Seeking Advice on Restricting Chromecast Access in Hotel Guest Network

Cibin cibin.net at gmail.com
Fri Feb 16 13:41:59 UTC 2024 

Dear Avahi Community,

I hope this email finds you well. I am reaching out to seek advice and
guidance on a network infrastructure challenge I am currently facing, and I
believe your expertise in Avahi could provide valuable insights.

I am currently working on a solution for a hotel that has Chromecasts
connected in all guest rooms. However, we are encountering an issue where
all guests connected to the hotel's Wi-Fi network can see all the
Chromecasts, regardless of which room they are in. To address this, we aim
to restrict Chromecast access so that each guest can only see the
Chromecast in their respective room.

Here is a brief overview of our proposed solution, which I have seen other
companies do for the hotel.


   1. Network Segmentation: We plan to separate the Chromecasts into a
   separate VLAN from the guest network.
   2. Firewall/NAT Server: We intend to install a firewall/NAT server with
   access to both VLANs.
   3. Avahi Integration: Avahi will be used on the server to handle mDNS
   queries and responses.
   4. NAT Pool: Each Chromecast will be assigned an IP address from a NAT
   pool on the server.
   5. Reflector Function: Avahi's reflector function will be enabled to
   handle mDNS queries from the guest network.
   6. Manipulating Avahi Records: We aim to manipulate the Avahi records of
   the Chromecasts to publish one of the IP addresses from the NAT pool. This
   way, when guest devices perform an mDNS query, they will receive the IP
   address of the Chromecast on the guest network.
   7. NAT Rule: Traffic to the IP address provided by the Avahi query will
   be redirected to the real address of the Chromecast using NAT rules.

While we have outlined this approach, we are seeking advice from the Avahi
community on the feasibility and best practices for implementing such a
solution. Specifically, we are unsure about how to manipulate Avahi records
effectively and ensure seamless redirection of traffic.

If anyone in the community has experience with similar setups or insights
into the Avahi functionalities that could assist us in achieving our goal,
we would greatly appreciate your input.

Thank you in advance for your time and assistance. We look forward to
hearing from you soon.

Warm regards,

Cibin
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.freedesktop.org/archives/avahi/attachments/20240216/5c4a0b09/attachment.htm>

More information about the avahi mailing list