Jump to content

This is the support site for Andrews & Arnold Ltd, a UK Internet provider. Information on these pages is generally for our customers but may be useful to others, enjoy!

FireBrick 2700 Configuration run-through: Difference between revisions

FireBrick 2700 Configuration run-through (view source)

Revision as of 20:12, 1 October 2013

186 bytes added ,  1 October 2013
→‎For a BT or TT Line ( which will do PPPoA or PPPoE ):
*Username= abc@a.1 Password=secret
*Routed IP block = 192.0.2.0/28
(Later in the page, we'll be adding an [[IPv6]] block, and [[bonding]] with a second line)
(192.0.2.0/28 is used in this example as the 192.9.2 block is a special block reserved for documentation (RFC 5737). We will also use the v6 documentation prefixes 2001:DB8:: (RFC 3849))
 
</syntaxhighlight>
 
Which sets up the 4 [[Ethernet]] ports as separate LANs, and an IP of 10.0.0.1 (and 2001:DB8::1)&nbsp;with the FireBrick acting DHCP server on the first port. So, connecting a computer to Port 1 should get you a 10.0.0.x IP address, and you can access http://10.0.0.1 . Port 1 is also a DHCP client, so it will try to get an IP from your DHCP server, if you have one. -Check your DHCP server logs for what IP is allocated.
 
Port 4 is set as an example of a PPPoE client, (ie to be plugged in to a [[ADSL modem]]/FTTC/FTTP modem etc) we'll set this up a little later.
 
= Configuring Initial Basic Settings =
= LAN Subnet =
 
We want to use just [[Ethernet]] port 1 on the FireBrick for our LAN, we'll be connecting port 1 to a switch, and all our devices will be plugged in to that switch.
 
So, first we'll add a new subnet, this can go under the current 10.0.0.1 subnet (which we'll delete later.)&nbsp;And we'll make this a DHCP server:
More info on&nbsp;http://www.firebrick.co.uk/fb2700/pppoe.php
 
The [[FireBrick 2700]] supports PPPoE - so you can use it to connect via an xDSL modem, eg a:
 
*A BT supplied&nbsp;FTTC/FTTP Modem
*A standard issue AAISP ZyXEL P660-D1, in bridge mode (Go to: Wan - Wan setup, mode Bridge, Encapsulation RFC1483, Multiplex LLC)
*Another [[ADSL Router|ADSL router]] set for bridge mode
*A modem such as a Draytek [[Vigor_120]] (firmware 3.2.4.3 and above)
 
<ppp port="LAN4" username="startup_user@startup_domain" password="" comment="Example PPPoE config for DSL/FTTC/FTTP/etc"/>
</syntaxhighlight>
This is using [[Ethernet]] port 4, so plug your modem in to that port.
 
This line can be changed for your ADSL settings, eg:
 
==ZyXEL P660R-D1 Notes==
(These notes will be similar for any type of [[ADSL Router|ADSL router]] in Bridge mode, or ADSL modems.)
 
The P660R-D1 also supports a hybrid [http://www.zyxel.co.uk/web/support_faq_detail.php?faqID=136&pid=20040812093058 Half Bridge mode]; the PPP session is terminated on the modem but its internal NAT is disabled and the WAN IP is assigned to the firewall / router connected to its [[ethernet]] port via short DHCP lease. This configuration may suffice for some simpler setups, the advantage being the modem can be used with a PPPoA setup (e.g. Opal / Tiscali Business LLU). The modem remains accessible on its default LAN IP address.
 
When setting up the ZyXEL to work with the FireBrick, set the WAN settings to be:
 
===For a BT or TT Line ( which will do PPPoA or PPPoE ):===
*Name: AAISP (But can be anything)
*Mode: Bridge
*Encapsulation: RFC 1483
*Multiplexing: LLC (VC may work on BT 20cn, but stick with LLC)
*VPI: 0
*VCI: 38
= Native IPv6 =
 
Assuming you have an [[IPv6]] block allocated to your line on Clueless and you're using the FB for PPPoE, then all the FB config needs is:
 
*An [[IPv6]] address on the LAN subnet
*ra="true" in the subnet
 
Your computers should then get [[IPv6]] details. test on http://ip.help.me.uk.
 
If you previously had your [[IPv6]] allocation routed over a Protocol 41 tunnel to a tunnel end-point machine on your LAN, you now need to remove that on clueless to allow native [[IPv6]] to the FB. Log in to clueless and simply clear the IPv4 endpoint address, and save the changes. You then need to drop the connection to AAISP, and re-connect, for the routing change to take effect. Also remember to shut down your LAN tunnel endpoint, so it's not still announcing routes it can't honour any more.
 
If you still need to use Tunnelled [[IPv6]], rather than Native, see this page: *[[FireBrick 2700 v6 Tunnel]]
 
So, our config will look like this:
<syntaxhighlight>
<interface name="LAN1" port="LAN1">
<subnet ip="2001:8B0:123:1::1/64" ra="true" comment="[[IPv6]] LAN"/>
...
</interface>
<port name="WAN1" ports="4"/>
<interface name="LAN1" port="LAN1">
<subnet ip="2001:8B0:123:1::1/64" ra="true" comment="[[IPv6]] LAN"/>
<subnet ip="192.0.2.1/28" comment="LAN"/>
<dhcp ip="192.0.2.2-12"/>
( since release V0.02.039 )
 
Setting 'ra=true' will enable auto-configuration of [[IPv6]] addresses, and of the Default Route.
You may also wish to configure [[IPv6]] DNS servers ( DNS servers that are to be queried over [[IPv6]] ).
 
There are a couple of different mechanisms available to push out [[IPv6]] DNS servers, and the FB2700 supports both.
Be sure your DNS server actually responds on it's [[IPv6]] address!
 
The first method is to have the FB include the DNS server addresses as a new option( RDNSS ) in the Router Announcements. ( RFC6106 ).
RFC6106 aware clients are, however, somewhat thin on the ground at the moment.
To enable this, set the 'ra-dns' option to point to your [[IPv6]] Recursive DNS Server.
In this example, I'm pointing it to a DNS server on 2001:8B0:B7:1::2.
 
Note:
It's not always clear on the win boxes whether this worked.
On a Vista box, the command 'ipconfig /all' will show both IPv4 and [[IPv6]] DNS servers configured.
Win7 seems lame, and only reports IPv4.
To show the [[IPv6]] DNS servers, you need to use the command 'netsh interface [[IPv6|ipv6]] show dns'.
 
= Next Steps, Bonding a Second Line =
== Bond the PPPoE: ==
 
''[[Bonding]] on a 2700 requires the [[Bonding]] capability - found on the Fully-Loaded and [[Bonding]] variants.''
 
Simply setting speed=x in the ppp config will bond the PPPoE for uplink.
<port name="WAN1" ports="4"/>
<interface name="LAN1" port="LAN1">
<subnet ip="2001:8B0:123:1::1/64" ra="true" ra-other="dhcpv6" ra-dns="2001:8B0:123:1::2" comment="[[IPv6]] LAN"/>
<subnet ip="192.0.2.1/28" comment="LAN"/>
<dhcp ip="192.0.2.2-12"/>
 
= Setting up 3G Fallback =
If you have an AA data SIM, the FireBrick can configured to use this as a backup connection, by using a 3G dongle plugged into the USB port. Any routed legacy IP blocks will continue to work across this link, but so far [[IPv6]] isn't supported. The FireBrick is known to support the ZTE MF112 Dongle and some Huawei dongles. Others may work too.
The basic config is:
<syntaxhighlight>
== Accessing the Modem ==
 
The modem, or [[ADSL Router|ADSL router]] in bridge mode, will also have a LAN IP that you can use to get to it's config pages etc. eg, the ZyXEL P660-R will still have a LAN setting, with an IP set. For the purpose of this example, let's assume the modem is on 192.168.1.2 mask 255.255.255.0.
 
In order to talk to the Modem from the LAN side of the FireBrick, a Subnet on the FireBrick needs to be made. This subnet would be on the WAN Interface, eg:
You will have configured the IP and Netmask on the 'LAN' tab. But there's no 'Gateway', so we must go to 'Advanced' -&gt; 'Static Routes' tab, and create one. Enter it as follows: IP, Mask = base address of your internal LAN; eg: 81.xx.xx.0, 255.255.255.192. The 'Gateway' address is pointing back at the FB, eg 192.168.1.1. Check the box to Activate the route, hit the 'Apply' button, and that's it done.
 
[[Vigor 120]]:
 
You need to telnet in to the CLI to set the route. The commands to set a route back to 81.x.x.0 via the FB at 192.168.1.1 are:
Feanor
49

edits

Retrieved from ‘http://support.aa.net.uk/Special:MobileDiff/4704