NETGEAR is aware of a growing number of phone and online scams. To learn how to stay safe click here.

Forum Discussion

capin's avatar
capin
Tutor
Sep 30, 2022
Solved

Adding mDNS services for Orbi Pro 6

I would like to have a isolated vlan with limited service access to a page hosted on port 443 from another vlan. Is that possible? I was thinking mDNS would be a possible solution but I only see chromecast and printers etc. Could I just host this page on the same port that chromecast uses?

 

Any ideas are appreciated! Thanks!

  • When you enable mDNS from one VLAN to another, it exposes everything on those hosts to the target VLAN I've found. I assume this is because it would be a headache to parse the mDNS advertisement for every service and create an iptables rule for each one.

     

    If you want to expose one or two services between VLAN's, then a host that is attached to both sides would be the easiest and most secure. You could either proxy the connection using traefikcaddy, or even just straight iptables.

     

    The mDNS feature added by NetGear is mostly just a 1 directional convenience tool to allow access IoT devices to be accessed easily. I think you're asking too much from it. It's barely better than an mDNS-repeater.

6 Replies

Replies have been turned off for this discussion
  • I would just put the sever port to trunk and add a vlan address for any networks it should present services for. You’ll need to disable network isolation though. The mDNS gateway is nice but enabling it exposes all hosts into the target vlan which you may or may not want. Further, if you want to do just mDNS for chromecast, you may have to fiddle with the RIP settings I’ve read but I only have Apple TVs.

    Personally, I have my dhcp/dns server on a trunk and hoobs in and IoT vlan and that works for me.
    • capin's avatar
      capin
      Tutor

      That works, however my goal was to have a vlan that can only be accessed by one or two ports (such as 22, 443) without allowing any other ports to be open to the other vlans. 

       

      Any idea on how to do that or would that require a firewall appliance?

      • archite's avatar
        archite
        Star

        When you enable mDNS from one VLAN to another, it exposes everything on those hosts to the target VLAN I've found. I assume this is because it would be a headache to parse the mDNS advertisement for every service and create an iptables rule for each one.

         

        If you want to expose one or two services between VLAN's, then a host that is attached to both sides would be the easiest and most secure. You could either proxy the connection using traefikcaddy, or even just straight iptables.

         

        The mDNS feature added by NetGear is mostly just a 1 directional convenience tool to allow access IoT devices to be accessed easily. I think you're asking too much from it. It's barely better than an mDNS-repeater.

NETGEAR Academy

Boost your skills with the Netgear Academy - Get trained, certified and stay ahead with the latest Netgear technology! 

Join Us!

ProSupport for Business

Comprehensive support plans for maximum network uptime and business peace of mind.

 

Learn More