====== mDNS/DNS-SD Service Discovery (Bonjour) ====== AstLinux now supports the [[wp>Avahi_(software)|Avahi]] package, a system which facilitates service discovery on a local network via the mDNS/DNS-SD protocol suite. The ability to "reflect" mDNS multicasts from one segment to another segment can be particularly useful. Avahi's implementation of mDNS/DNS-SD is compatible with [[wp>Bonjour_(software)|Bonjour]]. In case you were wondering, the name "Avahi" is the scientific Latin name for a genus of [[wp>Woolly_lemur|Woolly lemur]]. One of the developers found the name, liked it, and it stuck. !!Note: AstLinux 1.2.7 or later is required!! ==== mDNS/DNS-SD Configuration ==== Select the Network Tab in the web interface.\\ {{:userdoc:ipv6-tunnel-network-tab.jpg?nolink|Network Tab}} Locate the mDNS/DNS-SD entry within **Network Services:** {{:userdoc:avahi-mdns-disabled-network-tab.jpg?nolink|mDNS/DNS-SD Disabled Config}} Change to "enabled" and "Save Settings", then restart mDNS/DNS-SD... {{:userdoc:avahi-mdns-restart-network-tab.jpg?nolink|mDNS/DNS-SD Enabled Config}} mDNS/DNS-SD is now running, but by default not active on any interfaces. A default configuration has been installed, which you can now edit by clicking on "Configure mDNS/DNS-SD"... {{:userdoc:avahi-mdns-enabled-network-tab.jpg?nolink|mDNS/DNS-SD Enabled Config}} For example if you wanted to enable mDNS/DNS-SD on both the ''eth1'' and ''eth2'' interfaces, edit the ''allow-interfaces'' line to: allow-interfaces=eth1,eth2 Reference: [[http://avahi.org/download/avahi-daemon.conf.5.xml|avahi-daemon.conf(5)]] !!Tip ->!! The ''[reflector]'' section allows mDNS multicasts to be "reflected" to different subnets. !!Tip ->!! The ''reflect-filters='' setting can be tuned for desired Inter-LAN traffic, for example a printer serving LPD, IPP and JetDirect (TCP Ports: 515,631,9100) reflect-filters=_printer._tcp.local,_ipp._tcp.local,_pdl-datastream._tcp.local Then add a Firewall Rule to allow the corresponding Inter-LAN traffic, Network tab -> Firewall Configuration sub-tab.\\ **Example:** Allow any LAN subnet access to a LAN printer at 192.168.101.8 serving LPD, IPP and JetDirect Action: Pass LAN->LAN | Protocol: TCP | Source: 0/0 | Destination: 192.168.101.8 | Port: 515,631,9100 \\ After making changes to the ''avahi-daemon.conf'' configuration file you can restart mDNS/DNS-SD. ==== mDNS/Bonjour Printer Discovery Example ==== !!Courtesy David Kerr!! The following is an example how to use the Avahi mDNS/Bonjour discovery service to make printers available onto a guest network. In this example the guest network is a WiFi network using the Ubiquiti Networks - UniFi product line. Lets assume your main network is ''192.168.101.0/24'' on network interface ''eth1'' and on that network you have a printer ''192.168.101.10'' that advertises its services by Bonjour (this is how all Apple iOS devices discover a printer). Now assume you configure a guest VLAN that is network ''192.168.102.0/24'' on network virtual interface ''eth1.100'' and devices connect to that network using UniFi access points. Using the UniFi controller (which we assume is at ''192.168.101.2'') we configure the UniFi guest network to connect to ''VLAN 100'' and enable guest policies with authentication to be done through a UniFi guest portal. With that environment perform the following setup... Select the Network Tab in the web interface.\\ {{:userdoc:ipv6-tunnel-network-tab.jpg?nolink|Network Tab}} Locate the mDNS/DNS-SD entry within **Network Services:** {{:userdoc:avahi-mdns-disabled-network-tab.jpg?nolink|mDNS/DNS-SD Disabled Config}} Change to "enabled" and "Save Settings", then restart mDNS/DNS-SD... {{:userdoc:avahi-mdns-restart-network-tab.jpg?nolink|mDNS/DNS-SD Enabled Config}} A default configuration has been installed, which you can now edit by clicking on "Configure mDNS/DNS-SD"... {{:userdoc:avahi-mdns-enabled-network-tab.jpg?nolink|mDNS/DNS-SD Enabled Config}} In the ''[server]'' section of avahi-daemon.conf add/edit this line... allow-interfaces=eth1,eth1.100 This enables avahi on both your main network and guest network. In the ''[reflector]'' section of the conf file add these lines... enable-reflector=yes reflect-ipv=no reflect-filters=_printer._tcp.local,_ipp._tcp.local,_pdl-datastream._tcp.local This tells avahi to only reflect the printing mDNS/Bonjour packets across networks. Save this file and now go to the Network tab -> Firewall Configuration sub-tab and add the following as "Pass LAN->LAN" rules. Action: Pass LAN->LAN | Protocol: TCP | Source: 192.168.102.0/24 | Destination: 192.168.101.10 | Port: 515,631,9100 Action: Pass LAN->LAN | Protocol: TCP | Source: 192.168.102.0/24 | Destination: 192.168.101.2 | Port: 8880,8843 The first rule corresponds to the printer protocols that we are publishing across the LANs and allows any device on the guest LAN to connect to our printer on our main network. The second rule enables guest devices to access the UniFi controller on the ports it uses for the guest portal so guests can authenticate. !!Tip ->!! The firewall rules above could use ''Source: 0/0'' if you wanted all configured internal LAN networks to reach the printer. Restart mDNS/DNS-SD and restart the firewall. Now any device that connects to your guest network is able to discover and print to your printer on your main network. This technique can also be used to make other services you might want to share from your main network to a guest network, e.g. a Apple TV / AirPlay device... add ''_airplay._tcp.local,_raop._tcp.local'' to the reflect filter and set appropriate firewall rules to open access to the AirPlay device.