Does Sentinel also work behind a provider router?

I plan to use the Turris directly as a dial-in router soon. At the moment a router from the provider is still connected before the Turris Omnia. This router is doing the dial in to the internet. The Turris therefore uses this router to access the Internet.
I have activated Sentinel and am currently wondering whether Sentinel still works in this constellation or does it only work if the Turris is directly connected to the Internet?

1 Like


I run TurrisOmnia also behind another router and this without any problems.
Sentinel activated, with WiFi and in some days also with a modem too.

Thank you for your message. I was just wondering because I never see anything from Sentinel on my “My Devices” page. No incidents but that’s actually a good thing :slight_smile:

uhm, if you have ‘no incidents’ on all 4 sentinel pots, it is not working me think?
For example, most cable users have a cable modem, but you have to put in ‘bridge mode’ so you let the TO do all the basic firewall work?

1 Like

Sentinel as a distributed firewall works in any network configuration. It just protects the WAN port of Omnia, not caring about what is on the other end (internet, modem, another firewall etc.).

What you’ll (or rather we’ll) lose when you’re not connected directly to the internet is reporting of illegal connection attempts back to the distributed database so that other users could benefit from your reports. It will also be the reason why you see no incidents. Once you’ll get connected directly, the incidents will start appearing.

1 Like

Ok I understand that I will probably never see any incidents even if there are any? My internal network behind the Turris is still protected, but unfortunately my Turris does not report back to the community?

Definitely a reason to connect my Turris directly soon, but unfortunately that will take some time.

You might check if your router provides an option DMZ DMZ (computing) - Wikipedia. Those options can somethimes provide a Exposed Host - which might be something to consider. Be aware of some risks that this might lead to - eg. I would definitly recommend to use an public encrypted DNS.


Ok, but that sounds like a great solution, doesn’t it? So the Turris would be like being directly connected to the Internet?
However, @peci1 said that everything is actually correct in my constellation and the only problem is that nothing is reported back.

Yes, but there are sometimes differences in implementation eg. when your provider uses VOIP this still will be filtered. But try and share what you get. Looking forward to see if this is working for you - after 24 hours might be a good idea to check sentinel.


I haven’t done anything yet and have just checked again. I now actually see exactly one incident from 1.6.2024 at 9 pm from DE. But then everything seems to fit now, doesn’t it?

Actually I don´t think so - do you get a public IP for the ISP router? Can you get in touch with your ISP if they can provide a Bridge Mode on their router?