Firewall – How to unblock service discovery for IPv4 via Avahi

avahifirewall

On a Debian 6.0.6 system (squeeze) I am having trouble resolving a host using Avahi and IPv4. Here is a sample output:

: nr@homedog 10102 ; avahi-browse -a
+   eth0 IPv6 yorkie [00:1f:3b:d8:67:1d]     Workstation          local
+   eth0 IPv6 homedog [bc:5f:f4:5a:b1:73]    Workstation          local
+   eth0 IPv4 homedog [bc:5f:f4:5a:b1:73]    Workstation          local

Notice that homedog, the local machine, is visible both on IPv6 and IPv4. But yorkie, the remote machine, is visible only on IPv4. And avahi-resolve-host-name -4 yorkie.local hangs with no result.

EDIT: The situation is symmetric: yorkie sees itself on IPv4 and IPv6, but it sees homedog on IPv6 only.

On yorkie, the output from iptables -vnL is

Chain INPUT (policy ACCEPT 109K packets, 98M bytes)
 pkts bytes target     prot opt in     out     source   destination     

Chain FORWARD (policy ACCEPT 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source   destination  

Chain OUTPUT (policy ACCEPT 108K packets, 94M bytes)
 pkts bytes target     prot opt in     out     source   destination

(To make the display fit StackExchange without wrapping, I have taken a couple of liberties with horizontal space.) The display on homedog is identical except for the numbers: for all three, it displays 0 packets and 0 bytes.
(I have no clue how to interpret these outputs, but it may be informative that yorkie's current uptime is 41 days and homedog's current uptime is 6 hours.)

I found a closed ticket at http://avahi.org/ticket/297, which suggests that the problem is some sort of firewall configuration. I am a complete novice in this area, and through web search I have been unable to inform myself about how to use the iptables command to diagnose or repair the problem. I found another ticket as Debian bug 547974, but this bug was closed without explaining how to fix the problem.

The hypothesis is that somehow the service-discovery packet is being blocked—I don't know on which machine. Can anyone say how to discover which machine is blocking the packet and how to reconfigure it so Avahi discovers the IPv4 address?

Best Answer

This one isn't still fully diagnosed, but it was a combination of two problems:

  • On host yorkie, some unknown daemon keeps installing iptables rules. I remove the rules, but eventually they reappear.

  • The more pernicious part: yorkie is connected wirelessly, and **my Verizon ActionTec router was blocking mDNS packets.

With both problems resolved, avahi-browse -a works as expected.

Related Topic