Orbi WiFi 7 RBE973

Re: Adding mDNS services for Orbi Pro 6

capin
Tutor

Adding mDNS services for Orbi Pro 6

I would like to have a isolated vlan with limited service access to a page hosted on port 443 from another vlan. Is that possible? I was thinking mDNS would be a possible solution but I only see chromecast and printers etc. Could I just host this page on the same port that chromecast uses?

 

Any ideas are appreciated! Thanks!

Message 1 of 7

Accepted Solutions
archite
Star

Re: Adding mDNS services for Orbi Pro 6

When you enable mDNS from one VLAN to another, it exposes everything on those hosts to the target VLAN I've found. I assume this is because it would be a headache to parse the mDNS advertisement for every service and create an iptables rule for each one.

 

If you want to expose one or two services between VLAN's, then a host that is attached to both sides would be the easiest and most secure. You could either proxy the connection using traefikcaddy, or even just straight iptables.

 

The mDNS feature added by NetGear is mostly just a 1 directional convenience tool to allow access IoT devices to be accessed easily. I think you're asking too much from it. It's barely better than an mDNS-repeater.

View solution in original post

Message 4 of 7

All Replies
archite
Star

Re: Adding mDNS services for Orbi Pro 6

I would just put the sever port to trunk and add a vlan address for any networks it should present services for. You’ll need to disable network isolation though. The mDNS gateway is nice but enabling it exposes all hosts into the target vlan which you may or may not want. Further, if you want to do just mDNS for chromecast, you may have to fiddle with the RIP settings I’ve read but I only have Apple TVs.

Personally, I have my dhcp/dns server on a trunk and hoobs in and IoT vlan and that works for me.
Message 2 of 7
capin
Tutor

Re: Adding mDNS services for Orbi Pro 6

That works, however my goal was to have a vlan that can only be accessed by one or two ports (such as 22, 443) without allowing any other ports to be open to the other vlans. 

 

Any idea on how to do that or would that require a firewall appliance?

Message 3 of 7
archite
Star

Re: Adding mDNS services for Orbi Pro 6

When you enable mDNS from one VLAN to another, it exposes everything on those hosts to the target VLAN I've found. I assume this is because it would be a headache to parse the mDNS advertisement for every service and create an iptables rule for each one.

 

If you want to expose one or two services between VLAN's, then a host that is attached to both sides would be the easiest and most secure. You could either proxy the connection using traefikcaddy, or even just straight iptables.

 

The mDNS feature added by NetGear is mostly just a 1 directional convenience tool to allow access IoT devices to be accessed easily. I think you're asking too much from it. It's barely better than an mDNS-repeater.

Message 4 of 7
capin
Tutor

Re: Adding mDNS services for Orbi Pro 6

Thank you so much for the help with this @archite! Your posts have been really informative!

 

I like the idea of just having a simple device on both vlans and setting up iptables for port forwarding, but don't have something lying around I could use for that.

 

Now, I'm thinking of setting up a pfsense firewall appliance and setting that up between my orbi and internet connection, have that create the vlans and set the orbi to access point mode. Let me know if you have any thoughts on that.

 

Thanks again!

Message 5 of 7
archite
Star

Re: Adding mDNS services for Orbi Pro 6

That would work but make sure it has enough resources to handle the speed of your connection and the number of clients you plan on having within the network and ensure the CPU has support for AES-NI. I've thought about doing this myself but didn't want o drop $800 to support my gigabit internet.

Message 6 of 7
capin
Tutor

Re: Adding mDNS services for Orbi Pro 6

All great points! This is quickly turning into a maybe next year kind of project... I really appreciate all of you insight! Thank you!

Message 7 of 7
Top Contributors
Discussion stats
  • 6 replies
  • 5254 views
  • 4 kudos
  • 2 in conversation
Announcements