- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page
Re: Adding mDNS services for Orbi Pro 6
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
I would like to have a isolated vlan with limited service access to a page hosted on port 443 from another vlan. Is that possible? I was thinking mDNS would be a possible solution but I only see chromecast and printers etc. Could I just host this page on the same port that chromecast uses?
Any ideas are appreciated! Thanks!
Solved! Go to Solution.
Accepted Solutions
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
When you enable mDNS from one VLAN to another, it exposes everything on those hosts to the target VLAN I've found. I assume this is because it would be a headache to parse the mDNS advertisement for every service and create an iptables rule for each one.
If you want to expose one or two services between VLAN's, then a host that is attached to both sides would be the easiest and most secure. You could either proxy the connection using traefik, caddy, or even just straight iptables.
The mDNS feature added by NetGear is mostly just a 1 directional convenience tool to allow access IoT devices to be accessed easily. I think you're asking too much from it. It's barely better than an mDNS-repeater.
All Replies
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Re: Adding mDNS services for Orbi Pro 6
Personally, I have my dhcp/dns server on a trunk and hoobs in and IoT vlan and that works for me.
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Re: Adding mDNS services for Orbi Pro 6
That works, however my goal was to have a vlan that can only be accessed by one or two ports (such as 22, 443) without allowing any other ports to be open to the other vlans.
Any idea on how to do that or would that require a firewall appliance?
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
When you enable mDNS from one VLAN to another, it exposes everything on those hosts to the target VLAN I've found. I assume this is because it would be a headache to parse the mDNS advertisement for every service and create an iptables rule for each one.
If you want to expose one or two services between VLAN's, then a host that is attached to both sides would be the easiest and most secure. You could either proxy the connection using traefik, caddy, or even just straight iptables.
The mDNS feature added by NetGear is mostly just a 1 directional convenience tool to allow access IoT devices to be accessed easily. I think you're asking too much from it. It's barely better than an mDNS-repeater.
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Re: Adding mDNS services for Orbi Pro 6
Thank you so much for the help with this @archite! Your posts have been really informative!
I like the idea of just having a simple device on both vlans and setting up iptables for port forwarding, but don't have something lying around I could use for that.
Now, I'm thinking of setting up a pfsense firewall appliance and setting that up between my orbi and internet connection, have that create the vlans and set the orbi to access point mode. Let me know if you have any thoughts on that.
Thanks again!
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Re: Adding mDNS services for Orbi Pro 6
That would work but make sure it has enough resources to handle the speed of your connection and the number of clients you plan on having within the network and ensure the CPU has support for AES-NI. I've thought about doing this myself but didn't want o drop $800 to support my gigabit internet.
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Re: Adding mDNS services for Orbi Pro 6
All great points! This is quickly turning into a maybe next year kind of project... I really appreciate all of you insight! Thank you!