I just bought an airport express in order to use the airplay feature. I have connected via the ethernet port to my switch and set it up in bridge mode whilst turning wireless off. However, even though it gets DHCP address via UTM (same subnet as wifi internal clients and therefore no Multicast Routing (PIM-SM) needed ) I am not able to "detect" it via internal hosts
They are on the same subnet and therefore bonjour service should not be blocked.However, it doesn't work (even though I can ping the AE host from the wifi hosts)
Anyone had any experience with UTM and Bonjour services (Airport express)?
It seems that airport express is trying to contact UTM on port 1900 and 5351 (UPnP and NAT).Is this requirement for Bonjour service? I would expect to see UDP 5353 (multicast DNS) as destination and not source!
id="2001" severity="info" sys="SecureNet" sub="packetfilter" name="Packet dropped" action="drop" fwrule="60001" initf="eth1.10" srcmac="88:1f:a1:3d:ee:94" dstmac="0:1a:8c:12:ea:e1" srcip="Airport Express" dstip="UTM" proto="17" length="30" tos="0x00" prec="0x00" ttl="255" srcport="5353" dstport="5351"
id="2001" severity="info" sys="SecureNet" sub="packetfilter" name="Packet dropped" action="drop" fwrule="60001" initf="eth1.10" mark="0x31d7" app="471" srcmac="88:1f:a1:3d:ee:94" dstmac="0:1a:8c:12:ea:e1" srcip="Airport Express" dstip="UTM" proto="17" length="156" tos="0x00" prec="0x00" ttl="255" srcport="53288" dstport="1900"
id="2001" severity="info" sys="SecureNet" sub="packetfilter" name="Packet dropped" action="drop" fwrule="60001" initf="eth1.10" srcmac="88:1f:a1:3d:ee:94" dstmac="0:1a:8c:12:ea:e1" srcip="Airport Express" dstip="UTM" proto="17" length="30" tos="0x00" prec="0x00" ttl="255" srcport="5353" dstport="5351"
id="2001" severity="info" sys="SecureNet" sub="packetfilter" name="Packet dropped" action="drop" fwrule="60001" initf="eth1.10" mark="0x31d7" app="471" srcmac="88:1f:a1:3d:ee:94" dstmac="0:1a:8c:12:ea:e1" srcip="Airport Express" dstip="UTM" proto="17" length="156" tos="0x00" prec="0x00" ttl="255" srcport="64606" dstport="1900"
id="2001" severity="info" sys="SecureNet" sub="packetfilter" name="Packet dropped" action="drop" fwrule="60001" initf="eth1.10" srcmac="88:1f:a1:3d:ee:94" dstmac="0:1a:8c:12:ea:e1" srcip="Airport Express" dstip="UTM" proto="17" length="30" tos="0x00" prec="0x00" ttl="255" srcport="5353" dstport="5351"
id="2001" severity="info" sys="SecureNet" sub="packetfilter" name="Packet dropped" action="drop" fwrule="60001" initf="eth1.10" mark="0x31d7" app="471" srcmac="88:1f:a1:3d:ee:94" dstmac="0:1a:8c:12:ea:e1" srcip="Airport Express" dstip="UTM" proto="17" length="157" tos="0x00" prec="0x00" ttl="255" srcport="64606" dstport="1900"
id="2001" severity="info" sys="SecureNet" sub="packetfilter" name="Packet dropped" action="drop" fwrule="60001" initf="eth1.10" srcmac="88:1f:a1:3d:ee:94" dstmac="0:1a:8c:12:ea:e1" srcip="Airport Express" dstip="UTM" proto="17" length="30" tos="0x00" prec="0x00" ttl="255" srcport="5353" dstport="5351"
id="2001" severity="info" sys="SecureNet" sub="packetfilter" name="Packet dropped" action="drop" fwrule="60001" initf="eth1.10" mark="0x31d7" app="471" srcmac="88:1f:a1:3d:ee:94" dstmac="0:1a:8c:12:ea:e1" srcip="Airport Express" dstip="UTM" proto="17" length="156" tos="0x00" prec="0x00" ttl="255" srcport="64606" dstport="1900"
id="2001" severity="info" sys="SecureNet" sub="packetfilter" name="Packet dropped" action="drop" fwrule="60001" initf="eth1.10" srcmac="88:1f:a1:3d:ee:94" dstmac="0:1a:8c:12:ea:e1" srcip="Airport Express" dstip="UTM" proto="17" length="30" tos="0x00" prec="0x00" ttl="255" srcport="5353" dstport="5351"
id="2001" severity="info" sys="SecureNet" sub="packetfilter" name="Packet dropped" action="drop" fwrule="60001" initf="eth1.10" mark="0x31d7" app="471" srcmac="88:1f:a1:3d:ee:94" dstmac="0:1a:8c:12:ea:e1" srcip="Airport Express" dstip="UTM" proto="17" length="157" tos="0x00" prec="0x00" ttl="255" srcport="64606" dstport="1900"
id="2001" severity="info" sys="SecureNet" sub="packetfilter" name="Packet dropped" action="drop" fwrule="60001" initf="eth1.10" srcmac="88:1f:a1:3d:ee:94" dstmac="0:1a:8c:12:ea:e1" srcip="Airport Express" dstip="UTM" proto="17" length="30" tos="0x00" prec="0x00" ttl="255" srcport="5353" dstport="5351"
id="2001" severity="info" sys="SecureNet" sub="packetfilter" name="Packet dropped" action="drop" fwrule="60001" initf="eth1.10" mark="0x31d7" app="471" srcmac="88:1f:a1:3d:ee:94" dstmac="0:1a:8c:12:ea:e1" srcip="Airport Express" dstip="UTM" proto="17" length="156" tos="0x00" prec="0x00" ttl="255" srcport="64606" dstport="1900"
id="2001" severity="info" sys="SecureNet" sub="packetfilter" name="Packet dropped" action="drop" fwrule="60001" initf="eth1.10" srcmac="88:1f:a1:3d:ee:94" dstmac="0:1a:8c:12:ea:e1" srcip="Airport Express" dstip="UTM" proto="17" length="30" tos="0x00" prec="0x00" ttl="255" srcport="5353" dstport="5351"
id="2001" severity="info" sys="SecureNet" sub="packetfilter" name="Packet dropped" action="drop" fwrule="60001" initf="eth1.10" mark="0x31d7" app="471" srcmac="88:1f:a1:3d:ee:94" dstmac="0:1a:8c:12:ea:e1" srcip="Airport Express" dstip="UTM" proto="17" length="157" tos="0x00" prec="0x00" ttl="255" srcport="64606" dstport="1900"
Also port 192 (UDP) is been blocked by UTM. This port is related to airport extreme discovery (http://support.apple.com/kb/TS1629)
2013:10:27-00:57:03 stuffman ulogd[4568]: id="2001" severity="info" sys="SecureNet" sub="packetfilter" name="Packet dropped" action="drop" fwrule="60001" initf="eth1.10" srcmac="70:56:81:c2:3a:19" dstmac="0:1a:8c:12:ea:e1" srcip="" dstip="UTM" proto="17" length="32" tos="0x00" prec="0x00" ttl="64" srcport="65009" dstport="192"
Thanks
This thread was automatically locked due to age.
