Omni Turris is a firewall appliance running OpenWRT software.
I've bought one and it serves as my private firewall.
There are a few quirks with the software, which I'll keep track of on this page.
It is my intention to have the firewall to be the pivot for my local networks, that is to be the point where I enter local IP addresses to be know in my local networks.
I've configured my networks to have three separated networks: One for the LAN, one for the DMZ, and one for appliances like TV-set, etc.
Setting up the switch
Internally in the Turris there is a switch that is used for connecting the different ports.
In order to set up the network as described above you'll have to obey the switch.
The processor has three interfaces, eth1-3. eth1 is connected directly to the WAN interface and eth0 and eth2 are connected to the switch on port 5 and 6 on the switch respectively.
In my case I would like to have three networks - in the figure above named networ 1 through 3.
Port 5 (which is name CPU in the figure above, just to make things a little more interesting) I connect to port 0 and 1 - that's the LAN.
Port 6 is connected to port 4 and that's the DMZ.
This leaves port 2 and 3 open for the appliances network.
Establishing local networks
Local DNS resolution
One thing that annoyed me with the Omni Turris firewall was that it could not resolve local IP addresses.
Over at the Turris forum I found this:
edit (create) /etc/kresd/hints as hosts file (IP-ADDRESS HOST.DOMAIN eg. 127.0.0.1 localhost). Do not forget empty line in the end! in file /etc/config/resolver into block: config resolver 'kresd' add: list hostname_config '/etc/kresd/hints' restart resolver: /etc/init.d/resolver restart