Cache flush) SRV Giulios-iPhone.local.:32498 0 0, (Cache flush) PTR Giulios-iPhone.local., (Cache flush) PTR Giulios-iPhone.local., (Cache flush) PTR Giulios-iPhone.local., PTR 70:b3:06:1d:5e:d9@fe80::72b3:6ff:fe1d:5ed9-supportsRP._apple-mobdev2._tcp.local., PTR 70:b3:06:1d:5e:d9@fe80::72b3:6ff:fe1d:5ed9-supportsRP._apple-mobdev2._tcp.local., PTR _apple-mobdev2._tcp.local., (Cache flush) TXT "", (Cache flush) SRV Giulios-iPhone.local.:49154 0 0, TXT "model=D73AP", PTR GiulioM-bM-^@M-^Ys iPhone._rdlink._tcp.local., PTR _rdlink._tcp.local. (798)
01:19:44.656610 IP6 fe80::20c:43ff:fe26:6030.5353 > ff02::fb.5353: 0*- [0q] 15/0/0 TXT "model=J321AP", OPT UDPsize=1440 [Opt4 001d02cd118202faec2ce28c5357], (Cache flush) NSEC, (Cache flush) NSEC, (Cache flush) NSEC, (Cache flush) NSEC, (Cache flush) NSEC, (Cache flush) A 192.168.1.106, (Cache flush) AAAA fd91:e81d:cbd3:4623:457:b00b:23ca:2855, (Cache flush) PTR iPadPro.local., (Cache flush) PTR iPadPro.local., (Cache flush) PTR iPadPro.local., (Cache flush) SRV iPadPro.local.:51082 0 0, PTR iPadPro._rdlink._tcp.local., (Cache flush) TXT "rpBA=65:F6:A4:05:44:E4" "rpVr=420.5" "rpAD=d4874902a764" (556)
01:19:44.656997 IP WAX206.lan.5353 > 224.0.0.251.5353: 0*- [0q] 15/0/0 TXT "model=J321AP", OPT UDPsize=1440 [Opt4 001d02cd118202faec2ce28c5357], (Cache flush) NSEC, (Cache flush) NSEC, (Cache flush) NSEC, (Cache flush) NSEC, (Cache flush) NSEC, (Cache flush) A 192.168.1.106, (Cache flush) AAAA fd91:e81d:cbd3:4623:457:b00b:23ca:2855, (Cache flush) PTR iPadPro.local., (Cache flush) PTR iPadPro.local., (Cache flush) PTR iPadPro.local., (Cache flush) SRV iPadPro.local.:51082 0 0, PTR iPadPro._rdlink._tcp.local., (Cache flush) TXT "rpBA=xx:xx:xxE4" "rpVr=420.5" "rpAD=d4874902a764" (556)
01:19:45.649149 IP6 fe80::20c:43ff:fe26:6030.5353 > ff02::fb.5353: 0*- [0q] 16/0/0 TXT "model=J310AP", OPT UDPsize=1440 [Opt4 00bd669a19d881fbf8b1dda65380], (Cache flush) NSEC, (Cache flush) NSEC, (Cache flush) NSEC, (Cache flush) NSEC, (Cache flush) NSEC, (Cache flush) AAAA fd91:e81d:cbd3:4623:82a:64f8:bd33:12c7, (Cache flush) A 192.168.1.128, (Cache flush) PTR iPad-Mini-5.local., (Cache flush) PTR iPad-Mini-5.local., (Cache flush) PTR iPad-Mini-5.local., (Cache flush) SRV iPad-Mini-5.local.:49154 0 0, PTR iPad-Mini (3)._rdlink._tcp.local., PTR _rdlink._tcp.local., (Cache flush) TXT "rpBA=xx:xx:xx:DB:59" "rpVr=420.5" "rpAD=ffcb792dfd53" (609)
01:19:45.649842 IP WAX206.lan.5353 > 224.0.0.251.5353: 0*- [0q] 16/0/0 TXT "model=J310AP", OPT UDPsize=1440 [Opt4 00bd669a19d881fbf8b1dda65380], (Cache flush) NSEC, (Cache flush) NSEC, (Cache flush) NSEC, (Cache flush) NSEC, (Cache flush) NSEC, (Cache flush) AAAA fd91:e81d:cbd3:4623:82a:64f8:bd33:12c7, (Cache flush) A 192.168.1.128, (Cache flush) PTR iPad-Mini-5.local., (Cache flush) PTR iPad-Mini-5.local., (Cache flush) PTR iPad-Mini-5.local., (Cache flush) SRV iPad-Mini-5.local.:49154 0 0, PTR iPad-Mini (3)._rdlink._tcp.local., PTR _rdlink._tcp.local., (Cache flush) TXT "rpBA=F5:3E:6D:84:DB:59" "rpVr=420.5" "rpAD=ffcb792dfd53" (609)
01:19:46.805243 IP6 fe80::20c:43ff:fe26:6030.5353 > ff02::fb.5353: 0*- [0q] 5/0/0 PTR GiulioM-bM-^@M-^Ys iPhone._rdlink._tcp.local., OPT UDPsize=1440 [Opt4 00643ea09d42c78970b3061d5ed9], PTR 70:b3:06:1d:5e:d9@fe80::72b3:6ff:fe1d:5ed9-supportsRP._apple-mobdev2._tcp.local., PTR 70:b3:06:1d:5e:d9@fe80::72b3:6ff:fe1d:5ed9-supportsRP._apple-mobdev2._tcp.local., TXT "model=D73AP" (257)
01:19:46.805790 IP WAX206.lan.5353 > 224.0.0.251.5353: 0*- [0q] 5/0/0 PTR GiulioM-bM-^@M-^Ys iPhone._rdlink._tcp.local., OPT UDPsize=1440 [Opt4 00643ea09d42c78970b3061d5ed9], PTR 70:b3:06:1d:5e:d9@fe80::72b3:6ff:fe1d:5ed9-supportsRP._apple-mobdev2._tcp.local., PTR 70:b3:06:1d:5e:d9@fe80::72b3:6ff:fe1d:5ed9-supportsRP._apple-mobdev2._tcp.local., TXT "model=D73AP" (257)
01:19:51.667043 IP6 fe80::20c:43ff:fe26:6030.5353 > ff02::fb.5353: 0*- [0q] 3/0/0 TXT "model=J310AP", OPT UDPsize=1440 [Opt4 00bd669a19d881fbf8b1dda65380], PTR iPad-Mini (3)._rdlink._tcp.local. (139)
01:19:51.667409 IP WAX206.lan.5353 > 224.0.0.251.5353: 0*- [0q] 3/0/0 TXT "model=J310AP", OPT UDPsize=1440 [Opt4 00bd669a19d881fbf8b1dda65380], PTR iPad-Mini (3)._rdlink._tcp.local. (139)
01:19:51.690620 IP Netatmo.lan.5353 > 224.0.0.251.5353: 0*- [0q] 1/0/6 PTR Weather Station (2)._hap._tcp.local. (301)
01:19:51.690660 IP Netatmo.lan.5353 > 224.0.0.251.5353: 0*- [0q] 1/0/6 PTR Weather Station (2)._hap._tcp.local. (301)
01:19:51.691990 IP6 fe80::72ee:50ff:fe65:738a.5353 > ff02::fb.5353: 0*- [0q] 1/0/6 PTR Weather Station (2)._hap._tcp.local. (301)
01:19:51.692008 IP6 fe80::72ee:50ff:fe65:738a.5353 > ff02::fb.5353: 0*- [0q] 1/0/6 PTR Weather Station (2)._hap._tcp.local. (301)
01:19:51.693869 IP WAX206.lan.5353 > 224.0.0.251.5353: 0*- [0q] 6/0/0 PTR Weather Station (2)._hap._tcp.local., (Cache flush) NSEC, (Cache flush) NSEC, (Cache flush) A 192.168.5.150, (Cache flush) SRV Weather Station-6.local.:5001 0 0, (Cache flush) TXT "c#=11" "s#=1" "ff=1" "sf=0" "pv=1.1" "md=Weather Station" "id=E4:F5:F7:45:43:B8" "na_tkn=806e7234ae43" "ci=2" "sh=PQgp5A==" (273)
01:19:51.715821 IP 192.168.5.247.5353 > 224.0.0.251.5353: 0*- [0q] 1/0/6 PTR Netatmo Relay (2)._hap._tcp.local. (295)
01:19:51.715850 IP 192.168.5.247.5353 > 224.0.0.251.5353: 0*- [0q] 1/0/6 PTR Netatmo Relay (2)._hap._tcp.local. (295)
01:19:51.716701 IP6 fe80::72ee:50ff:fe6d:c680.5353 > ff02::fb.5353: 0*- [0q] 1/0/6 PTR Netatmo Relay (2)._hap._tcp.local. (295)
01:19:51.716724 IP6 fe80::72ee:50ff:fe6d:c680.5353 > ff02::fb.5353: 0*- [0q] 1/0/6 PTR Netatmo Relay (2)._hap._tcp.local. (295)
01:19:51.720036 IP WAX206.lan.5353 > 224.0.0.251.5353: 0*- [0q] 6/0/0 PTR Netatmo Relay (2)._hap._tcp.local., (Cache flush) NSEC, (Cache flush) NSEC, (Cache flush) A 192.168.5.247, (Cache flush) SRV Netatmo Relay-6.local.:5001 0 0, (Cache flush) TXT "c#=9" "s#=1" "ff=1" "sf=0" "pv=1.1" "md=Netatmo Relay^@" "id=47:CE:C1:9E:AA:08" "na_tkn=c69f3a30d4f9" "ci=2" "sh=C9CoeQ==" (267)
01:19:51.771325 IP6 fe80::20c:43ff:fe26:6030.5353 > ff02::fb.5353: 0*- [0q] 16/0/0 PTR 70-35-60-63.1 Salotto._sleep-proxy._udp.local., (Cache flush) NSEC, (Cache flush) NSEC, (Cache flush) NSEC, (Cache flush) NSEC, (Cache flush) AAAA fd91:e81d:cbd3:4623:4:fda2:c5d7:70c0, (Cache flush) A 192.168.1.127, (Cache flush) SRV Salotto.local.:57645 0 0, (Cache flush) SRV Salotto.local.:49153 0 0, (Cache flush) TXT "si=A5D5839C-C9EB-4A47-A1B8-17814B7A2D2B", (Cache flush) TXT "rpMac=2" "rpHN=246f754f5bcc" "rpFl=0x62792" "rpHA=88c9304858a3" "rpMd=AudioAccessory5,1" "rpVr=420.5" "rpAD=60a5e84a88ef" "rpHI=2e7e85f0ac20" "rpBA=E1:E6:A9:47:69:B1", (Cache flush) SRV Salotto.local.:55390 0 0, (Cache flush) TXT "", PTR 25938A7C-E1DB-58E2-B798-2B2A4D018236._homekit._tcp.local., PTR Salotto._companion-link._tcp.local., TXT "model=B520AP" (642)

etc...

On the Mac, but consider that I'm also connected to the ethernet:

Summary 
Home@MacBook_Air ~ % sudo tcpdump  port 5353 
tcpdump: data link type PKTAP
tcpdump: verbose output suppressed, use -v[v]... for full protocol decode
listening on pktap, link-type PKTAP (Apple DLT_PKTAP), snapshot length 524288 bytes
01:29:45.531167 IP6 wax206.local.mdns > ff02::fb.mdns: 0*- [0q] 9/0/0 TXT "model=J310AP", (Cache flush) NSEC, (Cache flush) NSEC, (Cache flush) AAAA fd91:e81d:cbd3:4623:82a:64f8:bd33:12c7, (Cache flush) A 192.168.1.128, (Cache flush) SRV iPad-Mini-5.local.:49154 0 0, PTR iPad-Mini (3)._rdlink._tcp.local., PTR _rdlink._tcp.local., (Cache flush) TXT "rpBA=F5:3E:6D:84:DB:59" "rpVr=420.5" "rpAD=ffcb792dfd53" (328)
01:29:45.531171 IP 192.168.5.1.mdns > 224.0.0.251.mdns: 0*- [0q] 9/0/0 TXT "model=J310AP", (Cache flush) NSEC, (Cache flush) NSEC, (Cache flush) AAAA fd91:e81d:cbd3:4623:82a:64f8:bd33:12c7, (Cache flush) A 192.168.1.128, (Cache flush) SRV iPad-Mini-5.local.:49154 0 0, PTR iPad-Mini (3)._rdlink._tcp.local., PTR _rdlink._tcp.local., (Cache flush) TXT "rpBA=F5:3E:6D:84:DB:59" "rpVr=420.5" "rpAD=ffcb792dfd53" (328)
01:29:45.531254 IP6 wax206.local.mdns > ff02::fb.mdns: 0 [2a] [2q] AAAA (QM)? Weather Station-6.local. AAAA (QM)? Netatmo Relay-6.local. (119)
01:29:45.531286 IP 192.168.5.1.mdns > 224.0.0.251.mdns: 0 [2q] AAAA (QM)? Weather Station-6.local. AAAA (QM)? Netatmo Relay-6.local. (63)
01:29:45.544895 IP homepod-mini.mdns > 224.0.0.251.mdns: 0*- [0q] 4/0/13 PTR 70-35-60-63.1 Salotto._sleep-proxy._udp.local., TXT "model=B520AP", PTR Salotto._companion-link._tcp.local., PTR 25938A7C-E1DB-58E2-B798-2B2A4D018236._homekit._tcp.local. (670)
01:29:45.546463 IP6 salotto.local.mdns > ff02::fb.mdns: 0*- [0q] 4/0/13 PTR 70-35-60-63.1 Salotto._sleep-proxy._udp.local., TXT "model=B520AP", PTR Salotto._companion-link._tcp.local., PTR 25938A7C-E1DB-58E2-B798-2B2A4D018236._homekit._tcp.local. (670)
01:29:45.585218 IP wax206.mdns > 224.0.0.251.mdns: 0*- [0q] 2/0/0 (Cache flush) A 192.168.5.150, (Cache flush) NSEC (71)
01:29:45.619868 IP wax206.mdns > 224.0.0.251.mdns: 0*- [0q] 2/0/0 (Cache flush) A 192.168.5.247, (Cache flush) NSEC (69)
01:29:45.661098 IP6 macbook-air-2.local.mdns > ff02::fb.mdns: 0 PTR (QU)? 0.3.0.6.6.2.e.f.f.f.3.4.c.0.2.0.0.0.0.0.0.0.0.0.0.0.0.0.0.8.e.f.ip6.arpa. (90)
01:29:45.661158 IP6 macbook-air-2.local.mdns > ff02::fb.mdns: 0 PTR (QU)? 0.3.0.6.6.2.e.f.f.f.3.4.c.0.2.0.0.0.0.0.0.0.0.0.0.0.0.0.0.8.e.f.ip6.arpa. (90)
01:29:45.661257 IP 192.168.5.198.mdns > 224.0.0.251.mdns: 0 PTR (QU)? 0.3.0.6.6.2.e.f.f.f.3.4.c.0.2.0.0.0.0.0.0.0.0.0.0.0.0.0.0.8.e.f.ip6.arpa. (90)
01:29:45.661309 IP6 macbook-air-2.local.mdns > ff02::fb.mdns: 0 PTR (QU)? 0.3.0.6.6.2.e.f.f.f.3.4.c.0.2.0.0.0.0.0.0.0.0.0.0.0.0.0.0.8.e.f.ip6.arpa. (90)
01:29:45.661355 IP macbook-air.mdns > 224.0.0.251.mdns: 0 PTR (QU)? 0.3.0.6.6.2.e.f.f.f.3.4.c.0.2.0.0.0.0.0.0.0.0.0.0.0.0.0.0.8.e.f.ip6.arpa. (90)
01:29:45.661400 IP6 macbook-air-2.local.mdns > ff02::fb.mdns: 0 PTR (QU)? 0.3.0.6.6.2.e.f.f.f.3.4.c.0.2.0.0.0.0.0.0.0.0.0.0.0.0.0.0.8.e.f.ip6.arpa. (90)
01:29:45.734292 IP6 wax206.local.mdns > ff02::fb.mdns: 0*- [0q] 16/0/0 PTR 70-35-60-63.1 Salotto._sleep-proxy._udp.local., (Cache flush) NSEC, (Cache flush) NSEC, (Cache flush) NSEC, (Cache flush) NSEC, (Cache flush) AAAA fd91:e81d:cbd3:4623:4:fda2:c5d7:70c0, (Cache flush) A 192.168.1.127, (Cache flush) SRV Salotto.local.:57645 0 0, (Cache flush) SRV Salotto.local.:49153 0 0, (Cache flush) TXT "si=A5D5839C-C9EB-4A47-A1B8-17814B7A2D2B", (Cache flush) TXT "rpMac=2" "rpHN=799a2ebf62cd" "rpFl=0x62792" "rpHA=75096cfdef50" "rpMd=AudioAccessory5,1" "rpVr=420.5" "rpAD=e883db47c099" "rpHI=1dd63cd9b219" "rpBA=D7:17:C3:43:9C:EB", (Cache flush) SRV Salotto.local.:55390 0 0, (Cache flush) TXT "", PTR 25938A7C-E1DB-58E2-B798-2B2A4D018236._homekit._tcp.local., PTR Salotto._companion-link._tcp.local., TXT "model=B520AP" (642)
01:29:45.734296 IP 192.168.5.1.mdns > 224.0.0.251.mdns: 0*- [0q] 16/0/0 PTR 70-35-60-63.1 Salotto._sleep-proxy._udp.local., (Cache flush) NSEC, (Cache flush) NSEC, (Cache flush) NSEC, (Cache flush) NSEC, (Cache flush) AAAA fd91:e81d:cbd3:4623:4:fda2:c5d7:70c0, (Cache flush) A 192.168.1.127, (Cache flush) SRV Salotto.local.:57645 0 0, (Cache flush) SRV Salotto.local.:49153 0 0, (Cache flush) TXT "si=A5D5839C-C9EB-4A47-A1B8-17814B7A2D2B", (Cache flush) TXT "rpMac=2" "rpHN=799a2ebf62cd" "rpFl=0x62792" "rpHA=75096cfdef50" "rpMd=AudioAccessory5,1" "rpVr=420.5" "rpAD=e883db47c099" "rpHI=1dd63cd9b219" "rpBA=D7:17:C3:43:9C:EB", (Cache flush) SRV Salotto.local.:55390 0 0, (Cache flush) TXT "", PTR 25938A7C-E1DB-58E2-B798-2B2A4D018236._homekit._tcp.local., PTR Salotto._companion-link._tcp.local., TXT "model=B520AP" (642)
01:29:45.735446 IP 192.168.5.150.mdns > 224.0.0.251.mdns: 0*- [0q] 1/0/2 (Cache flush) AAAA fe80::72ee:50ff:fe65:738a (99)
01:29:45.735449 IP6 weather station-6.local.mdns > ff02::fb.mdns: 0*- [0q] 1/0/2 (Cache flush) AAAA fe80::72ee:50ff:fe65:738a (99)
01:29:45.735473 IP 192.168.5.1.mdns > 224.0.0.251.mdns: 0*- [0q] 2/0/0 (Cache flush) A 192.168.5.150, (Cache flush) NSEC (71)
01:29:45.736662 IP 192.168.5.247.mdns > 224.0.0.251.mdns: 0*- [0q] 1/0/2 (Cache flush) AAAA fe80::72ee:50ff:fe6d:c680 (97)
01:29:45.736664 IP6 netatmo relay-6.local.mdns > ff02::fb.mdns: 0*- [0q] 1/0/2 (Cache flush) AAAA fe80::72ee:50ff:fe6d:c680 (97)
01:29:45.736687 IP 192.168.5.1.mdns > 224.0.0.251.mdns: 0*- [0q] 2/0/0 (Cache flush) A 192.168.5.247, (Cache flush) NSEC (69)
01:29:45.737941 IP6 wax206.local.mdns > ff02::fb.mdns: 0 PTR (QM)? 0.3.0.6.6.2.e.f.f.f.3.4.c.0.2.0.0.0.0.0.0.0.0.0.0.0.0.0.0.8.e.f.ip6.arpa. (90)
01:29:45.737944 IP 192.168.5.1.mdns > 224.0.0.251.mdns: 0 PTR (QM)? 0.3.0.6.6.2.e.f.f.f.3.4.c.0.2.0.0.0.0.0.0.0.0.0.0.0.0.0.0.8.e.f.ip6.arpa. (90)
01:29:45.739738 IP6 wax206.local.mdns > ff02::fb.mdns: 0*- [0q] 1/0/0 (Cache flush) PTR WAX206.local. (110)
01:29:45.866302 IP6 macbook-air-2.local.mdns > ff02::fb.mdns: 0 PTR (QU)? 0.4.f.b.b.1.0.2.5.0.1.3.2.e.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.8.e.f.ip6.arpa. (90)
01:29:45.866364 IP6 macbook-air-2.local.mdns > ff02::fb.mdns: 0 PTR (QU)? 0.4.f.b.b.1.0.2.5.0.1.3.2.e.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.8.e.f.ip6.arpa. (90)
01:29:45.866471 IP 192.168.5.198.mdns > 224.0.0.251.mdns: 0 PTR (QU)? 0.4.f.b.b.1.0.2.5.0.1.3.2.e.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.8.e.f.ip6.arpa. (90)
01:29:45.866525 IP6 macbook-air-2.local.mdns > ff02::fb.mdns: 0 PTR (QU)? 0.4.f.b.b.1.0.2.5.0.1.3.2.e.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.8.e.f.ip6.arpa. (90)
01:29:45.866575 IP macbook-air.mdns > 224.0.0.251.mdns: 0 PTR (QU)? 0.4.f.b.b.1.0.2.5.0.1.3.2.e.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.8.e.f.ip6.arpa. (90)
01:29:45.866624 IP6 macbook-air-2.local.mdns > ff02::fb.mdns: 0 PTR (QU)? 0.4.f.b.b.1.0.2.5.0.1.3.2.e.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.8.e.f.ip6.arpa. (90)
01:29:45.938297 IP6 wax206.local.mdns > ff02::fb.mdns: 0 PTR (QM)? 0.4.f.b.b.1.0.2.5.0.1.3.2.e.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.8.e.f.ip6.arpa. (90)
01:29:45.938301 IP 192.168.5.1.mdns > 224.0.0.251.mdns: 0 PTR (QM)? 0.4.f.b.b.1.0.2.5.0.1.3.2.e.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.8.e.f.ip6.arpa. (90)
01:29:45.990348 IP homepod-mini.mdns > 224.0.0.251.mdns: 0*- [0q] 1/0/2 (Cache flush) PTR Salotto.local. (180)
01:29:45.991764 IP6 salotto.local.mdns > ff02::fb.mdns: 0*- [0q] 1/0/2 (Cache flush) PTR Salotto.local. (180)
01:29:46.148154 IP6 wax206.local.mdns > ff02::fb.mdns: 0*- [0q] 2/0/0 (Cache flush) PTR Salotto.local., (Cache flush) NSEC (129)
01:29:46.148160 IP 192.168.5.1.mdns > 224.0.0.251.mdns: 0*- [0q] 2/0/0 (Cache flush) PTR Salotto.local., (Cache flush) NSEC (129)
01:29:46.209542 IP6 macbook-air-2.local.mdns > ff02::fb.mdns: 0 PTR (QU)? f.c.9.3.a.c.e.f.f.f.e.7.f.e.c.c.0.0.0.0.0.0.0.0.0.0.0.0.0.8.e.f.ip6.arpa. (90)
01:29:46.209602 IP6 macbook-air-2.local.mdns > ff02::fb.mdns: 0 PTR (QU)? f.c.9.3.a.c.e.f.f.f.e.7.f.e.c.c.0.0.0.0.0.0.0.0.0.0.0.0.0.8.e.f.ip6.arpa. (90)
01:29:46.209704 IP 192.168.5.198.mdns > 224.0.0.251.mdns: 0 PTR (QU)? f.c.9.3.a.c.e.f.f.f.e.7.f.e.c.c.0.0.0.0.0.0.0.0.0.0.0.0.0.8.e.f.ip6.arpa. (90)
01:29:46.209757 IP6 macbook-air-2.local.mdns > ff02::fb.mdns: 0 PTR (QU)? f.c.9.3.a.c.e.f.f.f.e.7.f.e.c.c.0.0.0.0.0.0.0.0.0.0.0.0.0.8.e.f.ip6.arpa. (90)
01:29:46.209804 IP macbook-air.mdns > 224.0.0.251.mdns: 0 PTR (QU)? f.c.9.3.a.c.e.f.f.f.e.7.f.e.c.c.0.0.0.0.0.0.0.0.0.0.0.0.0.8.e.f.ip6.arpa. (90)
01:29:46.209853 IP6 macbook-air-2.local.mdns > ff02::fb.mdns: 0 PTR (QU)? f.c.9.3.a.c.e.f.f.f.e.7.f.e.c.c.0.0.0.0.0.0.0.0.0.0.0.0.0.8.e.f.ip6.arpa. (90)
01:29:46.327424 IP6 macbook-air-2.local.mdns > ff02::fb.mdns: 0*- [0q] 1/0/1 (Cache flush) PTR MacBook-Air-2.local. (135)
01:29:46.348082 IP6 wax206.local.mdns > ff02::fb.mdns: 0 PTR (QM)? f.c.9.3.a.c.e.f.f.f.e.7.f.e.c.c.0.0.0.0.0.0.0.0.0.0.0.0.0.8.e.f.ip6.arpa. (90)
01:29:46.348088 IP 192.168.5.1.mdns > 224.0.0.251.mdns: 0 PTR (QM)? f.c.9.3.a.c.e.f.f.f.e.7.f.e.c.c.0.0.0.0.0.0.0.0.0.0.0.0.0.8.e.f.ip6.arpa. (90)
01:29:46.421823 IP6 macbook-air-2.local.mdns > ff02::fb.mdns: 0 PTR (QU)? 0.d.9.3.a.c.e.f.f.f.e.7.f.e.c.c.0.0.0.0.0.0.0.0.0.0.0.0.0.8.e.f.ip6.arpa. (90)
01:29:46.421885 IP6 macbook-air-2.local.mdns > ff02::fb.mdns: 0 PTR (QU)? 0.d.9.3.a.c.e.f.f.f.e.7.f.e.c.c.0.0.0.0.0.0.0.0.0.0.0.0.0.8.e.f.ip6.arpa. (90)
01:29:46.421997 IP 192.168.5.198.mdns > 224.0.0.251.mdns: 0 PTR (QU)? 0.d.9.3.a.c.e.f.f.f.e.7.f.e.c.c.0.0.0.0.0.0.0.0.0.0.0.0.0.8.e.f.ip6.arpa. (90)
01:29:46.422048 IP6 macbook-air-2.local.mdns > ff02::fb.mdns: 0 PTR (QU)? 0.d.9.3.a.c.e.f.f.f.e.7.f.e.c.c.0.0.0.0.0.0.0.0.0.0.0.0.0.8.e.f.ip6.arpa. (90)
01:29:46.422096 IP macbook-air.mdns > 224.0.0.251.mdns: 0 PTR (QU)? 0.d.9.3.a.c.e.f.f.f.e.7.f.e.c.c.0.0.0.0.0.0.0.0.0.0.0.0.0.8.e.f.ip6.arpa. (90)
01:29:46.422182 IP6 macbook-air-2.local.mdns > ff02::fb.mdns: 0 PTR (QU)? 0.d.9.3.a.c.e.f.f.f.e.7.f.e.c.c.0.0.0.0.0.0.0.0.0.0.0.0.0.8.e.f.ip6.arpa. (90)
01:29:46.467922 IP ipad-mini.mdns > 224.0.0.251.mdns: 0*- [0q] 8/0/3 TXT "model=J310AP", (Cache flush) TXT "rpBA=F5:3E:6D:84:DB:59" "rpVr=420.5" "rpAD=ffcb792dfd53", PTR _rdlink._tcp.local., PTR iPad-Mini (3)._rdlink._tcp.local., (Cache flush) SRV iPad-Mini-5.local.:49154 0 0, (Cache flush) AAAA fe80::1038:58ae:2bfb:f0fc, (Cache flush) A 192.168.1.128, (Cache flush) AAAA fd91:e81d:cbd3:4623:82a:64f8:bd33:12c7 (385)

etc..

If I disable the ethernet adapter (en6), and I stay connected only to the WAX206 'iot' wireless network

Summary 
Home@MacBook_Air ~ % sudo tcpdump  port 5353
tcpdump: data link type PKTAP
tcpdump: verbose output suppressed, use -v[v]... for full protocol decode
listening on pktap, link-type PKTAP (Apple DLT_PKTAP), snapshot length 524288 bytes
01:32:30.016863 IP6 macbook-air-2.local.mdns > ff02::fb.mdns: 0 [2q] TXT (QM)? 25938A7C-E1DB-58E2-B798-2B2A4D018236._homekit._tcp.local. TXT (QM)? 5C3DA72C-9397-512B-945E-C60BCCC6E98A (4)._homekit._tcp.local. (121)
01:32:30.016925 IP6 macbook-air-2.local.mdns > ff02::fb.mdns: 0 [2q] TXT (QM)? 25938A7C-E1DB-58E2-B798-2B2A4D018236._homekit._tcp.local. TXT (QM)? 5C3DA72C-9397-512B-945E-C60BCCC6E98A (4)._homekit._tcp.local. (121)
01:32:30.017054 IP 192.168.5.198.mdns > 224.0.0.251.mdns: 0 [2q] TXT (QM)? 25938A7C-E1DB-58E2-B798-2B2A4D018236._homekit._tcp.local. TXT (QM)? 5C3DA72C-9397-512B-945E-C60BCCC6E98A (4)._homekit._tcp.local. (121)
01:32:30.031064 IP 192.168.5.1.mdns > 224.0.0.251.mdns: 0 [2q] TXT (QM)? 25938A7C-E1DB-58E2-B798-2B2A4D018236._homekit._tcp.local. TXT (QM)? 5C3DA72C-9397-512B-945E-C60BCCC6E98A (4)._homekit._tcp.local. (121)
01:32:30.033647 IP6 wax206.local.mdns > ff02::fb.mdns: 0*- [0q] 2/0/0 (Cache flush) TXT "si=B48307DA-5AE6-4E39-A125-4C46B9225C42", (Cache flush) TXT "si=A5D5839C-C9EB-4A47-A1B8-17814B7A2D2B" (213)
01:32:30.117274 IP6 macbook-air-2.local.mdns > ff02::fb.mdns: 0 PTR (QU)? f.c.9.3.a.c.e.f.f.f.e.7.f.e.c.c.0.0.0.0.0.0.0.0.0.0.0.0.0.8.e.f.ip6.arpa. (90)
01:32:30.117336 IP6 macbook-air-2.local.mdns > ff02::fb.mdns: 0 PTR (QU)? f.c.9.3.a.c.e.f.f.f.e.7.f.e.c.c.0.0.0.0.0.0.0.0.0.0.0.0.0.8.e.f.ip6.arpa. (90)
01:32:30.117449 IP 192.168.5.198.mdns > 224.0.0.251.mdns: 0 PTR (QU)? f.c.9.3.a.c.e.f.f.f.e.7.f.e.c.c.0.0.0.0.0.0.0.0.0.0.0.0.0.8.e.f.ip6.arpa. (90)
01:32:30.117501 IP6 macbook-air-2.local.mdns > ff02::fb.mdns: 0 PTR (QU)? f.c.9.3.a.c.e.f.f.f.e.7.f.e.c.c.0.0.0.0.0.0.0.0.0.0.0.0.0.8.e.f.ip6.arpa. (90)
01:32:30.127563 IP 192.168.5.1.mdns > 224.0.0.251.mdns: 0 PTR (QM)? f.c.9.3.a.c.e.f.f.f.e.7.f.e.c.c.0.0.0.0.0.0.0.0.0.0.0.0.0.8.e.f.ip6.arpa. (90)
01:32:30.291016 IP 192.168.5.1.mdns > 224.0.0.251.mdns: 0*- [0q] 2/0/0 (Cache flush) TXT "si=A5D5839C-C9EB-4A47-A1B8-17814B7A2D2B", (Cache flush) NSEC (141)
01:32:30.292527 IP6 wax206.local.mdns > ff02::fb.mdns: 0*- [0q] 1/0/0 (Cache flush) NSEC (89)
01:32:30.314637 IP6 macbook-air-2.local.mdns > ff02::fb.mdns: 0*- [0q] 1/0/1 (Cache flush) PTR MacBook-Air-2.local. (135)
01:32:30.319160 IP 192.168.5.1.mdns > 224.0.0.251.mdns: 0*- [0q] 2/0/0 (Cache flush) TXT "si=B48307DA-5AE6-4E39-A125-4C46B9225C42", (Cache flush) NSEC (145)
01:32:30.319163 IP6 wax206.local.mdns > ff02::fb.mdns: 0*- [0q] 1/0/0 (Cache flush) NSEC (93)
01:32:31.418088 IP6 wax206.local.mdns > ff02::fb.mdns: 0 [2a] PTR (QM)? _hap._tcp.local. (99)
01:32:31.418095 IP 192.168.5.1.mdns > 224.0.0.251.mdns: 0 PTR (QM)? _hap._tcp.local. (33)
01:32:31.418250 IP6 wax206.local.mdns > ff02::fb.mdns: 0*- [0q] 25/0/0 PTR Homebridge 27ED._hap._tcp.local., (Cache flush) SRV homebridge.local.:33600 0 0, (Cache flush) TXT "c#=2" "ff=0" "id=0E:C9:34:9B:85:24" "md=homebridge" "pv=1.1" "s#=1" "sf=0" "ci=2" "sh=xZ2SGg==", PTR homebridge-lgwebos-tv 9992._hap._tcp.local., (Cache flush) SRV homebridge.local.:35521 0 0, (Cache flush) TXT "c#=4" "ff=0" "id=0E:AA:D3:5A:E1:5C" "md=homebridge" "pv=1.1" "s#=1" "sf=0" "ci=2" "sh=foRhag==", PTR RPi 2EDD._hap._tcp.local., (Cache flush) SRV homebridge.local.:53167 0 0, (Cache flush) TXT "c#=4" "ff=0" "id=0E:66:A1:4E:B2:EA" "md=homebridge" "pv=1.1" "s#=1" "sf=0" "ci=2" "sh=kMp34A==", PTR Meross 5B65._hap._tcp.local., (Cache flush) SRV homebridge.local.:35834 0 0, (Cache flush) TXT "c#=2" "ff=0" "id=0E:C6:E7:21:D6:C4" "md=homebridge" "pv=1.1" "s#=1" "sf=0" "ci=2" "sh=wOpYyw==", PTR homebridge-prometheus-exporter 6097._hap._tcp.local., (Cache flush) SRV homebridge.local.:41529 0 0, (Cache flush) TXT "c#=22" "ff=0" "id=0B:74:47:D6:70:6B" "md=Model Name" "pv=1.1" "s#=1" "sf=0" "ci=31" "sh=IFwVEg==", PTR Televisione 7492._hap._tcp.local., (Cache flush) SRV homebridge.local.:33440 0 0, (Cache flush) TXT "c#=2" "ff=0" "id=0E:B7:47:FD:F0:28" "md=homebridge" "pv=1.1" "s#=1" "sf=0" "ci=2" "sh=eKzYEw==", PTR Broadlink RM 4A8F._hap._tcp.local., (Cache flush) SRV homebridge.local.:49850 0 0, (Cache flush) TXT "c#=3" "ff=0" "id=0E:66:68:8A:59:5F" "md=homebridge" "pv=1.1" "s#=1" "sf=0" "ci=2" "sh=yE+FFA==", PTR SwitchBot E202._hap._tcp.local., (Cache flush) A 192.168.1.5, (Cache flush) SRV homebridge.local.:51625 0 0, (Cache flush) TXT "c#=2" "ff=0" "id=0E:94:69:C8:F3:6E" "md=homebridge" "pv=1.1" "s#=1" "sf=1" "ci=2" "sh=zeQfPA==" (1206)

etc..

Hey, thanks to you! And don't worry, reply when you have the time, you are already helping me a lot!

Now I go back to sleep, here -Italy- is the 1:30 AM (as yu can see from the logs :sweat_smile: )

36

Thanks for replying so late.

So, WAX206 sees mdns traffic on both 192.168.1.0/24 and 192.168.5.0/24 networks. I was hoping to see a clear indication of a query and the reply but nothing like that is clear to me. I'm not experienced with mdns and your traffic does not look like the example I saw on someone's blog.

Depending on what your last reply was, I was thinking of asking you to put your mac on a lan interface on the WAX206 but it looks like you did that already. :+1:

If no-one else with avahi experience replies, it may be good to open a new thread with a title specific to this mDNS/avahi issue.

The next part I might be able to help troubleshoot is TCP connectivity to smart devices through the WAX206 (AP/router/firewall). Sometimes devices don't like routing setups like you have.

Does your r4s have a route table entry for 192.168.5.0/24 ?
Please show ip route show from your r4s.

If it does, Also on the r4s do traceroute 192.168.5.1
and traceroute 192.168.5.198 or some device IP you know is alive and should reply.

With your current setup, you might need to add the route to network 192.168.5.0/24 via 192.168.1.3 to all the devices in the 192.168.1.0/24 network. That might be fairly easy with a DHCP option.

An alternative would be to move the routing/firewalling for 192.168.5.0/24 to the R4S and trunk it back from the WAX206. These ideas for changes are only if needed though.

...till Sunday...

1 Like
37

Oh thanks to you for the reply, yes this is my issue, I'm not saying that Avahi isn't working/running, I'm saying that this setup doesn't work for some reasons and I can't figure out why, also becase *is working, onsly *superslow.

:+1:

No but I created it now, just to test. Althought I created it "random", I have no idea well how to do, because the R4S should be "transparent" for this, it should only route the packets to the WAX206/AP, indeed now I have created it but I still can't use Homekit

root@R4S:~# ip route show
default via 192.168.100.1 dev pppoe-wan 
10.4.0.2 dev wg0 scope link 
10.4.0.3 dev wg0 scope link 
10.4.0.4 dev wg0 scope link 
10.4.0.5 dev wg0 scope link 
192.168.1.0/24 dev br-lan scope link  src 192.168.1.2 
192.168.2.0/24 dev eth0 scope link  src 192.168.2.2 
192.168.5.0/24 dev br-lan scope link  src 192.168.5.0 
192.168.100.1 dev pppoe-wan scope link  src 79.21.236.38 
root@R4S:~# 

root@R4S:~# traceroute 192.168.5.1
traceroute to 192.168.5.1 (192.168.5.1), 30 hops max, 46 byte packets
 1  192.168.5.0 (192.168.5.0)  3118.146 ms !H  3119.123 ms !H  3119.765 ms !H
root@R4S:~# 

root@R4S:~# traceroute 192.168.5.116
traceroute to 192.168.5.116 (192.168.5.116), 30 hops max, 46 byte packets
 1  192.168.5.1 (192.168.5.1)  3113.435 ms !H  3119.055 ms !H  3119.753 ms !H
root@R4S:~#

Instead from the WAX206 yes :face_with_raised_eyebrow:

root@WAX206:~# traceroute 192.168.5.116
traceroute to 192.168.5.116 (192.168.5.116), 30 hops max, 46 byte packets
 1  192.168.5.116 (192.168.5.116)  2.171 ms  1.783 ms  1.604 ms
root@WAX206:~#

And obviously also from the Homebridge server the R4S is blocking the route.

pi@homebridge:~ $ traceroute 192.168.5.1
traceroute to 192.168.5.1 (192.168.5.1), 30 hops max, 60 byte packets
 1  Nanopi-R4S (192.168.1.2)  0.329 ms  0.251 ms  0.140 ms
 2  Nanopi-R4S (192.168.1.2)  3099.041 ms !H  3098.932 ms !H  3099.533 ms !H

How can I make the 5.0 subnet available via the router/r4s?

You mean this on the R4S?

config route
	option interface 'lan'
	option target '192.168.5.1/24'
	option gateway '192.168.1.3'

Yes I can also do it, is the same.

38

Ehy wait wait, maybe maybe I succedeed :partying_face: Not all is working because I have to investigate on something, but the lights are super-responsive and other stuff are working.

I added a new routing table to the WAX206 as you suggested:

config route
	option interface 'LAN'
	option gateway '192.168.1.3'
	option source '192.168.1.2'
	option target '192.168.5.0/24'

So

root@R4S:~# route -n
Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
0.0.0.0         192.168.100.1   0.0.0.0         UG    0      0        0 pppoe-wan
10.4.0.2        0.0.0.0         255.255.255.255 UH    0      0        0 wg0
10.4.0.3        0.0.0.0         255.255.255.255 UH    0      0        0 wg0
10.4.0.4        0.0.0.0         255.255.255.255 UH    0      0        0 wg0
10.4.0.5        0.0.0.0         255.255.255.255 UH    0      0        0 wg0
192.168.1.0     0.0.0.0         255.255.255.0   U     0      0        0 br-lan
192.168.2.0     0.0.0.0         255.255.255.0   U     0      0        0 eth0
192.168.5.0     192.168.1.3     255.255.255.0   UG    0      0        0 br-lan
192.168.100.1   0.0.0.0         255.255.255.255 UH    0      0        0 pppoe-wan

And now I'm able to trace route/ping/whatever the devices on the .5 subnet and also the mDNS packets are going through.

Home@MacBook_Air ~ % ping  192.168.5.1
PING 192.168.5.1 (192.168.5.1): 56 data bytes
64 bytes from 192.168.5.1: icmp_seq=0 ttl=63 time=1.074 ms
92 bytes from nanopi-r4s (192.168.1.2): Redirect Host(New addr: 192.168.1.3)
Vr HL TOS  Len   ID Flg  off TTL Pro  cks      Src      Dst
 4  5  00 0054 e7c3   0 0000  3f  01 0c8a 192.168.1.10  192.168.5.1 

64 bytes from 192.168.5.1: icmp_seq=1 ttl=63 time=1.071 ms
92 bytes from nanopi-r4s (192.168.1.2): Redirect Host(New addr: 192.168.1.3)
Vr HL TOS  Len   ID Flg  off TTL Pro  cks      Src      Dst
 4  5  00 0054 fe64   0 0000  3f  01 f5e8 192.168.1.10  192.168.5.1

Yeah it's a bit slow more than 1 sec for a cabled LAN but it doesn't matter at the moment.

pi@homebridge:~ $ traceroute 192.168.5.1
traceroute to 192.168.5.1 (192.168.5.1), 30 hops max, 60 byte packets
 1  Nanopi-R4S (192.168.1.2)  0.321 ms  0.252 ms  0.275 ms
 2  192.168.5.1 (192.168.5.1)  0.605 ms  0.851 ms  0.816 ms

If I connect to the iot WLAN with my devices I'm getting the DHCP address, I'm able to browse online via port 80 but not to reach the main LAN at 192.168.1.x, the HomePod is still on the main LAN/WLAN but things are getting routed correctly now.

The only thing that isn't working is the Netatmo thermostat relay, I have no idea why because the Weather Station is working, maybe I have to try to add it again to HomeKit.

39

Ok now everything is isolated, is working etcc..

BUT

Not the Netatmo Thermostat Relay and Weather Station :thinking: I've added them again to HomeKit but nothing, so I searched on the Netatmo and I've found this https://helpcenter.netatmo.com/en-us/smart-thermostat/connection-wi-fi-radio/advanced-network-troubleshooting-guide

Please check if your router has any firewall / port filtering. If so:

  • Open the 25050 port (TCP).
  • Assign the Wi-Fi module a static IP with its Mac address.

Now I've done also it and the Thermostat and Station are now connected and I can control them via Netatmo app or website BUT not from HomeKit :rage: I don't know what's going on with Apple protocols but these issues are mind blowing!

Netatmo website/app
Screenshot 2023-01-22 at 11.02.47

HomeKit
Screenshot 2023-01-22 at 11.03.52

_hap._tcp                                       PTR     Netatmo\032Relay\032(2)._hap._tcp
Netatmo\032Relay\032(2)._hap._tcp               SRV     0 0 5001 Netatmo\032Relay-2.local. ; Replace with unicast FQDN of target host
Netatmo\032Relay\032(2)._hap._tcp               TXT     "c#=9" "s#=1" "ff=1" "sf=0" "pv=1.1" "md=Netatmo Relay" "id=xx:xxxx:30:BF:3C" "na_tkn=cba8" "ci=2" "sh=LJ/KDg=="

_hap._tcp                                       PTR     Weather\032Station\032(2)._hap._tcp
Weather\032Station\032(2)._hap._tcp             SRV     0 0 5001 Weather\032Station-8.local. ; Replace with unicast FQDN of target host
Weather\032Station\032(2)._hap._tcp             TXT     "c#=11" "s#=1" "ff=1" "sf=0" "pv=1.1" "md=Weather Station" "id= xx:xxxx:F7:45:43:B8" "na_tkn=806e72" "ci=2" "sh=PQgp5A=="

Edit: I solved the DHCP issue, I had to create a rule in order to reach the .5 subnet from the main LAN

config zone
	option name 'lan_to_iot'
	option input 'REJECT'
	option output 'ACCEPT'
	option forward 'REJECT'
	list network 'lan'

config forwarding
	option src 'lan_to_iot'
	option dest 'iot'

Now the only issue that I can't solve, is the Netatmo devices that are not working with Home app, I opened a new thread: Netatmo HomeKit native devices, not able to update iOS Home app when isolated (but work online/using Netamo app)

40

Brrr - that is chilly! my house is at 19.5°C and I wear a hoodie sweatshirt when I sit for a while. :slight_smile:

YAY!!! I'm glad your network is working much better! :champagne:

For debugging ideas:
Questions -
Did the Netatmo thermostat relay never work with Homekit yet or did it stop working with recent network changes?
Did you do a full reset on the thermostat or just re-add it to Homekit? Try a full reset if you didn't do that.
Are the Homekit keys still valid? If the keys are different for each device, remove old Homekit keys for the thermostat and re-add them.
Do you have logs to view in Homekit? If so review them for info on communication problems.
Does access work via iCloud? (disconnect your iPhone from your lan so HomeKit runs as remote access.

For direct Homekit access - Make sure you understand the communication path.
Does Homekit on your iPhone or Mac talk directly to to the Netatmo themostat or does it always use the Homekit Hub (or some other set of components).
What L3 components are involved? Check routing/firewall settings. Do a packet capture to look for packet drops (blocks).
Move the Netatmo thermostat to the main lan (192.168.1.0/24) and re-add it in Homekit. Does it work there? If it does then look at communication issues related to routing/firewall.

When making changes like moving the thermostat, make sure Homekit and your routers and switches learn the change and knows the new connection info.

To verify where the thermostat is on the network, look at arp on your routers and match the thermostat mac address to the IP address and Device.

root@R4S-wrt:~# arp
IP address       HW type     Flags       HW address            Mask     Device
192.168.31.100   0x1         0x0         cc:95:d7:bd:ef:8d     *        sw_switch.31

(Sample from my router)
.
.

Do you mean the Homekit app sees them at .1.x or the operating system does?
On the OS, look at the arp cache to see if it is local or not. Check on the routers to verify where the devices are.
If the Homekit app sees them at the old address then get Homekit to update the device info. Flush caches or rediscover or remove/add the problem devices.

Well, those are my ideas at this point! Please let me know how it goes or ask more questions if you want.

1 Like
41

Ahah yes I had woken up, I opened the windows for 10/15 then I turned on the thermostat...but... it wasn't working :sweat_smile:

thanks for the suggestions!

I tried to re-add the Netatmo devices after a reset but without luck, as soon as I "bridge" the 'iot' WLAN to the LAN (I mean I put all the devices in the same subnet) the Netamo devices appear again! So this should be an issue with the firewall... like as it was for the port 25050 (but this worked only for the online connection, not HomeKit).

The devices are talking with HomeKit but there are no logs for HomeKit, I don't know about them, never heard of them... is the Apple way... :roll_eyes:

Anyway the devices are connected to the WLAN, I see both them (also using arp)

192.168.5.150    0x1         0x2         xx:è:xx:65:73:8a     *        wl0-ap0
192.168.5.247    0x1         0x2         xx:è:xx:6d:c6:80     *        wl0-ap0

Yes I will try again to add them using the main WLAN or searchin on Duck Duck Go, because this is a weird behavior.

I solved it (I edited indeed, but replied before my edit), I had to open a firewall rule to let the "main LAN" to see the "iot LAN"

config zone
	option name 'lan_to_iot'
	option input 'REJECT'
	option output 'ACCEPT'
	option forward 'REJECT'
	list network 'lan'

config forwarding
	option src 'lan_to_iot'
	option dest 'iot'

And now the Homebridge server and other stuff inside the .1.x subnet can view/ping the stuff inside in the .5.x subnet and the devices with static IP are working between the subnet!

All is done fortunately and thanks to your help, I have only to fix the Netatmo devices (well they are working using the Netatmo apps, so no a big issue at the moment).

Thanks again!

1 Like
42

I'm struggling to find out why the Netatmo devices aren't able to communicate

When I assign to the iot WLAN the iot interface, in order to have them isolated on another subnet, I simply don't see any mDNS packet from the Netatmo devices :thinking: they are connected to WLAN, and they are working to send data to the Netatmo servers but not as mDNS inside the LAN.

I don't know, my thought is that, since is the Homebridge server that is sending the mdns discovery queries, and these device aren't on another subnet, then for some reasons they can't find the Homebridge server!
...but all the other iot devices in the same iot subnet, are able to discovery it. So my guess is that those Netatmo devices are using something else to communicate.I have no idea.

These are the captures on the same subnet or separated. When they are separated I imply can't find packets, looks like they are off!

Screenshot 2023-01-23 at 12.22.48
Screenshot 2023-01-23 at 12.22.482754×572 260 KB

Screenshot 2023-01-23 at 12.27.20
Screenshot 2023-01-23 at 12.27.201168×558 98 KB

I don't know what to do... at the moment I simply created a new WLAN called Netatmo bridged to LAN, the devices are there and are working obviously but they are inside my main LAN.

Edit: hmmm I've found that when the Netatmo devices are connected to the main LAN .1, they're sending some ARP packets to search the gateway, ecc.. could be that these devices aren't unable to work with a gateway of .5 instead of .1? I don't know, seems absurd but... (obviously you can't change the network settings on the Netatmo devices, you can only select the wifi ssid to connect).

43

.
.
Clarification:
I was saying to configure the DHCP server for the 192.168.1.0/24 network to provide the route to the .5.x network to all the hosts including the iot smart appliances in the .1.x network. Probably via dhcp option 121.

Hosts / nodes / endpoints are part of the routed network and run code to support routing. In a typical network with hosts connected to an "access" network, only a default route is needed. Outbound ip communications are (in general) a case of - self || directly connected unicast || not directly connected unicast || multicast || broadcast - . So for the case "not directly connected unicast", if a host is in a network (LAN/subnet) that has additional gateways to reach some networks, the route table on the host needs to be be populated for it. Your change is a partial/full workaround - but is it fully correct and does every device work with it?

With all that said, since you don't know the routing capabilities of the iot smart devices, I recommend that you keep the access networks separate from any transit networks. A transit network is the network between two routers.

If you want to keep hosts in your "LAN" (192.168.1.0/24) then reconfigure your R4S and WAX206 to use a new separate network for the routed connectivity through them. That could be a VLAN if you need you have wired devices on a switch between the R4S and WAX206 and want to keep the firewalling on the R4S.

Something to consider anyways. :wink:

1 Like
44

Oh I didn't know thought about this solution, but since the Netatmo devices are using the WAX206 at 192.168.5.0/24 as gateway, I think that if I'll the DHCP from the r4s router at 192.168.1.0/24 they will expect an IP in the .1 subnet. I have no idea, I've never used the option 121, only the most commons 6/12.

Hosts / nodes / endpoints are part of the routed network and run code to support routing. In a typical network with hosts connected to an "access" network, only a default route is needed. Outbound ip communications are (in general) a case of - self || directly connected unicast || not directly connected unicast || multicast || broadcast - . So for the case "not directly connected unicast", if a host is in a network (LAN/subnet) that has additional gateways to reach some networks, the route table on the host needs to be be populated for it. Your change is a partial/full workaround - but is it fully correct and does every device work with it?

...ehm yes the problem is just, how? :smiley: they don't have any settings.

I thought also this, but since all the iot devices are wireless 2.4ghz devices, I preferred to create a 2.4GHz WLAN assigned to a new network on a different subnet, in the end (I thought) it should be almost the same as have a VLAN but now I think this is not that easy... but I saved one ethernet port on the Access Point and I also don't like tagged VLANs.

Anyway thanks for the help, but I think we have to continue in one thread only to avoid confusion. This one, or this Netatmo HomeKit native devices, not able to update iOS Home app when isolated (but work online/using Netamo app) - #9 by giuliomagnifico :slight_smile:

1 Like
45

Yes, continue Netatmo issues in the other thread.

I just wanted to explain here about the complications of a shared access and transit network where clients in that network need multiple routes or some other work-around is needed.

That issue goes away if you keep all access networks separate from transit networks.

We can stop in this thread. :slight_smile:

1 Like
46

This topic was automatically closed 10 days after the last reply. New replies are no longer allowed.