Is there a plan to add a port forwarding feature? I have NAS inside my network and I need to access it from outside. I am not able to access it while using Turris Shield.
Buy MOX instead and activate Sentinel.
Every chepeast wifi router I have ever met have a port forwarding. I have never thought that such a basic feature might be missing.
Now I have a box, which I cannot use. I am not able to return it because company purchase cannot return the goods (just personal purchase).
No plans to introduce it kn a future firmware versions?
Turris Shield is specific device. Cheap and also many expensive wi-fi routers haven’t adaptive firewall.
does it have advanced administration (LuCi)?
port forwarding should be supported by that
No, LuCI is removed.
so, ssh onto router needed or wait for reforis support for port forwarding
I don’t think these features are desirable for Shield.
Maybe you can re-flash Shield image with TOS 5 image for MOX.
a bit unfortunate. portforwarding support would be nice in all turris versions.
1 Like
But Shield is different product targeted to basic users.
If Shield is literally a Firewall, it would not perform NAT function. Does Shield do NAT? In case there is no NAT then it can’t feature Port Forward (i.e. NAT traversal) as it is a function of NAT. Real Firewall does not have where to perform Port Forwarding. You only need to “open the port”. That is purpose of Firewall.
It does not have anything to do with basic/advanced user targeting.
1 Like
Nice that you’re back!
Shield has 4 LAN ports. It’s designed to be put between router and modem. Without NAT they won’t be usable.
Of course, because module C have four ports and large module E eight. Without new module, you can’t have less ports and it’s also good for future.
You made me have a look on Shield documentation. So, unfortunately, as usually in IT field, there is incorrect wording and consequently misleading of customers.
Turris Shield is not only a firewall, it is router & firewall & switch integrated in one box. As people commonly confuse terms and functions of modem / router / switch / firewall / WIFI Access Point. They can be integrated in one box or independent. It is quite unfortunate people call everything a router and do not distinguish such functions.
Personally I don’t see a point why manufacture such “Shield”. It is only a software variance of MOX. But, it is not my battle…
On https://www.turris.com/en/shield/overview/ they say
connects between your modem and router
… That does not make sense to me. Why would you want to put a router between modem and router? It will bring you double NAT and some more Networking issues. Needless to say, if the Modem provided by you ISP contains router as well, then you have three routers and NATs in row?
By correct LAN design, you would want to get rid of the second router and connect a switch and WIFI AP to Shield LAN ports instead.
By definition, a firewall interconnects two networks and controls incoming and outgoing network traffic based on predetermined security rules. Nothing else. Compare to the Firewall you have in you PC. Does it do NAT and Port Fwd? No way…
Therefore, CZNIC gave it kinda incorrect name and purpose 
1 Like
Correct. It should be recommended to put modem (or isp-provided router) to bridge mode.
I guess the point is that you can protect your home router from internet threats by putting Shield between it and the modem. I don’t know much about todays routers, but we can guess they are often not protected as good as OpenWRT or turris devices, don’t have that many updates, dynamic firewall etc.
my linux firewall can do that 
Yes, better description for Shield would help much.
There is new request for adding port forwarding to turris devices.
Even basic users may need portforwarding time to time.
(re)Foris would be a nice place for this, as it’s easy to use.
1 Like
by the way, isn’t using OpenVPN an option for you?
Good idea, but it is not applicable to me.
I need to backup NAS to NAS from the company NAS to my home NAS. There is no user interaction prior the backup. It would be quite tricky and dangerous to have OpenVPN open all the time between 2 networks just for the backups.
Can you open files in the router, such as using WinSCP? Is there /etc/config/firewall?