Hi Experts,
I am new with the Turris and Firewalling topics.
I would like to handle to topics and need some guidance and help from you experts.
- have have a network segmentation
-
ISP to ISP Router: 192.168.1.1
No WIFI beside Guest-Wifi (no access to internal lan) -
Turris to ISP Router: Turris has 192.168.2.1
All my internal systems like server, NAS and Wifi are hosted here
Here I want to block any connection from WAN to LAN (works so fine)
Only 1 client can access from WAN to LAN (NAS) (works also fine)
But, i do not understand Firewall Zones? Currently I have WAN to LAN open. This is not so good i guess.
What is zoning for, what is Masquerading (is that NAT-ing?) and how should i config it at the best?
- For Example: I have a Smart TV (IP for ex. 192.168.2.20) behind the turris. Now i would like to block everything, but whitelist youtube for exampe.
URL handling is not able with turris so i read. A solution is to run Pi-Hole in a container with LXC.
But how do i do this and how do i install pi-hole? (so step by step guide)
I have activated LXC in Turris and i see at the admin console the LXC Service. I choose “create container” with Ubuntu Bionic. On the DHCP Screen i see LXC-Name with IP 192.168.2.115
a) is the container the right on or should i use another distri?
b) how do i access to the container? via ssh on the IP 2.115 i do not get a connection
c) how can i change the IP to a static one?
//EDIT: Now i could access to the container using SSH on Turris and then using LXC-attach
BUT: I couldnt install PiHole: the installer said unsupported OS
AND: I was not able to ssh on the container. I changed the IP on a static on and install openssh-server.
Using Putty the SSH prompt come up, but login as root doesnt work. password was not accepted
Would be great if someone can help
best regards OrgImp