Resolving mDNS across subnets with avahi for Youtube casting

cyb · October 6, 2024, 8:17pm

Hi to all!

I recently got my first OpenWrt router (GL-MT6000), so I'm quite new to this topic. My goal is to use the Youtube App on a phone to cast on a TV. Phone and TV are in different subnets.

For this, on my router, I configured two bridge devices, each one assigned to an interface using different subnets (I do not use VLANs):

Interface: lan (bridge device: br-lan): 10.0.0.254/24
Interface: media (bridge device: br-media): 10.0.20.254/24

I set up the corresponding firewall zones so that lan can access both wan and media, while media can only access wan:

lan -> wan, media: allow, allow, allow
media -> wan: drop, allow, drop

My phones are in the lan subnet, while my TV is in the media subnet. As initially stated, I would like to cast videos from my phone using the YouTube app to the TV. The problem is that mDNS queries from lan to media don't go through, nor do the responses return to lan. As a result, the YouTube app cannot find the TV.

I have already tried installing the avahi-daemon and configuring it as an mDNS reflector so that, in theory, queries should reach both subnets. Additionally, I set up a firewall rule to forward the requests:

Incoming IPv4, protocol UDP
From any zone, port 5353
To this device, port 5353
Accept input

In general, I followed this guide.

Unfortunately, this isn't working at all, and I’m completely stuck. I’ve also tried mdns-repeater and umdns instead of avahi, but still without success. The YouTube app simply refuses to offer the TV for casting.

Would appreciate any advice, help or suggestions on what I could try next. Or have I completely misunderstood something?

Here are my configurations:

/etc/config/network:

config device
	option name 'br-lan'
	option type 'bridge'
	list ports 'lan1'
	list ports 'lan2'
	option ipv6 '0'

config interface 'lan'
	option device 'br-lan'
	option proto 'static'
	option ipaddr '10.0.0.254'
	option netmask '255.255.255.0'
	option ip6assign '60'

config device
	option type 'bridge'
	option name 'br-media'
	option bridge_empty '1'
	list ports 'lan3'
	list ports 'lan4'

config interface 'media'
	option proto 'static'
	option device 'br-media'
	option ipaddr '10.0.20.254'
	option netmask '255.255.255.0'

/etc/config/firewall:

config defaults
	option input 'REJECT'
	option output 'ACCEPT'
	option forward 'DROP'
	option synflood_protect '1'
	option drop_invalid '1'

config zone
	option name 'lan'
	option input 'ACCEPT'
	option output 'ACCEPT'
	option forward 'ACCEPT'
	list network 'lan'

config zone
	option name 'media'
	option input 'DROP'
	option output 'ACCEPT'
	option forward 'DROP'
	list network 'media'

config zone
	option name 'wan'
	option input 'DROP'
	option output 'ACCEPT'
	option forward 'DROP'
	option masq '1'
	option mtu_fix '1'
	list network 'wan'
	list network 'wan6'

config forwarding
	option src 'lan'
	option dest 'wan'

config rule
	option name 'media-DHCP'
	list proto 'udp'
	option src 'media'
	option dest_port '67 68'
	option target 'ACCEPT'
	option family 'ipv4'

config rule
	option name 'media-DNS'
	option family 'ipv4'
	option src 'media'
	option dest_port '53'
	option target 'ACCEPT'

config rule
	option src_port '5353'
	option src '*'
	option name 'Allow-mDNS'
	option target 'ACCEPT'
	option dest_port '5353'
	option proto 'udp'
	option family 'ipv4'

config forwarding
	option src 'lan'
	option dest 'media'

/etc/avahi/avahi-daemon.conf:

[server]
use-ipv4=yes
use-ipv6=no
check-response-ttl=no
use-iff-running=no

[publish]
publish-addresses=yes
publish-hinfo=yes
publish-workstation=yes
publish-domain=yes

[reflector]
enable-reflector=yes
reflect-ipv=no

[rlimits]
rlimit-core=0
rlimit-data=4194304
rlimit-fsize=0
rlimit-nofile=30
rlimit-stack=4194304
rlimit-nproc=3

brada4 · October 6, 2024, 8:37pm

Just type the firewall rule from your own link. Since avahi does forwarding do not drop input on media network.

cyb · October 6, 2024, 9:16pm

Thanks for your suggestion! I followed it by adding the rule exactly as it's in the linked example, and also set INPUT for media to ACCEPT, but the Youtube App still does not show anything

firewall:

config zone
	option name 'media'
	option input 'ACCEPT'
	option output 'ACCEPT'
	option forward 'DROP'
	list network 'media'

config rule
	option name 'Allow mDNS'
	list proto 'udp'
	option src '*'
	option src_port '5353'
	list dest_ip '224.0.0.251'
	option dest_port '5353'
	option target 'ACCEPT'

I did a quick tcpdump while having the Youtube app open to check, if something from media arrives lan, but as far as I understand, it does not to seem so

tcpdump -i br-lan udp port 5353
tcpdump: verbose output suppressed, use -v[v]... for full protocol decode
listening on br-lan, link-type EN10MB (Ethernet), snapshot length 262144 bytes
23:04:33.559709 IP S21.lan.5353 > mdns.mcast.net.5353: 1 [2q] PTR (QU)? _233637DE._sub._googlecast._tcp.local. PTR (QU)? _googlecast._tcp.local. (61)
23:04:41.341162 IP Flint2.lan.5353 > mdns.mcast.net.5353: 0*- [0q] 6/0/0 (Cache flush) PTR Android.local., (Cache flush) NSEC, (Cache flush) NSEC, (Cache flush) NSEC, (Cache flush) A 10.0.20.34, (Cache flush) PTR Android.local. (216)
23:04:43.554929 IP Flint2.lan.5353 > mdns.mcast.net.5353: 0*- [0q] 1/0/0 (Cache flush) PTR Flint2.local. (61)
23:05:04.845880 IP Flint2.lan.5353 > mdns.mcast.net.5353: 0 [2q] PTR (QM)? _ipps._tcp.local. PTR (QM)? _ipp._tcp.local. (45)
23:05:23.858047 IP S21.lan.5353 > mdns.mcast.net.5353: 1 [2q] PTR (QU)? _233637DE._sub._googlecast._tcp.local. PTR (QU)? _googlecast._tcp.local. (61)
23:05:24.859880 IP S21.lan.5353 > mdns.mcast.net.5353: 2 [2q] PTR (QM)? _233637DE._sub._googlecast._tcp.local. PTR (QM)? _googlecast._tcp.local. (61)
23:05:25.942427 IP S21.lan.5353 > mdns.mcast.net.5353: 3 [2q] PTR (QM)? _233637DE._sub._googlecast._tcp.local. PTR (QM)? _googlecast._tcp.local. (61)
23:05:25.942510 IP S21.lan.5353 > mdns.mcast.net.5353: 1 [2q] PTR (QU)? _233637DE._sub._googlecast._tcp.local. PTR (QU)? _googlecast._tcp.local. (61)
23:05:26.969525 IP S21.lan.5353 > mdns.mcast.net.5353: 2 [2q] PTR (QM)? _233637DE._sub._googlecast._tcp.local. PTR (QM)? _googlecast._tcp.local. (61)
23:05:27.908490 IP S21.lan.5353 > mdns.mcast.net.5353: 3 [2q] PTR (QM)? _233637DE._sub._googlecast._tcp.local. PTR (QM)? _googlecast._tcp.local. (61)
23:05:45.324044 IP Flint2.lan.5353 > mdns.mcast.net.5353: 0*- [0q] 6/0/0 (Cache flush) PTR Android.local., (Cache flush) NSEC, (Cache flush) NSEC, (Cache flush) NSEC, (Cache flush) A 10.0.20.34, (Cache flush) PTR Android.local. (216)
23:05:47.915238 IP S21.lan.5353 > mdns.mcast.net.5353: 4 [2q] PTR (QM)? _233637DE._sub._googlecast._tcp.local. PTR (QM)? _googlecast._tcp.local. (61)
23:05:55.899646 IP S21.lan.5353 > mdns.mcast.net.5353: 1 [2q] PTR (QU)? _233637DE._sub._googlecast._tcp.local. PTR (QU)? _googlecast._tcp.local. (61)
23:05:56.864990 IP S21.lan.5353 > mdns.mcast.net.5353: 2 [2q] PTR (QM)? _233637DE._sub._googlecast._tcp.local. PTR (QM)? _googlecast._tcp.local. (61)
23:05:57.931601 IP S21.lan.5353 > mdns.mcast.net.5353: 3 [2q] PTR (QM)? _233637DE._sub._googlecast._tcp.local. PTR (QM)? _googlecast._tcp.local. (61)
23:06:17.879753 IP S21.lan.5353 > mdns.mcast.net.5353: 4 [2q] PTR (QM)? _233637DE._sub._googlecast._tcp.local. PTR (QM)? _googlecast._tcp.local. (61)