FireBrick 2700 Configuration run-through: Difference between revisions
No edit summary |
|||
Line 1: | Line 1: | ||
Here we will build a config file for a FB2700, from scratch, it should help you to build a configuration for your line(s) and help you understand the XML syntax etc. |
|||
=PPPoE= |
|||
= Overview = |
|||
We have an ADSL line with the following details: |
|||
*Username= abc@a.1 Password=secret |
|||
*Routed IP block = 90.155.1.0/28 |
|||
= Default Config = |
|||
The default configuration (or a fully-loaded FireBrick) looks like this: |
|||
<pre><?xml version="1.0" encoding="UTF-8"?> |
|||
<config xmlns="http://firebrick.ltd.uk/xml/fb2700/" |
|||
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" |
|||
xsi:schemaLocation="http://firebrick.ltd.uk/xml/fb2700/ |
|||
http://firebrick.ltd.uk/xml/fb2700/0.00.605.xsd" |
|||
timestamp="1970-01-01T00:00:07Z"> |
|||
<port name="LAN1" ports="1"/> |
|||
<port name="LAN2" ports="2"/> |
|||
<port name="LAN3" ports="3"/> |
|||
<port name="LAN4" ports="4"/> |
|||
<interface port="LAN1"> |
|||
<subnet comment="dhcp client"/> |
|||
<subnet ip="2001:DB8::1/64 10.0.0.1/24" nat="true" |
|||
comment="Temporary IPs for setup only, delete when finished configuring"/> |
|||
<dhcp ip="10.0.0.100-199"/> |
|||
</interface> |
|||
<ppp port="LAN4" username="startup_user@startup_domain" password="" |
|||
comment="Example PPPoE config for DSL/FTTC/FTTP/etc"/> |
|||
<services> |
|||
<ntp/> |
|||
<telnet comment="Set allow IP list to restrict access"/> |
|||
<http/> |
|||
</services> |
|||
<rule-set target-interface="LAN1" drop="reject" comment="default |
|||
firewall rule - block incoming"> |
|||
<rule source-interface="self" comment="allow from the FireBrick |
|||
though"/> |
|||
</rule-set> |
|||
</config> |
|||
</pre> |
|||
Which sets up the 4 Ethernet ports as separate LANs, and an IP of 10.0.0.1 (and 2001:DB8::1) with the FireBrick acting DHCP server on the first port. So, connecting a computer to Port 1 should get you a 10.0.0.x IP address, and you can access http://10.0.0.1 |
|||
Port 4 is set as an example of a PPPoE client, we'll set this up a little later. |
|||
= Configuring Initial Basic Settings = |
|||
Set yourself a user with full debug rights, eg: |
|||
<pre><user name="john" timeout="PT20M" level="DEBUG" password="secret"/> |
|||
</pre> |
|||
Modify the ntp time server to use the AAISP time server: |
|||
<pre><ntp timeserver="90.155.53.32 2001:8B0:0:53::5A9B:3520"/> |
|||
</pre> |
|||
modify the telnet service to permit only access from your LAN: |
|||
<pre><telnet allow="90.155.1.0/28"/> |
|||
</pre> |
|||
<br> |
|||
= LAN Subnet = |
|||
We want to use just Ethernet port 1 on the FireBrick for our LAN, we'll be connecting port 1 to a switch, and all our devices will be plugged in to that switch. |
|||
So, first we'll add a new subnet, this can go under the current 10.0.0.1 subnet (which we'll delete later.) And we'll make this a DHCP server: |
|||
<pre><interface name="LAN" port="LAN1"> |
|||
<subnet ip="90.155.1.1/28" comment="LAN"/> |
|||
<dhcp ip="90.155.1.2-12"/> |
|||
</interface> |
|||
</pre> |
|||
Remove the existing DHCP settings for the 10.0.0.1 interface. |
|||
<br> |
|||
Our config now looks like this: |
|||
<pre><?xml version="1.0" encoding="UTF-8"?> |
|||
<config xmlns="http://firebrick.ltd.uk/xml/fb2700/" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://firebrick.ltd.uk/xml/fb2700/ |
|||
http://firebrick.ltd.uk/xml/fb2700/0.00.605.xsd" timestamp="1970-01-01T00:00:07Z"> |
|||
<user name="john" timeout="PT20M" level="DEBUG" password="secret"/> |
|||
<port name="LAN1" ports="1"/> |
|||
<port name="LAN2" ports="2"/> |
|||
<port name="LAN3" ports="3"/> |
|||
<port name="LAN4" ports="4"/> |
|||
<interface port="LAN1"> |
|||
<subnet comment="dhcp client"/> |
|||
<subnet ip="2001:DB8::1/64 10.0.0.1/24" nat="true" |
|||
comment="Temporary IPs for setup only, delete when finished configuring"/> |
|||
</interface> |
|||
<interface name="LAN" port="LAN1"> |
|||
<subnet ip="90.155.1.1/28" comment="LAN"/> |
|||
<dhcp ip="90.155.1.2-12"/> |
|||
</interface> |
|||
<ppp port="LAN4" username="startup_user@startup_domain" password="" |
|||
comment="Example PPPoE config for DSL/FTTC/FTTP/etc"/> |
|||
<services> |
|||
<ntp timeserver="90.155.53.32 2001:8B0:0:53::5A9B:3520"/> |
|||
<telnet allow="90.155.1.0/28"/> |
|||
<http/> |
|||
</services> |
|||
<rule-set target-interface="LAN1" drop="reject" comment="default |
|||
firewall rule - block incoming"> |
|||
<rule source-interface="self" comment="allow from the FireBrick |
|||
though"/> |
|||
</rule-set> |
|||
</config> |
|||
</pre> |
|||
= PPPoE = |
|||
The FireBrick 2700 supports PPPoE - so you can use it to connect via a modem, eg a: |
The FireBrick 2700 supports PPPoE - so you can use it to connect via a modem, eg a: |
||
Line 9: | Line 117: | ||
<br> |
<br> |
||
== Example XML Configuration (now deprecated, as ppp config now in top level) |
== Example XML Configuration (now deprecated, as ppp config now in top level) == |
||
<pre> <port name="PPPoE" ports="1"/> |
<pre> <port name="PPPoE" ports="1"/> |
||
<interface name="PPPoE" port="PPPoE"> |
<interface name="PPPoE" port="PPPoE"> |
||
Line 15: | Line 123: | ||
</interface> |
</interface> |
||
</pre> |
</pre> |
||
Herewe are using the first ethernet port as the one connected to the modem... We had also set up the other 3 ports as the LAN. More details in the FireBrick documentation.<br> |
Herewe are using the first ethernet port as the one connected to the modem... We had also set up the other 3 ports as the LAN. More details in the FireBrick documentation.<br> |
||
= Native IPv6 = |
|||
Assuming you have an IPv6 block allocated to your line on Clueless and you're using the FB for PPPoE, then all the FB config needs is: |
|||
*An IPv6 address on the LAN subnet |
|||
=Native IPv6= |
|||
Assuming you have an IPv6 block allocated to your line on Clueless and you're using the FB for PPPoE, then all the FB config needs is: |
|||
*An IPv6 address on the LAN subnet |
|||
*ra="true" in the subnet |
*ra="true" in the subnet |
||
Your computers should then get IPv6 details. |
Your computers should then get IPv6 details. test on http://ip.help.me.uk |
||
test on http://ip.help.me.uk |
Revision as of 11:37, 5 Ocak 2011
Here we will build a config file for a FB2700, from scratch, it should help you to build a configuration for your line(s) and help you understand the XML syntax etc.
Overview
We have an ADSL line with the following details:
- Username= abc@a.1 Password=secret
- Routed IP block = 90.155.1.0/28
Default Config
The default configuration (or a fully-loaded FireBrick) looks like this:
<?xml version="1.0" encoding="UTF-8"?> <config xmlns="http://firebrick.ltd.uk/xml/fb2700/" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://firebrick.ltd.uk/xml/fb2700/ http://firebrick.ltd.uk/xml/fb2700/0.00.605.xsd" timestamp="1970-01-01T00:00:07Z"> <port name="LAN1" ports="1"/> <port name="LAN2" ports="2"/> <port name="LAN3" ports="3"/> <port name="LAN4" ports="4"/> <interface port="LAN1"> <subnet comment="dhcp client"/> <subnet ip="2001:DB8::1/64 10.0.0.1/24" nat="true" comment="Temporary IPs for setup only, delete when finished configuring"/> <dhcp ip="10.0.0.100-199"/> </interface> <ppp port="LAN4" username="startup_user@startup_domain" password="" comment="Example PPPoE config for DSL/FTTC/FTTP/etc"/> <services> <ntp/> <telnet comment="Set allow IP list to restrict access"/> <http/> </services> <rule-set target-interface="LAN1" drop="reject" comment="default firewall rule - block incoming"> <rule source-interface="self" comment="allow from the FireBrick though"/> </rule-set> </config>
Which sets up the 4 Ethernet ports as separate LANs, and an IP of 10.0.0.1 (and 2001:DB8::1) with the FireBrick acting DHCP server on the first port. So, connecting a computer to Port 1 should get you a 10.0.0.x IP address, and you can access http://10.0.0.1
Port 4 is set as an example of a PPPoE client, we'll set this up a little later.
Configuring Initial Basic Settings
Set yourself a user with full debug rights, eg:
<user name="john" timeout="PT20M" level="DEBUG" password="secret"/>
Modify the ntp time server to use the AAISP time server:
<ntp timeserver="90.155.53.32 2001:8B0:0:53::5A9B:3520"/>
modify the telnet service to permit only access from your LAN:
<telnet allow="90.155.1.0/28"/>
LAN Subnet
We want to use just Ethernet port 1 on the FireBrick for our LAN, we'll be connecting port 1 to a switch, and all our devices will be plugged in to that switch.
So, first we'll add a new subnet, this can go under the current 10.0.0.1 subnet (which we'll delete later.) And we'll make this a DHCP server:
<interface name="LAN" port="LAN1"> <subnet ip="90.155.1.1/28" comment="LAN"/> <dhcp ip="90.155.1.2-12"/> </interface>
Remove the existing DHCP settings for the 10.0.0.1 interface.
Our config now looks like this:
<?xml version="1.0" encoding="UTF-8"?> <config xmlns="http://firebrick.ltd.uk/xml/fb2700/" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://firebrick.ltd.uk/xml/fb2700/ http://firebrick.ltd.uk/xml/fb2700/0.00.605.xsd" timestamp="1970-01-01T00:00:07Z"> <user name="john" timeout="PT20M" level="DEBUG" password="secret"/> <port name="LAN1" ports="1"/> <port name="LAN2" ports="2"/> <port name="LAN3" ports="3"/> <port name="LAN4" ports="4"/> <interface port="LAN1"> <subnet comment="dhcp client"/> <subnet ip="2001:DB8::1/64 10.0.0.1/24" nat="true" comment="Temporary IPs for setup only, delete when finished configuring"/> </interface> <interface name="LAN" port="LAN1"> <subnet ip="90.155.1.1/28" comment="LAN"/> <dhcp ip="90.155.1.2-12"/> </interface> <ppp port="LAN4" username="startup_user@startup_domain" password="" comment="Example PPPoE config for DSL/FTTC/FTTP/etc"/> <services> <ntp timeserver="90.155.53.32 2001:8B0:0:53::5A9B:3520"/> <telnet allow="90.155.1.0/28"/> <http/> </services> <rule-set target-interface="LAN1" drop="reject" comment="default firewall rule - block incoming"> <rule source-interface="self" comment="allow from the FireBrick though"/> </rule-set> </config>
PPPoE
The FireBrick 2700 supports PPPoE - so you can use it to connect via a modem, eg a:
- FTTC Modem
- A standard issue AAISP ZyXEL P660-D1, in bridge mode
- Another modem set for bridge mode
- A modem such as a TP-Line or Draytek
Example XML Configuration (now deprecated, as ppp config now in top level)
<port name="PPPoE" ports="1"/> <interface name="PPPoE" port="PPPoE"> <ppp username="abc@a.1" password="secret" mtu="1492" graph="AAISP ADSL"/> </interface>
Herewe are using the first ethernet port as the one connected to the modem... We had also set up the other 3 ports as the LAN. More details in the FireBrick documentation.
Native IPv6
Assuming you have an IPv6 block allocated to your line on Clueless and you're using the FB for PPPoE, then all the FB config needs is:
- An IPv6 address on the LAN subnet
- ra="true" in the subnet
Your computers should then get IPv6 details. test on http://ip.help.me.uk