I’ve separated my wifi on my OpenWRT (18.06.2) router (Netgear R7800) in a guest zone and a lan zone for security purposes (well not really, I did it because it was possible). One service I want to allow from guest -> lan zone is Airplay, which uses multicast traffic (Bonjour). It turns out to be very simple to forward Airplay somewhat difficult to diagnose or get this working. In the end I made the AppleTV part of two zones by connecting LAN to local zone and WLAN to guest zone.

Some required steps include (but are not sufficient):

1. Install avahi-utils, avahi-dbus-daemon, libavahi-client and libavahi-dbus-support as suggested by this post
2. Forward ports from guest -> lan as listed by Apple
3. Power cycle/reboot router, AppleTV, and clients (just to be sure)
4. Profit! --> still doesn’t seem to work stable Unfortunately, I was not able to get this working with my Pioneer VSX-510 which supports AirPlay (v1) natively. Below I note some more details.

AirPlay Mechanics

From what I’ve learned, the mechanics of establishing airplay are as follows:

1. AirPlay server (e.g. AppleTV) broadcasts capabilities over mDNS, including IP/port info for clients
2. OR: AirPlay client broadcasts request over mDNS, server responds including IP/port info
3. Client connects (port/protocol unclear)
4. Streaming happens If either 1 or 2 don’t work, something is wrong with mDNS broadcasting/reflecting. If 3 or 4 don’t work, something is wrong with the firewall rules.

Firewall rules

I’m forwarding the ports below, which is probably too much. 10.0.0.10 is the IP of my AppleTV.

config rule
	option target 'ACCEPT'
	option src 'guest'
	option name 'Allow-Guest-Airplay'
	option dest 'lan'
	option dest_ip '10.0.0.10'
	list dest_port '80'
	list dest_port '443'
	list dest_port '554'
	list dest_port '3689'
	list dest_port '5353'    

The guest zone is configured as follows:

config zone
	option name 'guest'
	option forward 'REJECT'
	option output 'ACCEPT'
	option network 'guest'
	option input 'REJECT'

config forwarding
	option dest 'wan'
	option src 'guest'

Avahi

Not sure what it does, this default config worked for me. Interestingly Airplay works even though ’enable-reflector=no’ (contrary to what sources listed below say). YMMV.

[server]
#host-name=foo
#domain-name=local
use-ipv4=yes
use-ipv6=yes
check-response-ttl=no
use-iff-running=no

[publish]
publish-addresses=yes
publish-hinfo=yes
publish-workstation=no
publish-domain=yes
#publish-dns-servers=192.168.1.1
#publish-resolv-conf-dns-servers=yes

[reflector]
enable-reflector=no
reflect-ipv=no

[rlimits]
#rlimit-as=
rlimit-core=0
rlimit-data=4194304
rlimit-fsize=0
rlimit-nofile=30
rlimit-stack=4194304
rlimit-nproc=3

Sources

• Need to access AppleTV connected to guest zone from LAN zone … which traffic rules to setup?
• What, exactly, is required to make Airplay work across VLANs?
• TCP and UDP ports used by Apple software products