Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 18 replies
  • Subscribers 3 subscribers
  • Views 19040 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

UTM (bonjour) and Airport Express issue

wingman
Hi All

I just bought an airport express in order to use the airplay feature. I have connected via the ethernet port to my switch and set it up in bridge mode whilst turning wireless off. However, even though it gets DHCP address via UTM (same subnet as wifi internal clients and therefore no Multicast Routing (PIM-SM) needed )  I am not able to "detect" it via internal hosts

They are on the same subnet and therefore bonjour service should not be blocked.However, it doesn't work (even though I can ping the AE host from the wifi hosts)

Anyone had any experience with UTM and Bonjour services (Airport express)?

It seems that airport express is trying to contact UTM on port 1900 and 5351 (UPnP and NAT).Is this requirement for Bonjour service? I would expect to see UDP 5353 (multicast DNS) as destination and not source!

id="2001" severity="info" sys="SecureNet" sub="packetfilter" name="Packet dropped" action="drop" fwrule="60001" initf="eth1.10" srcmac="88:1f:a1:3d:ee:94" dstmac="0:1a:8c:12:ea:e1" srcip="Airport Express" dstip="UTM" proto="17" length="30" tos="0x00" prec="0x00" ttl="255" srcport="5353" dstport="5351"
id="2001" severity="info" sys="SecureNet" sub="packetfilter" name="Packet dropped" action="drop" fwrule="60001" initf="eth1.10" mark="0x31d7" app="471" srcmac="88:1f:a1:3d:ee:94" dstmac="0:1a:8c:12:ea:e1" srcip="Airport Express" dstip="UTM" proto="17" length="156" tos="0x00" prec="0x00" ttl="255" srcport="53288" dstport="1900"
id="2001" severity="info" sys="SecureNet" sub="packetfilter" name="Packet dropped" action="drop" fwrule="60001" initf="eth1.10" srcmac="88:1f:a1:3d:ee:94" dstmac="0:1a:8c:12:ea:e1" srcip="Airport Express" dstip="UTM" proto="17" length="30" tos="0x00" prec="0x00" ttl="255" srcport="5353" dstport="5351"
id="2001" severity="info" sys="SecureNet" sub="packetfilter" name="Packet dropped" action="drop" fwrule="60001" initf="eth1.10" mark="0x31d7" app="471" srcmac="88:1f:a1:3d:ee:94" dstmac="0:1a:8c:12:ea:e1" srcip="Airport Express" dstip="UTM" proto="17" length="156" tos="0x00" prec="0x00" ttl="255" srcport="64606" dstport="1900"
id="2001" severity="info" sys="SecureNet" sub="packetfilter" name="Packet dropped" action="drop" fwrule="60001" initf="eth1.10" srcmac="88:1f:a1:3d:ee:94" dstmac="0:1a:8c:12:ea:e1" srcip="Airport Express" dstip="UTM" proto="17" length="30" tos="0x00" prec="0x00" ttl="255" srcport="5353" dstport="5351"
id="2001" severity="info" sys="SecureNet" sub="packetfilter" name="Packet dropped" action="drop" fwrule="60001" initf="eth1.10" mark="0x31d7" app="471" srcmac="88:1f:a1:3d:ee:94" dstmac="0:1a:8c:12:ea:e1" srcip="Airport Express" dstip="UTM" proto="17" length="157" tos="0x00" prec="0x00" ttl="255" srcport="64606" dstport="1900"
id="2001" severity="info" sys="SecureNet" sub="packetfilter" name="Packet dropped" action="drop" fwrule="60001" initf="eth1.10" srcmac="88:1f:a1:3d:ee:94" dstmac="0:1a:8c:12:ea:e1" srcip="Airport Express" dstip="UTM" proto="17" length="30" tos="0x00" prec="0x00" ttl="255" srcport="5353" dstport="5351"
id="2001" severity="info" sys="SecureNet" sub="packetfilter" name="Packet dropped" action="drop" fwrule="60001" initf="eth1.10" mark="0x31d7" app="471" srcmac="88:1f:a1:3d:ee:94" dstmac="0:1a:8c:12:ea:e1" srcip="Airport Express" dstip="UTM" proto="17" length="156" tos="0x00" prec="0x00" ttl="255" srcport="64606" dstport="1900"
id="2001" severity="info" sys="SecureNet" sub="packetfilter" name="Packet dropped" action="drop" fwrule="60001" initf="eth1.10" srcmac="88:1f:a1:3d:ee:94" dstmac="0:1a:8c:12:ea:e1" srcip="Airport Express" dstip="UTM" proto="17" length="30" tos="0x00" prec="0x00" ttl="255" srcport="5353" dstport="5351"
id="2001" severity="info" sys="SecureNet" sub="packetfilter" name="Packet dropped" action="drop" fwrule="60001" initf="eth1.10" mark="0x31d7" app="471" srcmac="88:1f:a1:3d:ee:94" dstmac="0:1a:8c:12:ea:e1" srcip="Airport Express" dstip="UTM" proto="17" length="157" tos="0x00" prec="0x00" ttl="255" srcport="64606" dstport="1900"
id="2001" severity="info" sys="SecureNet" sub="packetfilter" name="Packet dropped" action="drop" fwrule="60001" initf="eth1.10" srcmac="88:1f:a1:3d:ee:94" dstmac="0:1a:8c:12:ea:e1" srcip="Airport Express" dstip="UTM" proto="17" length="30" tos="0x00" prec="0x00" ttl="255" srcport="5353" dstport="5351"
id="2001" severity="info" sys="SecureNet" sub="packetfilter" name="Packet dropped" action="drop" fwrule="60001" initf="eth1.10" mark="0x31d7" app="471" srcmac="88:1f:a1:3d:ee:94" dstmac="0:1a:8c:12:ea:e1" srcip="Airport Express" dstip="UTM" proto="17" length="156" tos="0x00" prec="0x00" ttl="255" srcport="64606" dstport="1900"
id="2001" severity="info" sys="SecureNet" sub="packetfilter" name="Packet dropped" action="drop" fwrule="60001" initf="eth1.10" srcmac="88:1f:a1:3d:ee:94" dstmac="0:1a:8c:12:ea:e1" srcip="Airport Express" dstip="UTM" proto="17" length="30" tos="0x00" prec="0x00" ttl="255" srcport="5353" dstport="5351"
id="2001" severity="info" sys="SecureNet" sub="packetfilter" name="Packet dropped" action="drop" fwrule="60001" initf="eth1.10" mark="0x31d7" app="471" srcmac="88:1f:a1:3d:ee:94" dstmac="0:1a:8c:12:ea:e1" srcip="Airport Express" dstip="UTM" proto="17" length="157" tos="0x00" prec="0x00" ttl="255" srcport="64606" dstport="1900"


Also port 192 (UDP) is been blocked by UTM. This port is related to airport extreme discovery (http://support.apple.com/kb/TS1629)
2013:10:27-00:57:03 stuffman ulogd[4568]: id="2001" severity="info" sys="SecureNet" sub="packetfilter" name="Packet dropped" action="drop" fwrule="60001" initf="eth1.10" srcmac="70:56:81:c2:3a:19" dstmac="0:1a:8c:12:ea:e1" srcip="" dstip="UTM" proto="17" length="32" tos="0x00" prec="0x00" ttl="64" srcport="65009" dstport="192" 


Thanks


This thread was automatically locked due to age.
Parents
  • 0
    Hi, 

    I don't know if multicast routing will help.

    In your logs, is 'dstip="UTM"' the UTM's interface address or the broadcast address?

    The UTM normally drops all broadcasts, but I'm not sure what it does with them on a wireless AP.

    Is the AP in "Bridge to LAN/VLAN" mode or in another mode? Can you change the mode?

    Barry
Reply
  • 0
    Hi, 

    I don't know if multicast routing will help.

    In your logs, is 'dstip="UTM"' the UTM's interface address or the broadcast address?

    The UTM normally drops all broadcasts, but I'm not sure what it does with them on a wireless AP.

    Is the AP in "Bridge to LAN/VLAN" mode or in another mode? Can you change the mode?

    Barry
Children
  • 0 in reply to BarryG
    Hi, 

    I don't know if multicast routing will help.

    In your logs, is 'dstip="UTM"' the UTM's interface address or the broadcast address?

    The UTM normally drops all broadcasts, but I'm not sure what it does with them on a wireless AP.

    Is the AP in "Bridge to LAN/VLAN" mode or in another mode? Can you change the mode?

    Barry


    UTM is the actual internal IP of astaro (192.168.2.x). The mode is "bridged to vlan" as I would UTM to provide DHCP addresses to clients as well

    I wouldn't expect it to be dropped via UTM though as the connection is via the switch. My desktop is connected to the switch directly (port 2).Port 5 is the AE. Both ports are on vlan 10