Zeroconf on OpenSUSE
I have been struggling with my home network for long time, and I do not mean setting up the router, that’s easy. What I was struggling with is using names for machines. Of course you can set names in the router, but is it really what we want? In times of dynamic networks, where devices come and go only small subset of them is there to stay. So I have been doing binding of IP addresses to MAC addresses on the router level to ensure all computers can access the printer or backup… How antiquated is that?
Welcome to the age of zero-configuration networking(zeroconf). Zeroconf provides set of protocols that allows configuration less discovery of network. Well almost configuration less, we still need to setup each computer. Although zeroconf also specifies automatic IP addresses assignment I think it’s almost pointless when we get access to internet everywhere – with dynamic IP address provided by DHCP.
What exactly does us give this zeroconf? For me it is no need for DNS locally, all computers with properly configured zeroconf will be visible to each other. Additionally this also implies no more need to set up static addresses as the names are automatically recognized in the system. So we can skip hard codding IP for the printer – yes many networked devices are already zeroconf enabled and should be visible by default.
All the commands should be executed from
konsole you can start it fast with pressing
ALT+F2 and typing
konsole followed by
<ENTER>. Before we start anything we need to become root user, depending on your system configuration you might use
sudo -s or
su - to enter administrative mode.
The most important step in zeroconf is configuring our computer name, this is one time setup and from this point on whenever we go, out computer will have the same easy to use name. Using console we need to set the system name and update one file:
hostname mpapis-linux hostname > /etc/hostname
With the system named properly we need to restart the zeroconfig service to use the new name, on OpenSUSE it is
avahi-daemon and can be restarted with:
systemctl restart avahi-daemon
That should be it! Let’s test our configuration, we need to install/use extra tool:
zypper in avahi-utils avahi-browse -at
Unfortunately the output in most cases will be empty.
Let’s do quick course in security. By default OpenSUSE comes with
SuSEFirewall2 which by default opens all traffic on internal interfaces and closes all traffic on external interfaces. Did anyone configure your interfaces to be internal? Let’s drop it here, the default firewall has no integration with
NetworkManager(NM) – which is enabled by default on laptop setups. We will have to switch to another firewall that has integration for NM –
firewalld. This requires us to do few extra steps:
zypper addrepo http://download.opensuse.org/repositories/security:/netfilter/openSUSE_Factory security:netfilter zypper addrepo http://download.opensuse.org/repositories/devel:/languages:/python/openSUSE_Leap_42.1 devel:languages:python zypper refresh zypper remove SuSEfirewall2 zypper addlock SuSEfirewall2 zypper install firewalld firewall-applet firewall-config systemctl enable firewalld systemctl start firewalld
The bad news is now it’s best to restart the system for all the changes to take effect… relogin might be enough but I haven’t tested that.
After the system is up and running we can now configure our firewall with
firewall-config, open it, disable all services in
public zone, enable
internal zone. The
public zone will be used as default when not set for network connections, we need to set the
internal zone for connections we trust.
Let’s now configure connections, first we get the list:
for each of the connections we trust we execute this line (replace
"connection name" with the name of the connection):
nmcli connection modify "connection name" connection.zone internal
From now on when we connect to one of the trusted networks our firewall will switch to the
internal zone and we should now get access to our zeroconf autodetection:
The output will now show all the devices in the network that support zeroconf, some example output from my network:
+ eth0 IPv4 Brother DCP-J4110DW Internet Printer local + eth0 IPv4 mpapis-linux SSH Remote Terminal local
That’s it, your computer will now use zeroconf when configured to (internal connections). Some extra commands that might be helpful:
It will show the list of available services with all the available details – including
hostname for use in our configurations or communication, for example I can type now:
from any computer in my home and it just works!
Most of the presented steps are for console but they can be as well executed from graphical interface via Yast.