NETGEAR is aware of a growing number of phone and online scams. To learn how to stay safe click here.
Forum Discussion
Solved
Adding mDNS services for Orbi Pro 6
I would like to have a isolated vlan with limited service access to a page hosted on port 443 from another vlan. Is that possible? I was thinking mDNS would be a possible solution but I only see chro...
When you enable mDNS from one VLAN to another, it exposes everything on those hosts to the target VLAN I've found. I assume this is because it would be a headache to parse the mDNS advertisement for every service and create an iptables rule for each one.
If you want to expose one or two services between VLAN's, then a host that is attached to both sides would be the easiest and most secure. You could either proxy the connection using traefik, caddy, or even just straight iptables.
The mDNS feature added by NetGear is mostly just a 1 directional convenience tool to allow access IoT devices to be accessed easily. I think you're asking too much from it. It's barely better than an mDNS-repeater.
That works, however my goal was to have a vlan that can only be accessed by one or two ports (such as 22, 443) without allowing any other ports to be open to the other vlans.
Any idea on how to do that or would that require a firewall appliance?
When you enable mDNS from one VLAN to another, it exposes everything on those hosts to the target VLAN I've found. I assume this is because it would be a headache to parse the mDNS advertisement for every service and create an iptables rule for each one.
If you want to expose one or two services between VLAN's, then a host that is attached to both sides would be the easiest and most secure. You could either proxy the connection using traefik, caddy, or even just straight iptables.
The mDNS feature added by NetGear is mostly just a 1 directional convenience tool to allow access IoT devices to be accessed easily. I think you're asking too much from it. It's barely better than an mDNS-repeater.
Thank you so much for the help with this archite! Your posts have been really informative!
I like the idea of just having a simple device on both vlans and setting up iptables for port forwarding, but don't have something lying around I could use for that.
Now, I'm thinking of setting up a pfsense firewall appliance and setting that up between my orbi and internet connection, have that create the vlans and set the orbi to access point mode. Let me know if you have any thoughts on that.
Thanks again!
That would work but make sure it has enough resources to handle the speed of your connection and the number of clients you plan on having within the network and ensure the CPU has support for AES-NI. I've thought about doing this myself but didn't want o drop $800 to support my gigabit internet.
All great points! This is quickly turning into a maybe next year kind of project... I really appreciate all of you insight! Thank you!
NETGEAR Academy
Boost your skills with the Netgear Academy - Get trained, certified and stay ahead with the latest Netgear technology!
Join Us!
