Hi all,
Using a separate VLAN for all IOT devices. All are working fine and I can access those devices using their native apps (Yolink, Eufy, etc.).
I’m going down the Home Assistant hole and trying to get mDNS working.
Installed Avahi and status is running.
LAN is VLAN ID=10 and IOT is VLAN ID=30.
Home Assistant running on a Pi is on VLAN 10 so I can access it from my laptop and phone.
LAN devices are using pi-hole DNS running on 192.168.10.xx. IOT VLAN devices use 9.9.9.9 for DNS.
avahi-daemon.conf
[server]
#host-name=foo
#domain-name=local
use-ipv4=yes
use-ipv6=yes
check-response-ttl=no
use-iff-running=no
allow-interfaces=br-lan,br-lan.10,br-lan.30[publish]
publish-addresses=yes
publish-hinfo=yes
publish-workstation=no
publish-domain=yes
#publish-dns-servers=192.168.1.1
#publish-resolv-conf-dns-servers=yes[reflector]
enable-reflector=yes
reflect-ipv=no[rlimits]
#rlimit-as=
rlimit-core=0
rlimit-data=4194304
rlimit-fsize=0
rlimit-nofile=30
rlimit-stack=4194304
rlimit-nproc=3
firewall config (mDNS entries at end)
config defaults
option input 'REJECT'
option output 'ACCEPT'
option forward 'REJECT'
option synflood_protect '1'
option flow_offloading '1'
option flow_offloading_hw '1'config zone
option name 'lan'
option input 'ACCEPT'
option output 'ACCEPT'
option forward 'ACCEPT'
list network 'lan'config zone
option name 'wan'
option input 'REJECT'
option output 'ACCEPT'
option forward 'REJECT'
option masq '1'
option mtu_fix '1'
list network 'wan'
list network 'wan6'config forwarding
option src 'lan'
option dest 'wan'config rule
option name 'Allow-DHCP-Renew'
option src 'wan'
option proto 'udp'
option dest_port '68'
option target 'ACCEPT'
option family 'ipv4'config rule
option name 'Allow-Ping'
option src 'wan'
option proto 'icmp'
option icmp_type 'echo-request'
option family 'ipv4'
option target 'ACCEPT'config rule
option name 'Allow-IGMP'
option src 'wan'
option proto 'igmp'
option family 'ipv4'
option target 'ACCEPT'config rule
option name 'Allow-DHCPv6'
option src 'wan'
option proto 'udp'
option dest_port '546'
option family 'ipv6'
option target 'ACCEPT'config rule
option name 'Allow-MLD'
option src 'wan'
option proto 'icmp'
option src_ip 'fe80::/10'
list icmp_type '130/0'
list icmp_type '131/0'
list icmp_type '132/0'
list icmp_type '143/0'
option family 'ipv6'
option target 'ACCEPT'config rule
option name 'Allow-ICMPv6-Input'
option src 'wan'
option proto 'icmp'
list icmp_type 'echo-request'
list icmp_type 'echo-reply'
list icmp_type 'destination-unreachable'
list icmp_type 'packet-too-big'
list icmp_type 'time-exceeded'
list icmp_type 'bad-header'
list icmp_type 'unknown-header-type'
list icmp_type 'router-solicitation'
list icmp_type 'neighbour-solicitation'
list icmp_type 'router-advertisement'
list icmp_type 'neighbour-advertisement'
option limit '1000/sec'
option family 'ipv6'
option target 'ACCEPT'config rule
option name 'Allow-ICMPv6-Forward'
option src 'wan'
option dest '*'
option proto 'icmp'
list icmp_type 'echo-request'
list icmp_type 'echo-reply'
list icmp_type 'destination-unreachable'
list icmp_type 'packet-too-big'
list icmp_type 'time-exceeded'
list icmp_type 'bad-header'
list icmp_type 'unknown-header-type'
option limit '1000/sec'
option family 'ipv6'
option target 'ACCEPT'config rule
option name 'Allow-IPSec-ESP'
option src 'wan'
option dest 'lan'
option proto 'esp'
option target 'ACCEPT'config rule
option name 'Allow-ISAKMP'
option src 'wan'
option dest 'lan'
option dest_port '500'
option proto 'udp'
option target 'ACCEPT'config zone
option input 'REJECT'
option output 'ACCEPT'
option forward 'REJECT'
option name 'guest'
list network 'guest'config forwarding
option dest 'wan'config forwarding
option dest 'wan'config forwarding
option src 'guest'
option dest 'wan'config zone
option name 'iot'
option input 'REJECT'
option output 'ACCEPT'
option forward 'REJECT'
list network 'iot'config forwarding
option src 'iot'
option dest 'wan'config forwarding
option src 'lan'
option dest 'guest'config forwarding
option src 'lan'
option dest 'iot'config rule
option src 'guest'
option name 'Guest-DHCP'
list proto 'udp'
option dest_port '67 68'
option target 'ACCEPT'config rule
option src 'guest'
option name 'Guest-DNS'
option dest_port '53'
option target 'ACCEPT'config rule
option src 'guest'
option name 'Guest-NTPD'
list proto 'udp'
option dest_port '123'
option target 'ACCEPT'config rule
option src 'iot'
option name 'IOT-DHCP'
list proto 'udp'
option dest_port '67 68'
option target 'ACCEPT'config rule
option src 'iot'
option name 'IOT-DNS'
option dest_port '53'
option target 'ACCEPT'config rule
option src 'iot'
option name 'IOT-NTPD'
list proto 'udp'
option dest_port '123'
option target 'ACCEPT'config zone
option name 'wgz1'
option input 'ACCEPT'
option output 'ACCEPT'
option forward 'ACCEPT'
option masq '1'
option mtu_fix '1'
list network 'wg01'config forwarding
option src 'wgz1'
option dest 'wan'config redirect
option dest 'lan'
option target 'DNAT'
option name 'wg01pf'
option src 'wan'
option src_dport '46374'
option dest_ip '10.0.0.1'
option dest_port '46374'config zone
option name 'net01'
option input 'REJECT'
option output 'ACCEPT'
option forward 'REJECT'
list network 'net01'config forwarding
option src 'net01'
option dest 'wan'config rule
option src 'iot'
option dest 'lan'
option name 'Allow-mDNS-IOT-To-LAN'
list proto 'udp'
option src_port '5353'
list dest_ip '224.0.0.251'
option dest_port '5353'
option target 'ACCEPT'config rule
option src 'lan'
option dest 'iot'
option name 'Allow-mDNS-LAN-To-IOT'
list proto 'udp'
option src_port '5353'
list dest_ip '224.0.0.251'
option dest_port '5353'
option target 'ACCEPT'
On the router (ssh to 192.168.10.1) I can ping the IOT devices by hostname, but adding .local fails. I cannot successfully ping any of the IOT devices from my Windows PC (with and without .local) on the LAN (VLAN 10).
I have tried multiple options to avahi-browse on the router, VLAN 10 devices are always found, but nothing is ever discovered on VLAN 30.
Any help is greatly appreciated!