this is one of those things that seems like black magic even after I get it working. I installed (with apt-get) pimd, added a couple lines in pimd.conf to keep it from working on my public-facing interface, then added a line to my shorewall rules file like this:
ACCEPT all vpnserver:224.0.0.251 udp 5353
Restart Shorewall, and BAM, i’m set. Thanks, but this could really do with a lot more documentation.