2mmanu

Hello everyone, I’m testing a configuration with two Wi-Fi segments on my Keenetic Hero: Home (192.168.2.0/24) IoT (192.168.3.0/24) Goal: HomeKit devices connected to IoT should announce themselves via mDNS and be discoverable from Home. No reverse opening: Home should not announce itself to IoT, and devices in IoT should not initiate communication toward Home. Current setup: Relay multicast DNS enabled on both segments (Home and IoT). Firewall Home → IoT: ALLOW on “Any IP protocol”. Problem: Even with this configuration, devices in IoT are still not discovered from Home via dns-sd -B _hap._tcp. Questions: Does the IoT segment need an explicit firewall rule to allow UDP to 224.0.0.251:5353 for the relay to pick up and forward mDNS packets? Does Keenetic’s mDNS Relay act as a true proxy between segments, or is there additional configuration required? Is it possible to limit the relay to one-way (IoT → Home) to avoid reverse discovery? Any advice or insights from the community or Keenetic team would be greatly appreciated. Thanks in advance!