Hi All,
so I gave this another try changing my setup slightly. So on my Office LAN there’s a TrueNAS server that I want to shield off against any clients connecting over Wifi. BUT: I need a bunch of iPads to connect to via Wifi to some of the office computers to remote control stuff like audio applications etc. These apps rely on Bonjour (mDNS) to advertise that they are on the network.
So I’ve got avahi going on my pfsense but I can not for the life of me figure out how I can set the Unifi AP ACpro to forward the mDNS info from the iPads to the wire. I have turned off broadcast blocking in Unifi for that network and I’ve turned on IGMP snooping but for some reason what ever I try mDNS just won’t reach the wire/rest of the network. I read an article on the Ubiquity website about how to setup broadcast and mDNS and my settings seem correct. However: They also mention that I need to turn on mDNS under services but this requires an USG which I am not using as my firewall is my pfsense and I see no reason to buy this appliance which is quite a bottle neck just to enable mDNS for my single AP. And then I’m not even sure if that will solve my problems.
I suspect pfsense being the cause because when I have my wired computers on the same VLAN as the AP is all works because pfsense has no influence as everything communicates directly over the switch (level 2)
Thing is I want to keep all wifi clients on a separate VLAN so I can create rules for every iPad so if someone gets into the Wifi who shouldn’t be there doesn’t have access to thr TrueNAS server that’s also on the Office LAN. (Hope that makes sense).
So the big question is: Why is mDNS not being seen by the Office VLAN with avahi turned on and a wide open allow rule that lets the iPads from the Wifi VLAN get to the office VLAN? I can ping all the ipads just fine so the rules should be correct. It’s just the mDNS advertising that isn’t seen by any of the office computers. So I doubt it’s the AP per se since it all works when the AP is one the same VLAN as the office machines. I want to avoid this setup as I’d have zero control about what the wifi can access on that network.
Is there anything I’m missing?
Many thanks!