Thanks for the pointer--I'd forgotten about the firewall configuration. However, I'm still not able to get it to work. The avahi daemon is listening on 5353, but when I scan that port with my phone, it isn't open. The VM I'm using to test is running in server-only mode; not sure if that's relevant. Here's the netstat and iptables output:
[root@sme-test ~]# netstat -nap | grep avahi
udp 0 0 0.0.0.0:52791 0.0.0.0:* 2472/avahi-daemon
udp 0 0 0.0.0.0:5353 0.0.0.0:* 2472/avahi-daemon
unix 2 [ ACC ] STREAM LISTENING 17610 2472/avahi-daemon /var/run/avahi-daemon/socket
unix 3 [ ] STREAM CONNECTED 17612 2472/avahi-daemon
unix 3 [ ] STREAM CONNECTED 17607 2473/avahi-daemon
unix 3 [ ] STREAM CONNECTED 17606 2472/avahi-daemon
unix 2 [ ] DGRAM 17604 2472/avahi-daemon
[root@sme-test ~]# config set avahi service UDPPort 5353 status enabled access public
[root@sme-test ~]# signal-event remoteaccess-update
[root@sme-test ~]# iptables -L
Chain INPUT (policy DROP)
target prot opt source destination
state_chk all -- anywhere anywhere
local_chk all -- anywhere anywhere
PPPconn all -- anywhere anywhere
denylog all -- base-address.mcast.net/4 anywhere
denylog all -- anywhere base-address.mcast.net/4
InboundICMP icmp -- anywhere anywhere
denylog icmp -- anywhere anywhere
InboundTCP tcp -- anywhere anywhere tcp flags:FIN,SYN,RST,ACK/SYN
denylog tcp -- anywhere anywhere tcp flags:FIN,SYN,RST,ACK/SYN
InboundUDP udp -- anywhere anywhere
denylog udp -- anywhere anywhere
gre-in gre -- anywhere anywhere
denylog gre -- anywhere anywhere
denylog all -- anywhere anywhere
Chain FORWARD (policy DROP)
target prot opt source destination
state_chk all -- anywhere anywhere
SMTPProxy tcp -- anywhere anywhere tcp dpt:smtp
local_chk all -- anywhere anywhere
ForwardedTCP tcp -- anywhere anywhere tcp flags:FIN,SYN,RST,ACK/SYN
ForwardedUDP udp -- anywhere anywhere
denylog all -- anywhere anywhere
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
PPPconn all -- anywhere anywhere
denylog all -- base-address.mcast.net/4 anywhere
denylog all -- anywhere base-address.mcast.net/4
ACCEPT all -- anywhere anywhere
Chain ForwardedTCP (1 references)
target prot opt source destination
ForwardedTCP_2505 all -- anywhere anywhere
denylog tcp -- anywhere anywhere tcp flags:FIN,SYN,RST,ACK/SYN
Chain ForwardedTCP_2505 (1 references)
target prot opt source destination
Chain ForwardedUDP (1 references)
target prot opt source destination
ForwardedUDP_2505 all -- anywhere anywhere
denylog udp -- anywhere anywhere
Chain ForwardedUDP_2505 (1 references)
target prot opt source destination
Chain InboundICMP (1 references)
target prot opt source destination
InboundICMP_2505 all -- anywhere anywhere
denylog icmp -- anywhere anywhere
Chain InboundICMP_2505 (1 references)
target prot opt source destination
ACCEPT icmp -- anywhere anywhere icmp echo-request
ACCEPT icmp -- anywhere anywhere icmp echo-reply
ACCEPT icmp -- anywhere anywhere icmp destination-unreachable
ACCEPT icmp -- anywhere anywhere icmp source-quench
ACCEPT icmp -- anywhere anywhere icmp time-exceeded
ACCEPT icmp -- anywhere anywhere icmp parameter-problem
denylog all -- anywhere anywhere
Chain InboundTCP (1 references)
target prot opt source destination
InboundTCP_2505 all -- anywhere anywhere
denylog tcp -- anywhere anywhere tcp flags:FIN,SYN,RST,ACK/SYN
Chain InboundTCP_2505 (1 references)
target prot opt source destination
denylog all -- anywhere !sme-test.familybrown.org
REJECT tcp -- anywhere sme-test.familybrown.org tcp dpt:auth reject-with tcp-reset
SSH_Autoblock tcp -- anywhere anywhere tcp dpt:ssh state NEW
ACCEPT tcp -- anywhere sme-test.familybrown.org tcp dpt:http
ACCEPT tcp -- anywhere sme-test.familybrown.org tcp dpt:https
ACCEPT tcp -- anywhere sme-test.familybrown.org tcp dpt:smtp
ACCEPT tcp -- anywhere sme-test.familybrown.org tcp dpt:ssh
ACCEPT tcp -- anywhere sme-test.familybrown.org tcp dpt:smtps
Chain InboundUDP (1 references)
target prot opt source destination
InboundUDP_2505 all -- anywhere anywhere
denylog udp -- anywhere anywhere
Chain InboundUDP_2505 (1 references)
target prot opt source destination
denylog all -- anywhere !sme-test.familybrown.org
ACCEPT udp -- anywhere sme-test.familybrown.org udp dpt:5353
Chain PPPconn (2 references)
target prot opt source destination
PPPconn_1 all -- anywhere anywhere
Chain PPPconn_1 (1 references)
target prot opt source destination
Chain SMTPProxy (1 references)
target prot opt source destination
denylog tcp -- anywhere anywhere tcp dpt:smtp
Chain SSH_Autoblock (1 references)
target prot opt source destination
all -- anywhere anywhere recent: SET name: SSH side: source
denylog all -- anywhere anywhere recent: CHECK seconds: 900 hit_count: 4 TTL-Match name: SSH side: source
Chain denylog (22 references)
target prot opt source destination
DROP udp -- anywhere anywhere udp dpt:router
DROP udp -- anywhere anywhere udp dpts:netbios-ns:netbios-ssn
DROP tcp -- anywhere anywhere tcp dpts:netbios-ns:netbios-ssn
ULOG all -- anywhere anywhere ULOG copy_range 0 nlgroup 1 prefix `denylog:' queue_threshold 1
DROP all -- anywhere anywhere
Chain gre-in (1 references)
target prot opt source destination
denylog all -- anywhere !sme-test.familybrown.org
denylog all -- anywhere anywhere
Chain local_chk (2 references)
target prot opt source destination
local_chk_2505 all -- anywhere anywhere
Chain local_chk_2505 (1 references)
target prot opt source destination
ACCEPT all -- anywhere anywhere
ACCEPT all -- 192.168.1.0/24 anywhere
Chain state_chk (2 references)
target prot opt source destination
ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED