How to make LAN devices visible to each other over mDNS with OpenWRT?

I'm trying to enable devices talking to each other using name.local (rather than OpenWRT DNS's name.lan). That should work in theory if mDNS is functional.

I installed umdns on the OpenWRT router, but things still aren't resolvable that way. What else is needed for it?

Single subnet does not cross openwrt

So what does it need to allow it, some firewall rules?

Exactly nothing? Or you want mdns client on openwrt itself?

No, I need such scenario

A → Router (OpenWRT) → B

So basically from A I want to see / resolve B.local. What is needed for that to work? So far it doesn't. Or you mean this scenario doesn't even go through the router and should just be able to go to A → B directly and OpenWRT isn't affecting it? Still not sure why things don't work though (they used to work with another router that was runnign DD-WRT just for the reference).

Please connect to your OpenWrt device using ssh and copy the output of the following commands and post it here using the "Preformatted text </> " button:
grafik
Remember to redact passwords, MAC addresses and any public IP addresses you may have:

ubus call system board
cat /etc/config/network
cat /etc/config/wireless
cat /etc/config/dhcp
cat /etc/config/firewall
ubus call system board
{
        "kernel": "6.6.43",
        "hostname": "****",
        "system": "ARMv8 Processor rev 4",
        "model": "Asus RT-AX89X",
        "board_name": "asus,rt-ax89x",
        "rootfs_type": "squashfs",
        "release": {
                "distribution": "OpenWrt",
                "version": "SNAPSHOT",
                "revision": "r27055-e6fec638d2",
                "target": "qualcommax/ipq807x",
                "description": "OpenWrt SNAPSHOT r27055-e6fec638d2"
        }
}
cat /etc/config/network

config interface 'loopback'
        option device 'lo'
        option proto 'static'
        option ipaddr '127.0.0.1'
        option netmask '255.0.0.0'

config globals 'globals'

config device
        option name 'br-lan'
        option type 'bridge'
        list ports '10g-sfp'
        list ports '10g-copper'
        list ports 'lan1'
        list ports 'lan2'
        list ports 'lan3'
        list ports 'lan4'
        list ports 'lan5'
        list ports 'lan6'
        list ports 'lan7'
        list ports 'lan8'

config interface 'lan'
        option device 'br-lan'
        option proto 'static'
        option ipaddr '192.168.1.1'
        option netmask '255.255.255.0'
        option ip6assign '60'

config interface 'wan'
        option device 'wan'
        option proto 'dhcp'
        option peerdns '0'
        list dns '1.1.1.1'
        list dns '1.0.0.1'

config interface 'wan6'
        option device 'wan'
        option proto 'dhcpv6'
        option reqaddress 'try'
        option reqprefix 'auto'
        option peerdns '0'
        list dns '2606:4700:4700::1111'
        list dns '2606:4700:4700::1001'

That happens on the wired connections too, so I don't think wirelss details are relevant to the issue.

cat /etc/config/dhcp

config dnsmasq
        option domainneeded '1'
        option localise_queries '1'
        option rebind_protection '1'
        option rebind_localhost '1'
        option local '/lan/'
        option expandhosts '1'
        option cachesize '1000'
        option authoritative '1'
        option readethers '1'
        option leasefile '/tmp/dhcp.leases'
        option resolvfile '/tmp/resolv.conf.d/resolv.conf.auto'
        option localservice '1'
        option ednspacket_max '1232'
        option domain 'lan'

config dhcp 'lan'
        option interface 'lan'
        option start '100'
        option limit '150'
        option leasetime '12h'
        option dhcpv4 'server'
        option dhcpv6 'server'
        option ra 'server'
        list ra_flags 'managed-config'
        list ra_flags 'other-config'

config dhcp 'wan'
        option interface 'wan'
        option ignore '1'

config odhcpd 'odhcpd'
        option maindhcp '0'
        option leasefile '/tmp/hosts/odhcpd'
        option leasetrigger '/usr/sbin/odhcpd-update'
        option loglevel '4
cat /etc/config/firewall

config defaults
        option input 'REJECT'
        option output 'ACCEPT'
        option forward 'REJECT'
        option synflood_protect '1'

config zone
        option name 'lan'
        list network 'lan'
        option input 'ACCEPT'
        option output 'ACCEPT'
        option forward 'ACCEPT'

config zone
        option name 'wan'
        list network 'wan'
        list network 'wan6'
        option input 'REJECT'
        option output 'ACCEPT'
        option forward 'REJECT'
        option masq '1'
        option mtu_fix '1'

config forwarding
        option src 'lan'
        option dest 'wan'

config rule
        option name 'Allow-DHCP-Renew'
        option src 'wan'
        option proto 'udp'
        option dest_port '68'
        option target 'ACCEPT'
        option family 'ipv4'

config rule
        option name 'Allow-Ping'
        option src 'wan'
        option proto 'icmp'
        option icmp_type 'echo-request'
        option family 'ipv4'
        option target 'ACCEPT'

config rule
        option name 'Allow-IGMP'
        option src 'wan'
        option proto 'igmp'
        option family 'ipv4'
        option target 'ACCEPT'

config rule
        option name 'Allow-DHCPv6'
        option src 'wan'
        option proto 'udp'
        option dest_port '546'
        option family 'ipv6'
        option target 'ACCEPT'

config rule
        option name 'Allow-MLD'
        option src 'wan'
        option proto 'icmp'
        option src_ip 'fe80::/10'
        list icmp_type '130/0'
        list icmp_type '131/0'
        list icmp_type '132/0'
        list icmp_type '143/0'
        option family 'ipv6'
        option target 'ACCEPT'

config rule
        option name 'Allow-ICMPv6-Input'
        option src 'wan'
        option proto 'icmp'
        list icmp_type 'echo-request'
        list icmp_type 'echo-reply'
        list icmp_type 'destination-unreachable'
        list icmp_type 'packet-too-big'
        list icmp_type 'time-exceeded'
        list icmp_type 'bad-header'
        list icmp_type 'unknown-header-type'
        list icmp_type 'router-solicitation'
        list icmp_type 'neighbour-solicitation'
        list icmp_type 'router-advertisement'
        list icmp_type 'neighbour-advertisement'
        option limit '1000/sec'
        option family 'ipv6'
        option target 'ACCEPT'

config rule
        option name 'Allow-ICMPv6-Forward'
        option src 'wan'
        option dest '*'
        option proto 'icmp'
        list icmp_type 'echo-request'
        list icmp_type 'echo-reply'
        list icmp_type 'destination-unreachable'
        list icmp_type 'packet-too-big'
        list icmp_type 'time-exceeded'
        list icmp_type 'bad-header'
        list icmp_type 'unknown-header-type'
        option limit '1000/sec'
        option family 'ipv6'
        option target 'ACCEPT'

config rule
        option name 'Allow-IPSec-ESP'
        option src 'wan'
        option dest 'lan'
        option proto 'esp'
        option target 'ACCEPT'

config rule
        option name 'Allow-ISAKMP'
        option src 'wan'
        option dest 'lan'
        option dest_port '500'
        option proto 'udp'
        option target 'ACCEPT'

How does openwrt connect internet?

It's connected to upstream ISPs device that serves all the standard stack for it. Not sure how that's relevant though the issue is with local network. Do you have an idea how to solve it?

Your local network is not isolated in any way? Only settings you can change in relation to multicast are IGMP snooping and version. There is no sign of internet connection in your config/network

It's using default firewall configuration that OpenWRT ships as you saw above, so that's the isolation it has I suppose. I.e. I didn't change it in any specific ways so far.

And regardless, you don't need to have Internet connection to be able to use hosts on LAN.

Firewall does not influence br-lan's internal traffic, and it is supposed to forward multicast right away.

Then I'm not sure what exactly doesn't work. I.e. when I try to resolve some name.local it can't find it. It did work fine with other router and DD-WRT.

In the same network OpenWRT will see mdns traffic, you need to check on other machines (wireshark on windowes)

tcpdump -i br-lan udp port 5353

Hmm, I can see some traffic that even mentions names of local hosts that I want to reach. Checking also my avahi configuration, may be something is messed up.

There is a slim chance switch is buggy and does not forward multicasts, check on any workstation if it receives anything from others. IGMP would be to cross router with different otherwise isolated subnets, like TV.

Interesting, I just checked it for two devices in my LAN that are connected through a passive switch that's downstream from the router and it works (I suppose it simply goes through that switch without hitting router at all in that case). So it doesn't work only when traffic has to go through the router itself.

There are cases of such buggy switches in the routers that block UDP multicast? That feels more like some misconfig of the system. Though I don't have any rules that should filter that. I.e. it's all in the same LAN I don't have multiple LAN zones.

You can try bridge igmp version and snooping, but as I stated those should apply only forwarding multicasts over router, not in (software) bridges.

I wonder if it's some kind of bug in how br-lan is set up by default for this router?

I'll do some more debugging with traffic capture for more info and may be will open a bug.

If the youngest bit of oldest byte in MAC is set it is distributed to all connected clients, like FF:... for broadcast, and the rest for multicast.
You need to do almost sync pcap and extract that 2 hosts kinda send multicast, but other side of bridge and/or openwrt does not receive them.