Difference between revisions of "Omni Turris"

From Klaus' wiki
Jump to: navigation, search
(Created page with "Omni Turris is a firewall appliance running OpenWRT software. I've bought one and it serves as my private firewall. There are a few quirks with the software, which I'll keep...")
 
Line 5: Line 5:
 
There are a few quirks with the software, which I'll keep track of on this page.
 
There are a few quirks with the software, which I'll keep track of on this page.
  
It is my intention to have the firewall to be the pivot for my local networks.
+
It is my intention to have the firewall to be the pivot for my local networks, that is to be the point where I enter local IP addresses to be know in my local networks.
 +
 
 +
I've configured my networks to have three separated networks: One for the LAN, one for the DMZ, and one for appliances like TV-set, etc.
 +
 
 +
==Setting up the switch==
 +
 
 +
Internally in the Turris there is a switch that is used for connecting the different ports.
 +
 
 +
[[File:turris-net.png]]
 +
 
 +
In order to set up the network as described above you'll have to obey the switch.
 +
 
 +
The processor has three interfaces, '''eth1-3'''. '''eth1''' is connected directly to the WAN interface and '''eth0''' and '''eth2''' are connected to the switch on port 5 and 6 on the switch respectively.
 +
 
 +
[[File:Turris Switch.png]]
 +
 
 +
In my case I would like to have three networks - in the figure above named networ 1 through 3.
 +
 
 +
Port 5 (which is name CPU in the figure above, just to make things a little more interesting) I connect to port 0 and 1 - that's the LAN.
 +
 
 +
Port 6 is connected to port 4 and that's the DMZ.
 +
 
 +
This leaves port 2 and 3 open for the appliances network.
 +
 
 +
==Establishing local networks==
 +
 
 +
 
 +
 
  
 
==Local DNS resolution==
 
==Local DNS resolution==

Revision as of 07:51, 11 July 2017

Omni Turris is a firewall appliance running OpenWRT software.

I've bought one and it serves as my private firewall.

There are a few quirks with the software, which I'll keep track of on this page.

It is my intention to have the firewall to be the pivot for my local networks, that is to be the point where I enter local IP addresses to be know in my local networks.

I've configured my networks to have three separated networks: One for the LAN, one for the DMZ, and one for appliances like TV-set, etc.

Setting up the switch

Internally in the Turris there is a switch that is used for connecting the different ports.

Turris-net.png

In order to set up the network as described above you'll have to obey the switch.

The processor has three interfaces, eth1-3. eth1 is connected directly to the WAN interface and eth0 and eth2 are connected to the switch on port 5 and 6 on the switch respectively.

Turris Switch.png

In my case I would like to have three networks - in the figure above named networ 1 through 3.

Port 5 (which is name CPU in the figure above, just to make things a little more interesting) I connect to port 0 and 1 - that's the LAN.

Port 6 is connected to port 4 and that's the DMZ.

This leaves port 2 and 3 open for the appliances network.

Establishing local networks

Local DNS resolution

One thing that annoyed me with the Omni Turris firewall was that it could not resolve local IP addresses.

Over at the Turris forum I found this:

In the fil /etc/init.d/kresd
Add those two lines:
1) in section init_header, after line echo " 'policy'" >> $CONFIGFILE
echo " , 'hints'" >> $CONFIGFILE
2) in section load_uci_config_common, after line set_param_func "cache.clear" ""
set_param_func "hints.config" "'/tmp/hosts/dhcp'"

restart the KNOT service:
/etc/init.d/kresd restart
If you edit /etc/config/dhcp and add anything you want, it will be resolved as well.

The /tmp/host/dhcp is generated on restart of the resolver and now it is used at input for local resolving of hosts.