Saturday, May 17, 2008

Using mDNS / Zeroconf / Avahi and Firestarter Firewall on Ubuntu

About Multicast DNS
Multicast DNS (mDNS) allows machines on a local network to connect by name without the need for a local DNS server. Each machine must have a hostname set, and a mDNS client/server installed. Macs have it preinstalled (being called Bonjour), as well as modern releases of Linux including Ubuntu(called avahi). Windows clients can download and install Bonjour for Windows from the Apple website. It seems most modern printers use mDNS for easy printer setup. Even though I run a local DNS server using dnsmasq, mDNS makes DHCP client access easy.

The Problem
Long ago I installed Bonjour for Windows so I could access the machine via mDNS (multicast DNS). Today, my Ubuntu 8.04 machine would no longer connect to my Windows printer share. It turns out that Firestarter on the Ubuntu machine was the culprit. mDNS requests were being blocked regardless of my Firestarter config. So here is the fix:

sudo gedit /etc/firestarter/user-pre

Add the following two lines and save:

$IPT -A INPUT -p udp --dport 5353 -d -j ACCEPT
$IPT -A OUTPUT -p udp --dport 5353 -d -j ACCEPT

These two IP tables rules allow the mDNS requests in and out, and override any GUI configuration in Firestarter.

Restart avahi, then restart firestarter:

sudo /etc/init.d/avahi-daemon restart
sudo /etc/init.d/firestarter restart

If you are still having trouble, look at /etc/default/avahi-daemon and make sure it says: AVAHI_DAEMON_DETECT_LOCAL=1 . Also run sudo netstat -ltunp to verify that avahi-daemon is listening on port 5353.

Found here.

UPDATE: apparently this doesn't work for some.

1 comment:

Anonymous said...

Thanks for this tip, this also works great on CentOS 5.3! :)