FireBrick 2700 Configuration run-through: Difference between revisions

[[File:2700-small.png|link=:Category:FireBrick]]

*Our main [[:Category:FireBrick|FireBrick]] wiki page

Here we will build a config file for a FB2700, from scratch, it should help you to build a configuration for your line(s) and help you understand the XML syntax etc. The examples are relevant for ADSL (Be and BT) as well as FTTC/FTTP through AAISP.

We have an AAISP ADSL line with the following details:

<ppp port="LAN4" username="startup_user@startup_domain" password="" comment="Example PPPoE config for DSL/FTTC/FTTP/etc"/>

<services>

<telnet comment="Set allow IP list to restrict access"/>

<http/>

Set yourself a user with full debug rights, e.g.:

<user name="john" timeout="PT20M" level="DEBUG" password="secret"/>

</syntaxhighlight>

To explain the timeout a bit:

Modify the ntp time server to use the AAISP time server:

</syntaxhighlight>

<telnet allow="192.0.2.0/28"/>

</syntaxhighlight>

Set DNS servers and your domain name, under the services (here we're using the AAISP DNS servers:

<dns domain="yourdomain.tld" resolvers="217.169.20.20 217.169.20.21"/>

</syntaxhighlight>

Note: If you are using PPPoE, then you can leave the resolves empty, and the FireBrick will obtain the DNS servers from the ISP.

So, first we'll add a new subnet, this can go under the current 10.0.0.1 subnet (which we'll delete later.)&nbsp;And we'll make this a DHCP server:

<subnet ip="192.0.2.1/28" comment="LAN"/>

<dhcp ip="192.0.2.2-12"/>

Remove the existing DHCP settings for the 10.0.0.1 interface. The LAN1 interface now looks like this:

<interface name="LAN1" port="LAN1">

<subnet comment="dhcp client"/>

Our complete config now looks like this:

<?xml version="1.0" encoding="UTF-8"?>

<config xmlns="http://firebrick.ltd.uk/xml/fb2700/" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://firebrick.ltd.uk/xml/fb2700/ http://firebrick.ltd.uk/xml/fb2700/0.00.605.xsd" timestamp="1970-01-01T00:00:07Z">

<services>

<dns domain="yourdomain.tld" resolvers="217.169.20.20 217.169.20.21"/>

<telnet allow="192.0.2.0/28"/>

<http/>

if that works, we can now safely remove the DHCP client subnet and the&nbsp;10.0.0.1 subnet, so remove the lines:

<subnet comment="dhcp client"/>

<subnet ip="2001:DB8::1/64 10.0.0.1/24" nat="true" comment="Temporary IPs for setup only, delete when finished configuring"/>

= PPPoE =

The [[FireBrick 2700]] supports PPPoE - so you can use it to connect via an xDSL modem, e.g. a:

In our default config, you can see that we already have some PPPoE settings:

<ppp port="LAN4" username="startup_user@startup_domain" password="" comment="Example PPPoE config for DSL/FTTC/FTTP/etc"/>

</syntaxhighlight>

This line can be changed for your ADSL settings, e.g.:

<ppp port="WAN1" username="abc@a.1" password="secret" comment="BT ADSL" graph="BT ADSL" log="true"/>

</syntaxhighlight>

We've changed the port to WAN1, so we also need to change the port config earlier in the file, so change

<port name="LAN4" ports="4"/>

</syntaxhighlight>

to:

<port name="WAN1" ports="4"/>

</syntaxhighlight>

Our complete config in full now looks like this:

<?xml version="1.0" encoding="UTF-8"?>

<config xmlns="http://firebrick.ltd.uk/xml/fb2700/" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://firebrick.ltd.uk/xml/fb2700/ http://firebrick.ltd.uk/xml/fb2700/0.00.605.xsd" timestamp="1970-01-01T00:00:07Z">

<services>

<dns domain="yourdomain.tld" resolvers="217.169.20.20 217.169.20.21"/>

<telnet allow="192.0.2.0/28"/>

<http/>

==1500 MTU?==

Config wise, just add mtu="1500" to the ppp element.

e.g.:

<ppp port="WAN1" username="abc@a.1" password="secret" comment="BT ADSL" graph="BT ADSL" log="true" mtu="1500"/>

</syntaxhighlight>

Since that page is more of a referece than a tutorial, it contains no examples. So here's a code snippet from a working config which allows incoming SMTP to your mail server, and IAX2 to an asterisk box as a starting-point:

<rule-set target-interface="LAN1" drop="reject" comment="Default firewall rule - block incoming">

<rule source-interface="self" comment="Allow from the FireBrick though"/>

If you have VoIP phones on your LAN, then here are some example rules to allow SIP and RTP from the AAISP phone servers:

<rule-set name="Incoming Firewall Rules">

</rule-set>

</syntaxhighlight>

You may only want to allow access to the FireBrick webserver from your LAN, do this in the http service, e.g., change the current line to:

<http allow="192.0.2.1/28"/>

</syntaxhighlight>

So, our config will look like this:

<interface name="LAN1" port="LAN1">

<subnet ip="2001:8B0:123:1::1/64" ra="true" comment="[[IPv6]] LAN"/>

Our complete config now looks like:

<?xml version="1.0" encoding="UTF-8"?>

<config xmlns="http://firebrick.ltd.uk/xml/fb2700/" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://firebrick.ltd.uk/xml/fb2700/ http://firebrick.ltd.uk/xml/fb2700/0.00.605.xsd" timestamp="1970-01-01T00:00:07Z">

<services>

<dns domain="yourdomain.tld" resolvers="217.169.20.20 217.169.20.21"/>

<telnet allow="192.0.2.0/28"/>

<http/>

</syntaxhighlight>

There are a couple of different mechanisms available to push out [[IPv6]] DNS servers, and the FB2700 supports both.

In this example, I'm pointing it to a DNS server on 2001:8B0:B7:1::2.

<subnet ip="2001:8B0:123:1::1/64" ra="true" ra-dns="2001:8B0:123:1::2"/>

</syntaxhighlight>

Setting the 'O' flag in the RA, telling the client to do DHCPv6 after auto-configuration, and request 'Other' config data, i.e. DNS.

<subnet ip="2001:8B0:123:1::1/64" ra="true" ra-other="true"/>

</syntaxhighlight>

To enable the 'O' flag AND the mini-DHCPv6, set the ra-other option to 'dhcpv6', and also specify the DNS server address to be doled out in the rd-dns option:

<subnet ip="2001:8B0:123:1::1/64" ra="true" ra-other="dhcpv6" ra-dns="2001:8B0:123:1::2"/>

</syntaxhighlight>

= Next Steps, Bonding a Second Line =

ADSL and FTTC lines can be bonded, typically A&A customers bond a BT and a Be line for greater resilience. Multiple FTTC lines can be bonded together too in the same way.

Set up port 3 to connect to the second modem you have, i.e.:

<ppp port="WAN2" username="abc@a.2" password="secret" comment="BT ADSL" graph="BT ADSL 2" log="true"/>

</syntaxhighlight>

and change the port from:

<port name="LAN3" ports="3"/>

</syntaxhighlight>

to

<port name="WAN2" ports="3"/>

</syntaxhighlight>

e.g.:

<ppp port="WAN1" username="abc@a.1" password="secret" comment="BT ADSL" graph="BT ADSL" log="true" speed="1000000"/>

<ppp port="WAN2" username="abc@a.2" password="secret" comment="BT ADSL" graph="BT ADSL 2" log="true" speed="1000000"/>

Our config now looks like this:

<?xml version="1.0" encoding="UTF-8"?>

<config xmlns="http://firebrick.ltd.uk/xml/fb2700/" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://firebrick.ltd.uk/xml/fb2700/ http://firebrick.ltd.uk/xml/fb2700/0.00.605.xsd" timestamp="1970-01-01T00:00:07Z">

<services>

<dns domain="yourdomain.tld" resolvers="217.169.20.20 217.169.20.21"/>

<telnet allow="192.0.2.0/28"/>

<http/>

If you have an AA data SIM, the FireBrick can configured to use this as a backup connection, by using a 3G dongle plugged into the USB port. Any routed legacy IP blocks will continue to work across this link, but so far [[IPv6]] isn't supported. The FireBrick is known to support the ZTE MF112 Dongle and some Huawei dongles. Others may work too.

The basic config is:

<usb>

</usb>

</syntaxhighlight>

To make use of port 2, we can configure it to be another LAN1 port.

Our current port config is:

<port name="LAN1" ports="1"/>

<port name="LAN2" ports="2"/>

</syntaxhighlight>

We can change this to make port 2 a LAN1 port:

<port name="LAN1" ports="1 2"/>

<port name="WAN2" ports="3"/>

In order to talk to the Modem from the LAN side of the FireBrick, a Subnet on the FireBrick needs to be made. This subnet would be on the WAN Interface, e.g.:

<interface name="WAN" port="WAN1">

<subnet ip="192.168.1.1/24" comment="IP subnet on WAN for router config"/>