Skip to content

Instantly share code, notes, and snippets.

@squarooticus

squarooticus/nftables_mdns.conf

Last active January 31, 2024 06:44
Show Gist options
  • Save squarooticus/7b8c6cc5871213db6baa12eb3c01f036 to your computer and use it in GitHub Desktop.
Save squarooticus/7b8c6cc5871213db6baa12eb3c01f036 to your computer and use it in GitHub Desktop.
Download ZIP
Use nftables to repeat mDNS/Bonjour packets across two different interfaces. Works for Google Cast/Chromecast groups!
Raw
nftables_mdns.conf
table ip mangle {
chain prerouting {
type filter hook prerouting priority mangle; policy accept;
ip daddr 224.0.0.251 iif eth3 ip saddr set 192.168.2.1 dup to 224.0.0.251 device eth2 notrack
ip daddr 224.0.0.251 iif eth2 ip saddr set 192.168.3.1 dup to 224.0.0.251 device eth3 notrack
}
}
table ip6 mangle {
chain prerouting {
type filter hook prerouting priority mangle; policy accept;
ip6 daddr ff02::fb iif eth3 ip6 saddr set fd00:0:0:2::1 dup to ff02::fb device eth2 notrack
ip6 daddr ff02::fb iif eth2 ip6 saddr set fd00:0:0:3::1 dup to ff02::fb device eth3 notrack
}
}
@BBaoVanC
Copy link

Nevermind, it actually was working but I forgot to allow the regular traffic between VLANs. I didn't see anything in nftrace because the interface was not in promiscuous mode. Here's my working config:

table ip mdns {
    chain prerouting {
        type filter hook prerouting priority mangle; policy accept;

        # WARNING: nftrace does not work for this unless you put interface in promiscuous mode or
        # run tcpdump in the background
        # ip l set [iface] promisc [on/off]
        ip daddr 224.0.0.251 jump mdns
    }
    chain mdns {
        # repeat mDNS from IoT to main
        iif iot ip saddr set 10.0.0.1 dup to 224.0.0.251 device main
        iif main ip saddr set 10.0.4.1 dup to 224.0.0.251 device iot
    }
}

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment