I was watching this video:
pfsense and Rules For IoT Devices with mDNS
I need to figure out how it works exactly. So, sorry if my question may sound stupid to the most.
Assuming that I have a smart tv or something running on subnet 172.16.69.0/24 which uses mDNS and needs to communicate with a server on LAN 192.168.3.0/24 in order to get media contents, would the setup shown in the video be the same? Or
mDNS is used for device discovery and a lot of IoT services support this. Otherwise when you are trying to connect a device from a different subnet you’ll have to have the proper firewall rules to allow traffic to the other subnets and inputting the IP of the device you want to connect to.
Did you watch the video I linked above?
I had all kinds of questions when I started using pfSense. Always worth asking if you need some help.
Yes, based on the description of your setup, yes, you’d do it exactly the same as Tom does, except when setting up the IoT blocking rule.
At time code 11:47 in the video, instead of using an alias for multiple networks, you can just select Network from the dropdown menu, then add your network address in the box to the right - 192.168.3.0 and select /24
As described. the Avahi package and the daemon it installs pass the mDNS listings between the selected subnets for you. A separate firewall rule is not required. I use this setup currently and have no issues.
As for what’s going on (and I’m oversimplifying), the mDNS information is simply being made available between the subnets to allow a device like a smartphone or tablet on the LAN network to find your Chromecast, Smart TV, etc on the IoT network.
Since traffic can flow from your LAN network where your phone or tablet is to the IoT network, it can send what it needs to to tell the IoT device to start streaming for example. All the streaming of the media happens on the IoT network only which ideally can only talk to the Internet and nothing else.
Hopefully that answers your question.