Page 1 of 2 12 LastLast
Results 1 to 10 of 17

Thread: mDNS (external)

  1. #1
    Newbie
    Join Date
    Jan 2021
    Posts
    7

    Default mDNS (external)

    Hello, I am just trying Untangle and I have all setup quite correctly and working.
    Since I use VLANs and I segregated IOT vs trusted LAN devices, I am having problems with my domotics devices not discovering from the controllers (on LAN) and the devices (on IOT).

    I know that Untangle does not implement a mDNS repeater (avahi like) and I don't have the info to set it in expert mode (if someone could send me a PM on this ).

    I could install on a separate ubuntu server an avahi daemon but I do not know how to give it "free" access to all VLANs to let it do his job.

    Any advice on this?
    Currently I can use an UBUNTU server virtualized on a phisical server connected to IOT....

    Thank you
    Chris

  2. #2
    Newbie
    Join Date
    Jan 2021
    Posts
    7

    Default

    Ok I resolved!

  3. #3
    Untangle Ninja
    Join Date
    May 2008
    Posts
    1,444

    Default

    How please?

  4. #4
    Newbie
    Join Date
    Jan 2021
    Posts
    7

    Default

    I installed avahi in a separated VMM on the same phisical server where Untangle is installed (Synology NAS).

    Now I am trying to do the same with docker but I cannot have docker to see VLANs....

  5. #5
    Newbie
    Join Date
    Feb 2021
    Posts
    5

    Default

    Hi guys!

    Just figured this one out :-)

    In the end, Untangle runs Debian linux, so there just simple download the relevant avahi packages from the official Debian (buster) repo.

    Here are the two packages needed:
    (https)://packages.debian.org/buster/libavahi-core7
    (https)://packages.debian.org/buster/avahi-daemon

    SSH to your firewall.
    Download each package using wget.

    Install the first package:
    apt install ./libavahi-core7_0.7-4+b1_amd64.deb

    And the second one:
    apt install ./avahi-daemon_0.7-4+b1_amd64.deb

    Any dependencies will be downloaded from Untagles repo.

    Then, modify your /etc/avahi/avahi-daemon.conf:
    allow-interfaces=the interfaces you want to be able to Broadcast Boujour. Separate them by using (,) commas.
    example:
    allow-interfaces=eth1,eth2.20
    and then change enable-reflector to say yes
    enable-reflector=yes

    All done, now just restart the avahi-daemon:
    systemctl restart avahi-daemon.service
    Then do a status check:
    systemctl status avahi-daemon.service

    The output should look something like this:

    [root @ gw] /var/log # systemctl status avahi-daemon.service
    ● avahi-daemon.service - Avahi mDNS/DNS-SD Stack
    Loaded: loaded (/lib/systemd/system/avahi-daemon.service; enabled; vendor preset: enabled)
    Active: active (running) since Wed 2021-02-10 11:12:45 CET; 17min ago
    Main PID: 452 (avahi-daemon)
    Status: "avahi-daemon 0.7 starting up."
    Tasks: 2
    Memory: 2.3M
    CGroup: /system.slice/avahi-daemon.service
    ├─452 avahi-daemon: running [gw.local]
    └─480 avahi-daemon: chroot helper

    Feb 10 11:14:32 gw.hemma avahi-daemon[452]: Registering new address record for 172.16.120.1 on eth2.20.IPv4.
    Feb 10 11:14:32 gw.hemma avahi-daemon[452]: Withdrawing address record for 172.16.120.1 on eth2.20.
    Feb 10 11:14:32 gw.hemma avahi-daemon[452]: Leaving mDNS multicast group on interface eth2.20.IPv4 with address 172.16.120.1.
    Feb 10 11:14:32 gw.hemma avahi-daemon[452]: Interface eth2.20.IPv4 no longer relevant for mDNS.
    Feb 10 11:14:32 gw.hemma avahi-daemon[452]: Joining mDNS multicast group on interface eth2.20.IPv4 with address 172.16.120.1.
    Feb 10 11:14:32 gw.hemma avahi-daemon[452]: New relevant interface eth2.20.IPv4 for mDNS.
    Feb 10 11:14:32 gw.hemma avahi-daemon[452]: Registering new address record for 172.16.120.1 on eth2.20.IPv4.
    Feb 10 11:14:32 gw.hemma avahi-daemon[452]: Withdrawing address record for fe80::4262:31ff:fe12:130f on eth2.20.
    Feb 10 11:14:32 gw.hemma avahi-daemon[452]: Leaving mDNS multicast group on interface eth2.20.IPv6 with address fe80::4262:31ff:fe12:130f.
    Feb 10 11:14:32 gw.hemma avahi-daemon[452]: Interface eth2.20.IPv6 no longer relevant for mDNS.

    Remember, to check your firewall logs, you may have to add allowance for destination port UDP 5353 for the relevant network/interface(s) depending on level of paranoia in your existing firewall rules. :-)

    /Stefan

  6. #6
    Untangle Ninja jcoehoorn's Avatar
    Join Date
    Mar 2010
    Location
    York, NE
    Posts
    1,828

    Default

    You know that will likely break again at the next Untangle upgrade, right?
    jcoffin likes this.
    Five time Microsoft ASP.Net MVP managing a Lenovo RD330 / E5-2420 / 16GB with Untangle 16.2 to protect 500Mbits for ~450 residential college students and associated staff and faculty

  7. #7
    Newbie
    Join Date
    Feb 2021
    Posts
    5

    Default

    Quote Originally Posted by jcoehoorn View Post
    You know that will likely break again at the next Untangle upgrade, right?
    I actually think it wont. :-)
    It's just two packages using Untangles own "distro" dependencies.
    This kind of packages will survive major upgrades on the OS -side. In case you didn't know, since we don't add a new repository, it's stand-alone packages, they will keep starting and be "linked-library-compatible"(ldd) for at least 7 years looking at Debian distro cycles.

    Worst and best case -thing that could happen would be that Untangle finally adds mdns "native"-support and could potentially collide with these two packages. At that point, just remove the two packages. :-)

    Untangle uses apt/repo -mechanics, no black magic really.

  8. #8
    Untangler jcoffin's Avatar
    Join Date
    Aug 2008
    Location
    Sunnyvale, CA
    Posts
    9,394

    Default

    Neither package is in the Untangle repository. We do not include all the libraries from Debian. Either way, since the package is installed via the command line is not supported. YMMV.

    [root @ gatewayhm] ~ # apt-cache show avahi-daemon
    N: Unable to locate package avahi-daemon
    E: No packages found
    [root @ gatewayhm] ~ # apt-cache show libavahi-core7
    N: Unable to locate package libavahi-core7
    E: No packages found
    Attention: Support and help on the Untangle Forums is provided by
    volunteers and community members like yourself.
    If you need Untangle support please call or email support@untangle.com

  9. #9
    Untangle Ninja
    Join Date
    May 2008
    Posts
    1,444

    Default

    To update you would need to monitor for updates and wget the newer versions and install them manually. Keep copies of your config files too. Then check after any upgrades. Not really that hard.

    And unless you have a commercial subscription working on the command line is no longer a threat. You don't have support anyway.

  10. #10
    Newbie
    Join Date
    Feb 2021
    Posts
    5

    Default

    Quote Originally Posted by jcoffin View Post
    Neither package is in the Untangle repository. We do not include all the libraries from Debian. Either way, since the package is installed via the command line is not supported. YMMV.

    [root @ gatewayhm] ~ # apt-cache show avahi-daemon
    N: Unable to locate package avahi-daemon
    E: No packages found
    [root @ gatewayhm] ~ # apt-cache show libavahi-core7
    N: Unable to locate package libavahi-core7
    E: No packages found
    Well, actually what I said was the the two packages downloaded from Debian's official Buster repo gets their dependencies satisfied with the packages that are in your Untangle repo. :-)

    You do perhaps realize that this rather pointless discussion wouldn't have to exists if you guys at Untangle invested some quality working hours in adding the features that your paying customers has been asking for... for many years... just sayin ;-)

    So, instead of reminding your customers that if they want to fix your products short comings, they end up loosing their support, spend that time adding the features instead.

    Personally, I'm only using Untangle at home, so it's no big deal should I my two downloaded packages cause any problems during an upgrade. I've been keeping servers alive for the past 30 years, so I'm not that worried even if you try to throw curve-balls at your customers during upgrades.

    Untangle is a nice little firewall package, I like the graphs and the UI. And the apps-concept is also nice, however, I wouldn't consider deploying it commercially since most of the apps depends on Debian modules that you (Untangle) can't seem to patch when there are bugs, so in those scenarios the customer would have to wait for the Debian patch to trickle down to you. So, I'm not convinced that your way of packaging your "distro" is that well thought through. Sounds good on paper when you want to sell support, but in reality it comes up short. I would suggest you guys actually forking off from Debian and maintain your own proper distro so that you can patch it and allow users to contribute patches as well. Yes, it will cost more hours maintaining it, but you could harden the firewall so much better.

    Enough ranting for this evening. Have an awesome morning sir! :-)

Page 1 of 2 12 LastLast

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

SEO by vBSEO 3.6.0 PL2