On my Dynalink DL-WRX36 router running OpenWRT 23.05.2 I have a main lan, an iot vlan that can access only the internet, and a camera vlan that is blocked from accessing the internet. Firewall rules allow devices on the main lan to access both iot and camera. I also have traffic rules for DHCP and DNS distribution.
I installed Avahi ( avahi-nodbus-daemon and avahi-autoipd with luci-proto-autoip), set retlector to yes. The devices on the iot network that use mDNS discovery work, aside from one protocol in a specific network (using the management app on Android). That same device works as a Chromecast or Airplay device, just cannot be found by the OEM app.
The weird thing is, if I restart the firewall and ahavi-daemon, it works for a while. Then stops working again. When using a Bonjour browser I see that after the firewall//avahi restart all the devices ad services appear immediately, but after a while, only a few devices and services are found, and slowly. It's as if the avahi reflector is only letting some multicast packets thru, or that the trigger for the discovery is not properly sent across vlans.
Do I need to install something else to make Avahi work properly? The Wiki doesn't really mention avahi as a reflector, so it's unclear which of the many packages with "avahi" in the name I really need to install. Info online is outdated, in many cases.
I followed previously posted guidance, but it's not working reliably. A similar thread (mDNS: avahi works once and then never again) has a suggested workaround (add to [server] section:cache-entries-max=0) that doesn't do anything in my case.
Can anyone please help me spot the problem below?
What alternatives to Avahi can I use to just allow mDNS traffic across vlans? There seems to be a few, but most of the documentation focus on having the OpenWRT services being discoverable via mDNS, not as redirector
network
config interface 'loopback'
option device 'lo'
option proto 'static'
option ipaddr '127.0.0.1'
option netmask '255.0.0.0'
config globals 'globals'
option ula_prefix 'fd78:3416:2b52::/48'
config device
option name 'br-lan'
option type 'bridge'
list ports 'lan1'
list ports 'lan2'
list ports 'lan3'
list ports 'lan4'
config bridge-vlan
option device 'br-lan'
option vlan '1'
list ports 'lan1:u*'
list ports 'lan4:t*'
config bridge-vlan
option device 'br-lan'
option vlan '101'
list ports 'lan2:u*'
list ports 'lan4:t'
config bridge-vlan
option device 'br-lan'
option vlan '102'
list ports 'lan3:u*'
list ports 'lan4:t'
config interface 'lan'
option device 'br-lan.1'
option proto 'static'
option ipaddr '192.168.1.1'
option netmask '255.255.255.0'
option ip6assign '60'
config interface 'iot'
option device 'br-lan.101'
option proto 'static'
option ipaddr '192.168.10.1'
option netmask '255.255.255.0'
config interface 'camera'
option device 'br-lan.102'
option proto 'static'
option ipaddr '192.168.20.1'
option netmask '255.255.255.0'
config interface 'wan'
option device 'wan'
option proto 'dhcp'
option peerdns '0'
list dns '1.1.1.1'
list dns '1.0.0.1'
config interface 'wan6'
option device 'wan'
option proto 'dhcpv6'
firewall
config defaults
option syn_flood '1'
option input 'REJECT'
option output 'ACCEPT'
option forward 'REJECT'
config zone 'lan'
option name 'lan'
option input 'ACCEPT'
option output 'ACCEPT'
option forward 'ACCEPT'
list network 'lan'
list network 'vpn'
config zone 'wan'
option name 'wan'
option input 'REJECT'
option output 'ACCEPT'
option forward 'REJECT'
option masq '1'
option mtu_fix '1'
list network 'wan'
list network 'wan6'
config zone
option name 'iot'
option input 'REJECT'
option output 'ACCEPT'
option forward 'REJECT'
list network 'iot'
config zone
option name 'camera'
option input 'REJECT'
option output 'ACCEPT'
option forward 'REJECT'
list network 'camera'
config forwarding
option src 'lan'
option dest 'wan'
config rule
option name 'Allow-DHCP-Renew'
option src 'wan'
option proto 'udp'
option dest_port '68'
option target 'ACCEPT'
option family 'ipv4'
config rule
option name 'Allow-Ping'
option src 'wan'
option proto 'icmp'
option icmp_type 'echo-request'
option family 'ipv4'
option target 'ACCEPT'
config rule
option name 'Allow-IGMP'
option src 'wan'
option proto 'igmp'
option family 'ipv4'
option target 'ACCEPT'
config rule
option name 'Allow-DHCPv6'
option src 'wan'
option proto 'udp'
option dest_port '546'
option family 'ipv6'
option target 'ACCEPT'
config rule
option name 'Allow-MLD'
option src 'wan'
option proto 'icmp'
option src_ip 'fe80::/10'
list icmp_type '130/0'
list icmp_type '131/0'
list icmp_type '132/0'
list icmp_type '143/0'
option family 'ipv6'
option target 'ACCEPT'
config rule
option name 'Allow-ICMPv6-Input'
option src 'wan'
option proto 'icmp'
list icmp_type 'echo-request'
list icmp_type 'echo-reply'
list icmp_type 'destination-unreachable'
list icmp_type 'packet-too-big'
list icmp_type 'time-exceeded'
list icmp_type 'bad-header'
list icmp_type 'unknown-header-type'
list icmp_type 'router-solicitation'
list icmp_type 'neighbour-solicitation'
list icmp_type 'router-advertisement'
list icmp_type 'neighbour-advertisement'
option limit '1000/sec'
option family 'ipv6'
option target 'ACCEPT'
config rule
option name 'Allow-ICMPv6-Forward'
option src 'wan'
option dest '*'
option proto 'icmp'
list icmp_type 'echo-request'
list icmp_type 'echo-reply'
list icmp_type 'destination-unreachable'
list icmp_type 'packet-too-big'
list icmp_type 'time-exceeded'
list icmp_type 'bad-header'
list icmp_type 'unknown-header-type'
option limit '1000/sec'
option family 'ipv6'
option target 'ACCEPT'
config rule
option name 'Allow-IPSec-ESP'
option src 'wan'
option dest 'lan'
option proto 'esp'
option target 'ACCEPT'
config rule
option name 'Allow-ISAKMP'
option src 'wan'
option dest 'lan'
option dest_port '500'
option proto 'udp'
option target 'ACCEPT'
config rule
option name 'IoT_DHCP'
list proto 'udp'
option src 'iot'
option dest_port '67-68'
option target 'ACCEPT'
config rule
option name 'IoT_DNS'
option src 'iot'
option dest_port '53'
option target 'ACCEPT'
config rule
option name 'Allow-IoT-mDNS'
option family 'ipv4'
list proto 'udp'
option src 'iot'
option src_port '5353'
list dest_ip '224.0.0.251'
option dest_port '5353'
option target 'ACCEPT'
config rule
option name 'Allow-IOT-mDNS6'
option family 'ipv6'
list proto 'udp'
option src 'iot'
option src_port '5353'
list dest_ip 'ff02::fb'
option dest_port '5353'
option target 'ACCEPT'
config rule
option name 'Camera_DHCP'
list proto 'udp'
option src 'camera'
option dest_port '67-68'
option target 'ACCEPT'
config rule
option name 'Camera_DNS'
option src 'camera'
option dest_port '53'
option target 'ACCEPT'
config rule
option name 'Allow-camera-mDNS'
list proto 'udp'
option src 'camera'
option src_port '5353'
list dest_ip '224.0.0.251'
option dest_port '5353'
option target 'ACCEPT'
config forwarding
option src 'iot'
option dest 'wan'
config forwarding
option src 'lan'
option dest 'iot'
config forwarding
option src 'lan'
option dest 'camera'
config rule
option name 'Allow-camera-NTP'
list proto 'udp'
option src 'camera'
option dest_port '123'
option target 'ACCEPT'
avahi-daemon.conf
[server]
#host-name=foo
#domain-name=local
use-ipv4=yes
use-ipv6=no
check-response-ttl=no
use-iff-running=no
deny-interfaces=wan,wan6
[publish]
publish-addresses=yes
publish-hinfo=yes
publish-workstation=no
publish-domain=yes
#publish-dns-servers=192.168.1.1
#publish-resolv-conf-dns-servers=yes
[reflector]
enable-reflector=yes
reflect-ipv=no
[rlimits]
#rlimit-as=
rlimit-core=0
rlimit-data=4194304
rlimit-fsize=0
rlimit-nofile=30
rlimit-stack=4194304
rlimit-nproc=3
Restarting avahi
Tue Mar 12 16:18:34 2024 daemon.info avahi-daemon[27698]: Got SIGTERM, quitting.
Tue Mar 12 16:18:34 2024 daemon.info avahi-daemon[27698]: Leaving mDNS multicast group on interface br-lan.102.IPv4 with address 192.168.20.1.
Tue Mar 12 16:18:34 2024 daemon.info avahi-daemon[27698]: Leaving mDNS multicast group on interface br-lan.101.IPv4 with address 192.168.10.1.
Tue Mar 12 16:18:34 2024 daemon.info avahi-daemon[27698]: Leaving mDNS multicast group on interface br-lan.1.IPv4 with address 192.168.1.1.
Tue Mar 12 16:18:34 2024 daemon.info avahi-daemon[27698]: Leaving mDNS multicast group on interface wan.IPv4 with address 67.185.193.74.
Tue Mar 12 16:18:34 2024 daemon.info avahi-daemon[27698]: Leaving mDNS multicast group on interface lo.IPv4 with address 127.0.0.1.
Tue Mar 12 16:18:34 2024 daemon.info avahi-daemon[27698]: avahi-daemon 0.8 exiting.
Tue Mar 12 16:18:34 2024 daemon.info avahi-daemon[32084]: Found user 'nobody' (UID 65534) and group 'nogroup' (GID 65534).
Tue Mar 12 16:18:34 2024 daemon.info avahi-daemon[32084]: Successfully dropped root privileges.
Tue Mar 12 16:18:34 2024 daemon.info avahi-daemon[32084]: avahi-daemon 0.8 starting up.
Tue Mar 12 16:18:34 2024 daemon.warn avahi-daemon[32084]: WARNING: No NSS support for mDNS detected, consider installing nss-mdns!
Tue Mar 12 16:18:34 2024 daemon.info avahi-daemon[32084]: No service file found in /etc/avahi/services.
Tue Mar 12 16:18:34 2024 daemon.info avahi-daemon[32084]: Joining mDNS multicast group on interface br-lan.102.IPv4 with address 192.168.20.1.
Tue Mar 12 16:18:34 2024 daemon.info avahi-daemon[32084]: New relevant interface br-lan.102.IPv4 for mDNS.
Tue Mar 12 16:18:34 2024 daemon.info avahi-daemon[32084]: Joining mDNS multicast group on interface br-lan.101.IPv4 with address 192.168.10.1.
Tue Mar 12 16:18:34 2024 daemon.info avahi-daemon[32084]: New relevant interface br-lan.101.IPv4 for mDNS.
Tue Mar 12 16:18:34 2024 daemon.info avahi-daemon[32084]: Joining mDNS multicast group on interface br-lan.1.IPv4 with address 192.168.1.1.
Tue Mar 12 16:18:34 2024 daemon.info avahi-daemon[32084]: New relevant interface br-lan.1.IPv4 for mDNS.
Tue Mar 12 16:18:34 2024 daemon.info avahi-daemon[32084]: Joining mDNS multicast group on interface lo.IPv4 with address 127.0.0.1.
Tue Mar 12 16:18:34 2024 daemon.info avahi-daemon[32084]: New relevant interface lo.IPv4 for mDNS.
Tue Mar 12 16:18:34 2024 daemon.info avahi-daemon[32084]: Network interface enumeration completed.
Tue Mar 12 16:18:34 2024 daemon.info avahi-daemon[32084]: Registering new address record for fe80::44ab:f8ff:fe47:cddf on phy0-ap3.*.
Tue Mar 12 16:18:34 2024 daemon.info avahi-daemon[32084]: Registering new address record for fe80::48ab:f8ff:fe47:cddf on phy0-ap2.*.
Tue Mar 12 16:18:34 2024 daemon.info avahi-daemon[32084]: Registering new address record for fe80::4cab:f8ff:fe47:cddf on phy0-ap1.*.
Tue Mar 12 16:18:34 2024 daemon.info avahi-daemon[32084]: Registering new address record for fe80::4cab:f8ff:fe47:cde0 on phy1-ap1.*.
Tue Mar 12 16:18:34 2024 daemon.info avahi-daemon[32084]: Registering new address record for fe80::4eab:f8ff:fe47:cddf on phy0-ap0.*.
Tue Mar 12 16:18:34 2024 daemon.info avahi-daemon[32084]: Registering new address record for fe80::4eab:f8ff:fe47:cde0 on phy1-ap0.*.
Tue Mar 12 16:18:34 2024 daemon.info avahi-daemon[32084]: Registering new address record for fe80::4eab:f8ff:fe47:cdde on br-lan.102.*.
Tue Mar 12 16:18:34 2024 daemon.info avahi-daemon[32084]: Registering new address record for 192.168.20.1 on br-lan.102.IPv4.
Tue Mar 12 16:18:34 2024 daemon.info avahi-daemon[32084]: Registering new address record for fe80::4eab:f8ff:fe47:cdde on br-lan.101.*.
Tue Mar 12 16:18:34 2024 daemon.info avahi-daemon[32084]: Registering new address record for 192.168.10.1 on br-lan.101.IPv4.
Tue Mar 12 16:18:34 2024 daemon.info avahi-daemon[32084]: Registering new address record for fd78:3416:2b52::1 on br-lan.1.*.
Tue Mar 12 16:18:34 2024 daemon.info avahi-daemon[32084]: Registering new address record for 2601:602:a000:75bf::1 on br-lan.1.*.
Tue Mar 12 16:18:34 2024 daemon.info avahi-daemon[32084]: Registering new address record for 192.168.1.1 on br-lan.1.IPv4.
Tue Mar 12 16:18:34 2024 daemon.info avahi-daemon[32084]: Registering new address record for fe80::4eab:f8ff:fe47:cdde on br-lan.*.
Tue Mar 12 16:18:34 2024 daemon.info avahi-daemon[32084]: Registering new address record for ::1 on lo.*.
Tue Mar 12 16:18:34 2024 daemon.info avahi-daemon[32084]: Registering new address record for 127.0.0.1 on lo.IPv4.
Tue Mar 12 16:18:34 2024 daemon.info avahi-daemon[32084]: Server startup complete. Host name is RobcaWRX36.local. Local service cookie is 2243767611.
Tue Mar 12 16:18:34 2024 daemon.info avahi-daemon[32084]: Registering HINFO record with values 'AARCH64'/'LINUX'.