Relayd interfering with DHCP?

I'm going to start with the problem I'm trying to solve, in case I'm going about it all wrong.

I have two wired networks - lan and guest, managed by my router running OpenWRT 23.05.3. Each network has its own subnet, and everything works as expected with this arrangement. The router supplies DHCP for both networks.

The guest network does have limited access to resources on the lan network via firewall rules, but one thing that does not work at all (as expected) is broadcasts -- in this case, discovering a printer. I have some experience using relayd to get around this limit -- I have a wireless bridge device that has its own subnet for wired clients, and those clients can discover printers when I configure a relay bridge using relayd.

However, when I attempted to create a similar setup on my main router, with the goal of allowing devices on the guest network to discover a printer on the lan network, something went strange. I think perhaps DHCP requests from one network are being relayed to the other, resulting in confusion. Whatever the cause, some clients were suddenly not successful in connecting to my WAP (a separate device, which was not changed). To be clear, I don't want to relay DHCP, just printer discovery broadcasts. How could I do that? Is there perhaps a way to make a firewall rule that would prevent the relay bridge fro seeing DHCP? Or another way to do this entirely?

By “printer discovery broadcasts” do you mean mDNS? If so, you’ll probably want an mDNS reflector like Avahi.

I think it's SMB discovery, but the printer may support multiple types of discovery (I didn't dig too deep after relayd worked on my other device). Also, there may be other types of things I might want to discover, like DLNA devices, etc.

Maybe provide PCAP? Cannot be 10 protocols are blocked.

If all of the protocols are based on broadcasts, I'd assume they'd all be blocked because they can't leave the subnet. I may need to do some digging though, and a packet capture would at least tell me what ports & protocols I'm really dealing with/needing to relay.

More likely multicast, but since you cannot provide printer model or pcap I think this reached dead end.

I should be able to provide a packet capture or at least a description of what the discovery traffic looks like, after the aforementioned digging, but not immediately. The printer is a Canon Pixma iP8720. I should also be able to see more specifically what sort of other discovery traffic I'd be trying to relay.

They do not specify exact multicast address, but you need to enable multicast discovery on printer and forward multicast, otherwise discovery works via broadcast on same subnet.

This is a very broad example of the type of firewall rule you’ll need to forward multicast. With more info you can restrict ports and dest_ip further.

config rule
        option name 'Allow-Guest-Multicast'
        list proto 'udp'
        option src 'guest'
        list dest_ip '224.0.0.0/8’
        option target 'ACCEPT'

As for how to setup relayd, I’m afraid I can’t help much here. I’ve never tried to use it for this purpose.

Actually it appears I was able to get what I wanted by installing relayd on my access point. On the router, it seemed to screw everything up, as predicted by vgaetera's warning in this thread:

For dumb APs and wireless bridges, though, it does what I need.

This topic was automatically closed 10 days after the last reply. New replies are no longer allowed.