UCSecurity

I moved my iTunes library to my NAS tonight and setup Firefly to serve the library (another post).  All was working great until I moved back to the wireless network which happens to be on a different subnet.  My firewall is on the development branch of pfSense (currently slated for 2.0) and I’ve been bitten by some of the new interface code enough to not have the stomach to try and bridge the two interfaces (I actually tried that at one point and spent a fair amount of time fixing it), so I decided to look into Avahi some.

This turned out to be a surprisingly easy setup.  If my CF card that I have my pfSense installed on (full install, not embedded) wasn’t so slow, I’d probably have finished in under 15 minutes, as it was, it took a little closer to 30.  The first step was to:

pkg_add -rv avahi

to pick up the precompiled FreeBSD 7 package and all it’s prereqs (there were a number including both python and perl – why, I don’t know – but until that’s figured out, there’s no chance in hell I’ll ever make this into a pfSense package).

Once that was done, I edited /usr/local/etc/avahi/avahi-daemon.conf.  In the server section, I filled in  the host-name of the firewall with the firewalls name and the domain-name as ‘local’, inserted ‘local, ‘ into browse-domains, set enable-dbus=no and set use-ipv4=yes and use-ipv6=no, all others in this section were left as default.  Under the reflector secion, I set enable-reflector=yes and left everything else as default, ditto for all other sections (for better or worse, dunno yet).

# $Id$
#
# This file is part of avahi.
#
# avahi is free software; you can redistribute it and/or modify it
# under the terms of the GNU Lesser General Public License as
# published by the Free Software Foundation; either version 2 of the
# License, or (at your option) any later version.
#
# avahi is distributed in the hope that it will be useful, but WITHOUT
# ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
# or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public
# License for more details.
#
# You should have received a copy of the GNU Lesser General Public
# License along with avahi; if not, write to the Free Software
# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307
# USA.

# See avahi-daemon.conf(5) for more information on this configuration
# file!

[server]
host-name=firewall
domain-name=local
browse-domains=local, 0pointer.de, zeroconf.org
use-ipv4=yes
use-ipv6=no
#check-response-ttl=no
#use-iff-running=no
enable-dbus=no
#disallow-other-stacks=no
#allow-point-to-point=no

[wide-area]
enable-wide-area=yes

[publish]
#disable-publishing=no
#disable-user-service-publishing=no
#add-service-cookie=no
#publish-addresses=yes
#publish-hinfo=yes
#publish-workstation=yes
#publish-domain=yes
#publish-dns-servers=192.168.50.1, 192.168.50.2
#publish-resolv-conf-dns-servers=yes
#publish-aaaa-on-ipv4=yes
#publish-a-on-ipv6=no

[reflector]
enable-reflector=yes
#reflect-ipv=no

[rlimits]
#rlimit-as=
rlimit-core=0
rlimit-data=4194304
rlimit-fsize=0
rlimit-nofile=300
rlimit-stack=4194304
rlimit-nproc=3

To make the pfSense rc system pick up avahi and start it, you’ll need to update /usr/local/etc/rc.d/avahi-daemon and add:

avahi_daemon_enable=”YES”

before the:

avahi_daemon_enable=${avahi_daemon_enable-${gnome_enable}}

line.  And last but not least, run:

/usr/local/etc/rc.d/avahi-daemon start

You should get back a message telling you it started.  On my Mac, I confirmed that it was running and relaying services with iStumbler – just go to the Bonjour plugin.  I wasn’t patient enough to wait for iTunes to detect it and relaunched it instead to force it to rescan.  On restart iTunes found the Firefly server immediately and I’m now enjoying some AC/DC while writing this post.

Send to:

Tags: avahi, firefly, pfsense