Comment 16 for bug 447442

In my case:

- Running several VMs under libvirt.
- Host and VMs have avahi and mDNS setup.
- VMs are in NAT'd network (192.168.122.0/24)
- /var/log/syslog contains

avahi-daemon[17165]: Received response from host 192.168.122.1 with invalid source port 1049 on interface 'virbr0.0'

What's happening here is NAT translation. This is because the destination address for mDNS is 224.0.0.251 and the default iptables setup is:

# iptables -t nat -L POSTROUTING -n
Chain POSTROUTING (policy ACCEPT)
target prot opt source destination
MASQUERADE tcp -- 192.168.122.0/24 !192.168.122.0/24 masq ports: 1024-65535
MASQUERADE udp -- 192.168.122.0/24 !192.168.122.0/24 masq ports: 1024-65535
MASQUERADE all -- 192.168.122.0/24 !192.168.122.0/24

One solution is to not masquerade mDNS packets:

iptables -t nat -I POSTROUTING 1 -m udp -p udp --sport 5353 --dport 5353 -j ACCEPT

A more general fix for multicast and broadcast would probably be better.

Here's tcpdump output from the virbr0 interface showing a mDNS request / response:

13:19:55.618332 IP 192.168.122.114.5353 > 224.0.0.251.5353: 0 A (QM)? test.local. (32)
13:19:55.619205 IP 192.168.122.6.5353 > 224.0.0.251.5353: 0*- [0q] 1/0/0 (Cache flush) A 192.168.122.6 (42)