Avahi behavior

[chrismurphy]

The simple question is, can anyone think of why mDNS would only work in one direction? The is, computer 1 resolves computer2.local fine. But computer 2 will not resolve computer1.local. Neither are running firewalls.

Detail version:
Happens with fully updated F17TC2, but regression indicates it behaves the same on F16 (as installed or updated).

I do not get bidirection resolution of mDNS hosts. For example two computers:

apple.local
f17s.local

From computer "apple" this command succeeds in connecting:

Code:

ssh chris@f17s.local

From computer "f17s" this command produces an error "ssh: Could not resolve hostname apple.local: Name or service not known"

Code:

ssh chris@apple.local

But if I use the actual IP, it works. On a 3rd computer running Mac OS, it resolves apple.local. So this seems to be either a missing setting or bug in F16/F17. Before I file a bug and post on the devel list, I thought I'd ask here first.

---------- Post added at 02:24 PM ---------- Previous post was at 01:44 PM ----------

I'm thinking this could be two different problems between F16 and F17. Now with F17 we have firewalld and I have no Firewall application to configure it. So I'm actually not sure this is a firewall problem with F17.

---------- Post added at 03:01 PM ---------- Previous post was at 02:24 PM ----------

Yeah, so missing now is the Firewall application. There isn't a GUI means of changing firewalld's defaults. And like iptables, it's blocking Avahi by default.

[katastrophal]

hm. As far as I figured out, you either have to switch to a different zone in firewalld or add it to the allowed services. I had a similar problem with my samba server.

this command lists all available services for firewalld, avahi should be mdns.

Code:

firewall-cmd --list=services

The output should look like this:

Code:

 cluster-suite pop3s bacula-client smtp ipp radius bacula ftp mdns samba 
 dhcpv6-client dns openvpn imaps samba-client http https telnet libvirt ssh 
 ipsecipp-client amanda-client tftp-client dhcpv6 nfs tftp libvirt-tls

to find out in which zone your connection is, you can use two different commands:

Code:

nmcli -f NAME,DEVICES,ZONE con status
firewall-cmd --get-active-zones

to find out which services are supported in your zone (in this case home):

Code:

 firewall-cmd --list=all --zone=home

this adds the service (in this case samba) to the allowed services in the zone home.

Code:

firewall-cmd --add --zone=home --service=samba

if you want to change the zone, you have to edit /etc/sysconfig/network-scripts/(your connection here).
simply add ZONE = home or whatever zone you want at the end of the .cfg file. NetworkManager will automatically reconnect and pick up the correct zone.

BUT firewalld keeps forgetting the added services after a restart and I haven't figured out a way to make these settings permanent. I wrote an email to the firewalld-users mailing list, but no answer so far.
I have uninstalled firewalld and installed system-config-firewall because of that issue. At the moment it's just WAY more complicated than the old iptables interface, plus the only documentation or user manual I found was in fact the test-cases from the firewalld testday https://fedoraproject.org/wiki/Test_...3-19_firewalld
How am I supposed to find out how to do anything with it?

I have yet to see the advantages of this new daemon, the Zone model is a nice idea though. In my humble opinion they should have waited to include it as a default until they have some graphical way of configuring it.

I hope this helps a little :-)

[chrismurphy]

According to this there is a graphical configuration utility called firewall-config. But F17 Beta RC1 doesn't include it. And I haven't found it in any fedora repo with yum.

I posted an inquiry on the devel mailing list as "F17, firewalld, avahi". But no response yet.

[katastrophal]

Some of your (and my) questions are answered at the firewalld-users mailing list --> https://fedorahosted.org/pipermail/f...ch/000002.html