5

Is there an ipfw rule that can easily forward mDns packets from one subnet to another? I have a Snow Leopard Server machine serving as the gateway between the two subnets and would like for machines in each subnet to see the services available in the other subnet. The gateway machine is already confirmed as configured correctly such that packets route correctly between the two subnets (ping works, traceroute shows the subnet hop, etc). My problem in designing a ipfw rule is that I don't know how to instruct that I would like multicast packets addressed to 224.0.0.251:5353 on en0 to be addressed to the same ip/port but on fw0 (the other interface). I attempted a rule such as

fwd 192.168.10.1 log udp from 192.168.1.0/24 to 224.0.0.251 recv en1

to force the packet to hop over to the other interface (from en1 to fw0), but no dice. The ipfw log shows that the rule is being triggered by packets, but tcpdump isn't showing any packets on the other interface. Also, the only other firewall rules in place are the divert port 8668 and rule #65535 "allow any to any".

Any suggestions? Thanks.

user37278
  • 51
  • 1
  • 1
  • 3

2 Answers2

2

I've tried to have this work as expected for a long time.

All I found is that these multicast packets will not cross subnets.

However, the only real solution I have found is to use an mDNS Reflector daemon such as avahi-daemon on a system which spans across subnets.

It also sounds like you could benefit from Wide Area Bonjour which is designed for large corporations to broadcast Bonjour / mDNS traffic across subnets.

See http://discussions.apple.com/thread.jspa?threadID=1251044

Squeeb
  • 152
  • 1
  • 13
2

In short, no. As per RFC2365 and IANA's multicast assignments, 224.0.0.0/24 is reserved for link-local multicast. This means that a multicast packet address to anything in the range 224.0.0.0 - 224.0.0.255 should never cross between IP subnets.

I've not looked in to wide area Bonjour, which is mentioned in another answer, however if this is to work, it must use multicast addresses that do not come from 224.0.0.0/24

Community
  • 1
Murali Suriar
  • 10,166
  • 8
  • 40
  • 62
  • There is some talk about mDNS Gateways here: http://www.cisco.com/c/en/us/td/docs/switches/lan/catalyst3850/software/release/3se/multicast/configuration_guide/b_mc_3se_3850_cg/b_mc_3se_3850_cg_chapter_010100.html – JohnyTex Jun 17 '15 at 13:26