Jump to content

This is the support site for Andrews & Arnold Ltd, a UK Internet provider. Information on these pages is generally for our customers but may be useful to others, enjoy!

FireBrick 2700 Configuration run-through: Difference between revisions

FireBrick 2700 Configuration run-through (view source)

Revision as of 02:46, 13 February 2017

280 bytes added ,  13 February 2017
lots of lang=xml
(lots of lang=xml)
<tabs>
<tab name="XML">
<syntaxhighlight lang=xml>
<user name="john" timeout="PT20M" level="DEBUG" password="secret"/>
</syntaxhighlight>
 
Modify the ntp time server to use the AAISP time server:
<syntaxhighlight lang=xml>
<ntp timeserver="time.aaisp.net.uk"/>
</syntaxhighlight>
modify the telnet service to permit only access from your LAN:
<syntaxhighlight lang=xml>
<telnet allow="192.0.2.0/28"/>
</syntaxhighlight>
Set DNS servers and your domain name, under the services (here we're using the AAISP DNS servers:
<syntaxhighlight lang=xml>
<dns domain="yourdomain.tld" resolvers="217.169.20.20 217.169.20.21"/>
</syntaxhighlight>
 
So, first we'll add a new subnet, this can go under the current 10.0.0.1 subnet (which we'll delete later.)&nbsp;And we'll make this a DHCP server:
<syntaxhighlight lang=xml>
<subnet ip="192.0.2.1/28" comment="LAN"/>
<dhcp ip="192.0.2.2-12"/>
Remove the existing DHCP settings for the 10.0.0.1 interface. The LAN1 interface now looks like this:
 
<syntaxhighlight lang=xml>
<interface name="LAN1" port="LAN1">
<subnet comment="dhcp client"/>
Our complete config now looks like this:
 
<syntaxhighlight lang=xml>
<?xml version="1.0" encoding="UTF-8"?>
<config xmlns="http://firebrick.ltd.uk/xml/fb2700/" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://firebrick.ltd.uk/xml/fb2700/ http://firebrick.ltd.uk/xml/fb2700/0.00.605.xsd" timestamp="1970-01-01T00:00:07Z">
 
if that works, we can now safely remove the DHCP client subnet and the&nbsp;10.0.0.1 subnet, so remove the lines:
<syntaxhighlight lang=xml>
<subnet comment="dhcp client"/>
<subnet ip="2001:DB8::1/64 10.0.0.1/24" nat="true" comment="Temporary IPs for setup only, delete when finished configuring"/>
 
In our default config, you can see that we already have some PPPoE settings:
<syntaxhighlight lang=xml>
<ppp port="LAN4" username="startup_user@startup_domain" password="" comment="Example PPPoE config for DSL/FTTC/FTTP/etc"/>
</syntaxhighlight>
 
This line can be changed for your ADSL settings, e.g.:
<syntaxhighlight lang=xml>
<ppp port="WAN1" username="abc@a.1" password="secret" comment="BT ADSL" graph="BT ADSL" log="true"/>
</syntaxhighlight>
 
We've changed the port to WAN1, so we also need to change the port config earlier in the file, so change
<syntaxhighlight lang=xml>
<port name="LAN4" ports="4"/>
</syntaxhighlight>
to:
<syntaxhighlight lang=xml>
<port name="WAN1" ports="4"/>
</syntaxhighlight>
 
Our complete config in full now looks like this:
<syntaxhighlight lang=xml>
<?xml version="1.0" encoding="UTF-8"?>
<config xmlns="http://firebrick.ltd.uk/xml/fb2700/" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://firebrick.ltd.uk/xml/fb2700/ http://firebrick.ltd.uk/xml/fb2700/0.00.605.xsd" timestamp="1970-01-01T00:00:07Z">
Config wise, just add mtu="1500" to the ppp element.
e.g.:
<syntaxhighlight lang=xml>
<ppp port="WAN1" username="abc@a.1" password="secret" comment="BT ADSL" graph="BT ADSL" log="true" mtu="1500"/>
</syntaxhighlight>
Since that page is more of a referece than a tutorial, it contains no examples. So here's a code snippet from a working config which allows incoming SMTP to your mail server, and IAX2 to an asterisk box as a starting-point:
 
<syntaxhighlight lang=xml>
<rule-set target-interface="LAN1" drop="reject" comment="Default firewall rule - block incoming">
<rule source-interface="self" comment="Allow from the FireBrick though"/>
 
If you have VoIP phones on your LAN, then here are some example rules to allow SIP and RTP from the AAISP phone servers:
<syntaxhighlight lang=xml>
<rule-set name="Incoming Firewall Rules">
<rule name="SIP" source-ip="81.187.30.110-119" target-ip="192.0.2.0/28" target-port="5060-5069"/>
 
You may only want to allow access to the FireBrick webserver from your LAN, do this in the http service, e.g., change the current line to:
<syntaxhighlight lang=xml>
<http allow="192.0.2.1/28"/>
</syntaxhighlight>
 
So, our config will look like this:
<syntaxhighlight lang=xml>
<interface name="LAN1" port="LAN1">
<subnet ip="2001:8B0:123:1::1/64" ra="true" comment="[[IPv6]] LAN"/>
Our complete config now looks like:
 
<syntaxhighlight lang=xml>
<?xml version="1.0" encoding="UTF-8"?>
<config xmlns="http://firebrick.ltd.uk/xml/fb2700/" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://firebrick.ltd.uk/xml/fb2700/ http://firebrick.ltd.uk/xml/fb2700/0.00.605.xsd" timestamp="1970-01-01T00:00:07Z">
In this example, I'm pointing it to a DNS server on 2001:8B0:B7:1::2.
 
<syntaxhighlight lang=xml>
<subnet ip="2001:8B0:123:1::1/64" ra="true" ra-dns="2001:8B0:123:1::2"/>
</syntaxhighlight>
Setting the 'O' flag in the RA, telling the client to do DHCPv6 after auto-configuration, and request 'Other' config data, i.e. DNS.
 
<syntaxhighlight lang=xml>
<subnet ip="2001:8B0:123:1::1/64" ra="true" ra-other="true"/>
</syntaxhighlight>
To enable the 'O' flag AND the mini-DHCPv6, set the ra-other option to 'dhcpv6', and also specify the DNS server address to be doled out in the rd-dns option:
 
<syntaxhighlight lang=xml>
<subnet ip="2001:8B0:123:1::1/64" ra="true" ra-other="dhcpv6" ra-dns="2001:8B0:123:1::2"/>
</syntaxhighlight>
 
Set up port 3 to connect to the second modem you have, i.e.:
<syntaxhighlight lang=xml>
<ppp port="WAN2" username="abc@a.2" password="secret" comment="BT ADSL" graph="BT ADSL 2" log="true"/>
</syntaxhighlight>
and change the port from:
<syntaxhighlight lang=xml>
<port name="LAN3" ports="3"/>
</syntaxhighlight>
to
<syntaxhighlight lang=xml>
<port name="WAN2" ports="3"/>
</syntaxhighlight>
 
e.g.:
<syntaxhighlight lang=xml>
<ppp port="WAN1" username="abc@a.1" password="secret" comment="BT ADSL" graph="BT ADSL" log="true" speed="1000000"/>
<ppp port="WAN2" username="abc@a.2" password="secret" comment="BT ADSL" graph="BT ADSL 2" log="true" speed="1000000"/>
Our config now looks like this:
 
<syntaxhighlight lang=xml>
<?xml version="1.0" encoding="UTF-8"?>
<config xmlns="http://firebrick.ltd.uk/xml/fb2700/" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://firebrick.ltd.uk/xml/fb2700/ http://firebrick.ltd.uk/xml/fb2700/0.00.605.xsd" timestamp="1970-01-01T00:00:07Z">
If you have an AA data SIM, the FireBrick can configured to use this as a backup connection, by using a 3G dongle plugged into the USB port. Any routed legacy IP blocks will continue to work across this link, but so far [[IPv6]] isn't supported. The FireBrick is known to support the ZTE MF112 Dongle and some Huawei dongles. Others may work too.
The basic config is:
<syntaxhighlight lang=xml>
<usb>
<dongle username="startup_user@startup_domain" password=""/>
To make use of port 2, we can configure it to be another LAN1 port.
Our current port config is:
<syntaxhighlight lang=xml>
<port name="LAN1" ports="1"/>
<port name="LAN2" ports="2"/>
</syntaxhighlight>
We can change this to make port 2 a LAN1 port:
<syntaxhighlight lang=xml>
<port name="LAN1" ports="1 2"/>
<port name="WAN2" ports="3"/>
In order to talk to the Modem from the LAN side of the FireBrick, a Subnet on the FireBrick needs to be made. This subnet would be on the WAN Interface, e.g.:
 
<syntaxhighlight lang=xml>
<interface name="WAN" port="WAN1">
<subnet ip="192.168.1.1/24" comment="IP subnet on WAN for router config"/>
Reedy
editor
698

edits

Retrieved from ‘http://support.aa.net.uk/Special:MobileDiff/11850