Omni Turris

From Klaus' wiki
Revision as of 08:53, 11 July 2017 by Klaus (Talk | contribs)

Jump to: navigation, search

Omni Turris is a firewall appliance running OpenWRT software.

I've bought one and it serves as my private firewall.

There are a few quirks with the software, which I'll keep track of on this page.

It is my intention to have the firewall to be the pivot for my local networks, that is to be the point where I enter local IP addresses to be know in my local networks.

I've configured my networks to have three separated networks: One for the LAN, one for the DMZ, and one for appliances like TV-set, etc.

Setting up the switch

Internally in the Turris there is a switch that is used for connecting the different ports.


In order to set up the network as described above you'll have to obey the switch.

The processor has three interfaces, eth1-3. eth1 is connected directly to the WAN interface and eth0 and eth2 are connected to the switch on port 5 and 6 on the switch respectively.

Turris Switch.png

In my case I would like to have three networks - in the figure above named networ 1 through 3.

Port 5 (which is name CPU in the figure above, just to make things a little more interesting) I connect to port 0 and 1 - that's the LAN.

Port 6 is connected to port 4 and that's the DMZ.

This leaves port 2 and 3 open for the appliances network.

Establishing local networks

Local DNS resolution

One thing that annoyed me with the Omni Turris firewall was that it could not resolve local IP addresses.

Over at the Turris forum I found this:

In the fil /etc/init.d/kresd
Add those two lines:
1) in section init_header, after line echo " 'policy'" >> $CONFIGFILE
echo " , 'hints'" >> $CONFIGFILE
2) in section load_uci_config_common, after line set_param_func "cache.clear" ""
set_param_func "hints.config" "'/tmp/hosts/dhcp'"

restart the KNOT service:
/etc/init.d/kresd restart

For a reason I've yet have to figure out you have to run this restart every time you add a host to the web interface.

If you edit /etc/config/dhcp and add anything you want, it will be resolved as well.

The /tmp/host/dhcp is generated on restart of the resolver and now it is used at input for local resolving of hosts.