mDNS with VLANs to LAN on HomeKit

Installing and Using OpenWrt
1

I just create a IoT VLAN, where there's some HomeKit accessories, but I can't access it when I'm connected on br-lan, my mainly LAN.

So I googled and I've seen I'd need to use avahi and enable-reflector=yes, so I did it, but even that, it doesn't work!

Actually, I can ping some LAN device using .local domain being connected on IoT VLAN, but I can't ping .local from a device inside of this VLAN.

So, it appear work LAN > VLAN, but not VLAN > LAN.

Just to test, I'm using the same firewall rules to LAN and VLAN, no success too.

[server]
#host-name=foo
#domain-name=local
use-ipv4=yes
use-ipv6=yes
check-response-ttl=no
use-iff-running=no
allow-interfaces=br-lan.99,br-lan,br-lan.30,br-lan.40
cache-entries-max=0

[publish]
publish-addresses=yes
publish-hinfo=yes
publish-workstation=no
publish-domain=yes
#disable-publishing=yes
#publish-dns-servers=192.168.1.1
#publish-resolv-conf-dns-servers=yes

[reflector]
enable-reflector=yes
reflect-ipv=no

[rlimits]
#rlimit-as=
rlimit-core=0
rlimit-data=4194304
rlimit-fsize=0
rlimit-nofile=30
rlimit-stack=4194304
rlimit-nproc=3

Anyone has any idea what's going on?

2

I think you need to still forward the firewall zones :wink:

Luckily i was playing a week ago with avahi to see how it works :smile:

config rule
        option name 'Allow-mdns-zigbee'
        option src 'zigbee'
        option dest_port '5353'
        option target 'ACCEPT'
        list dest_ip '224.0.0.251'

config rule
        option name 'Allow-communication-with-mdns'
        option src 'wlan0'
        option dest 'zigbee'
        option dest_port '80 443 8008-8009'
        option target 'ACCEPT'

Sometimes these devices use a different cast address like 239.0.0.0, other times you have to use tcpdump -v multicast -i device and check what is in the mdns message and if the same mdns advertise shows on the other side, the messages contain information like ports too :smile:

Also if you see no multicast flowing try setting the zone for iot set the forward rule to accept.

Edit:

Optionally you can add src devices in the first rule, and dest devices in the second rule to make it more restrict, i only know it works but these rules might can be better :+1: