I’ve separated my wifi on my OpenWRT (18.06.2) router (Netgear R7800) in a guest zone and a lan zone for security purposes (well not really, I did it because it was possible). One service I want to allow from guest -> lan zone is Airplay, which uses multicast traffic (Bonjour). It turns out to be very simple to forward Airplay somewhat difficult to diagnose or get this working. In the end I made the AppleTV part of two zones by connecting LAN to local zone and WLAN to guest zone.

Some required steps include (but are not sufficient):

1. Install avahi-utils, avahi-dbus-daemon, libavahi-client and libavahi-dbus-support as suggested by this post (openwrt.org)
2. Forward ports from guest -> lan as listed by Apple (apple.com)
3. Power cycle/reboot router, AppleTV, and clients (just to be sure)
4. Profit! --> still doesn’t seem to work stable Unfortunately, I was not able to get this working with my Pioneer VSX-510 which supports AirPlay (v1) natively. Below I note some more details.

AirPlay Mechanics ¶

From what I’ve learned, the mechanics of establishing airplay are as follows:

1. AirPlay server (e.g. AppleTV) broadcasts capabilities over mDNS, including IP/port info for clients
2. OR: AirPlay client broadcasts request over mDNS, server responds including IP/port info
3. Client connects (port/protocol unclear)
4. Streaming happens If either 1 or 2 don’t work, something is wrong with mDNS broadcasting/reflecting. If 3 or 4 don’t work, something is wrong with the firewall rules.

Firewall rules ¶

I’m forwarding the ports below, which is probably too much. 10.0.0.10 is the IP of my AppleTV.

config rule
	option target 'ACCEPT'
	option src 'guest'
	option name 'Allow-Guest-Airplay'
	option dest 'lan'
	option dest_ip '10.0.0.10'
	list dest_port '80'
	list dest_port '443'
	list dest_port '554'
	list dest_port '3689'
	list dest_port '5353'    

The guest zone is configured as follows:

config zone
	option name 'guest'
	option forward 'REJECT'
	option output 'ACCEPT'
	option network 'guest'
	option input 'REJECT'

config forwarding
	option dest 'wan'
	option src 'guest'

Avahi ¶

Not sure what it does, this default config worked for me. Interestingly Airplay works even though ’enable-reflector=no’ (contrary to what sources listed below say). YMMV.

[server]
#host-name=foo
#domain-name=local
use-ipv4=yes
use-ipv6=yes
check-response-ttl=no
use-iff-running=no

[publish]
publish-addresses=yes
publish-hinfo=yes
publish-workstation=no
publish-domain=yes
#publish-dns-servers=192.168.1.1
#publish-resolv-conf-dns-servers=yes

[reflector]
enable-reflector=no
reflect-ipv=no

[rlimits]
#rlimit-as=
rlimit-core=0
rlimit-data=4194304
rlimit-fsize=0
rlimit-nofile=30
rlimit-stack=4194304
rlimit-nproc=3

Sources ¶

• Need to access AppleTV connected to guest zone from LAN zone … which traffic rules to setup? (openwrt.org)
• What, exactly, is required to make Airplay work across VLANs? (stackexchange.com)
• TCP and UDP ports used by Apple software products (apple.com)