iptables rule to forward mdns requests (virtual machine)

stoorky · 09-01-2022, 12:28 PM

I have :

A virtualization host, with :
LAN : 192.168.137.1
Wi-Fi : DHCP

A virtual machine (virtualbox), connected through a bridge with the host (192.168.137.6)
The host acts as a gateway, I set up a masquerade iptables rule :
Code:
```
IPT=/sbin/iptables
$IPT -t nat -A POSTROUTING -o wlp2s0 -j MASQUERADE
```

And a wireless printer/scanner

From the host, I can print and scan without problem. The printer is discovered through mdns :

Code:

$ mdns-scan 
+ HP OfficeJet Pro 8710 [8B5B51]._printer._tcp.local
+ HP OfficeJet Pro 8710 [8B5B51]._pdl-datastream._tcp.local
(...)

From the guest, the wireless printer isn't discovered through mdns, although I can ping it :

Code:

$ mdns-scan 
Browsing ... \           
[ nothing is discovered ]

$ ping 192.168.0.186
PING 192.168.0.186 (192.168.0.186) 56(84) bytes of data.
64 bytes from 192.168.0.186: icmp_seq=1 ttl=254 time=49.4 ms
64 bytes from 192.168.0.186: icmp_seq=2 ttl=254 time=4.72 ms
64 bytes from 192.168.0.186: icmp_seq=3 ttl=254 time=14.7 ms
(...)

Is there an additional IP rule to set up on the host to forward mdns requests ?

michaelk · 09-01-2022, 01:21 PM

mDNS as far as I know does not cross subnets. Typically home subnets on 192.168.x.x are /24(255.255.255.0) and therefore 192.168.137.1 and 192.168.0.186 are not on the same network.

When you create a new guest VirtualBox configures the network for NAT which uses a virtual router between the host and guest. How is your guest configured?

One solution would be to use a local DNS.

I am not a networking expert but if you have a bridge then why the need for a NAT firewall rule.

stoorky · 09-01-2022, 03:31 PM

> How is your guest configured?
> Why the need for a NAT firewall rule.
Well, it's kind of a travel setup. I get my internet from a mobile GSM/Wi-Fi box (like that on : https://www.tp-link.com/uk/home-networking/mifi/m7200/). My host is a laptop, and is also connected to a small LAN, with a NAS. I need to access the NAS from the guest.

So, the guest is connected to the host in bridge mode : host, guest and NAS are on the same LAN.

And with this setup SNAT masquerading on the host is required so the guest can access the internet, through the host's WLAN

Anyway, everything works just fine, I have this setup for a few years now. But I just deployed a wireless printer/scanner, and I can not discover it from within the guest.

> mDNS as far as I know does not cross subnets.
OK, but if I can ping the wireless printer from within the guest, then I should be able to print on it, one way or another, no ?
The problem is that even though I can ping the printer, it's not detected through mDNS

I suspect there is an iptables rule on the host that could forward the guest's mDNS requests on the WLAN,but I cannot work out how

stoorky · 09-01-2022, 09:49 PM

@michaelk : +1 for "mDNS as far as I know does not cross subnets", it made me google "mDN subnet crossing linux", which gave some pointers to the right direction

I found an easy workaround : I just added a second NIC to the guest, bridged with the host's WLAN, and done !

Note however that it seems that mDNS subnet crossing can be done, by configuring Avahi in a reflector mode. There's also that project : https://github.com/geekman/mdns-repeater/. I didn't test any of it though, my workaround is good enough for now.