FireBrick 2700 Configuration run-through: Difference between revisions
(→PPPoE) |
(→PPPoE) |
||
| Line 126: | Line 126: | ||
*A modem such as a or Draytek 120 |
*A modem such as a or Draytek 120 |
||
In our default config we already have some PPPoE settings: |
|||
<br> |
|||
<pre><ppp port="LAN4" username="startup_user@startup_domain" password="" comment="Example PPPoE config for DSL/FTTC/FTTP/etc"/> |
|||
== Example XML Configuration (now deprecated, as ppp config now in top level) == |
|||
| ⚫ | |||
| ⚫ | |||
| ⚫ | |||
| ⚫ | |||
</pre> |
</pre> |
||
This is using Ethernet port 4, so plug your modem in to that port. |
|||
Herewe are using the first ethernet port as the one connected to the modem... We had also set up the other 3 ports as the LAN. More details in the FireBrick documentation.<br> |
|||
This line can be changed for your ADSL settings, eg: |
|||
| ⚫ | |||
</pre> |
|||
We've also set the FireBrick to create a graph for this, as well as to log. |
|||
We've changed the port to WAN1, so we also need to change the port config earlier in the file, so change |
|||
| ⚫ | |||
</pre> |
|||
to: |
|||
<pre><port name="WAN1" ports="4"/> |
|||
</pre> |
|||
Our complete config in full now looks like this: |
|||
<pre><?xml version="1.0" encoding="UTF-8"?> |
|||
<config xmlns="http://firebrick.ltd.uk/xml/fb2700/" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://firebrick.ltd.uk/xml/fb2700/ |
|||
http://firebrick.ltd.uk/xml/fb2700/0.00.605.xsd" timestamp="1970-01-01T00:00:07Z"> |
|||
<user name="john" timeout="PT20M" level="DEBUG" password="secret"/> |
|||
<port name="LAN1" ports="1"/> |
|||
<port name="LAN2" ports="2"/> |
|||
<port name="LAN3" ports="3"/> |
|||
<port name="WAN4" ports="4"/> |
|||
| ⚫ | |||
<subnet comment="dhcp client"/> |
|||
<subnet ip="2001:DB8::1/64 10.0.0.1/24" nat="true" comment="Temporary IPs for setup only, delete when finished configuring"/> |
|||
<subnet ip="90.155.1.1/28" comment="LAN"/> |
|||
<dhcp ip="90.155.1.2-12"/> |
|||
| ⚫ | |||
<ppp port="WAN1" username="abc@a.1" password="secret" comment="BT ADSL" graph="BT ADSL" log="true"/> |
|||
<services> |
|||
<ntp timeserver="90.155.53.32 2001:8B0:0:53::5A9B:3520"/> |
|||
<telnet allow="90.155.1.0/28"/> |
|||
<http/> |
|||
</services> |
|||
<rule-set target-interface="LAN1" drop="reject" comment="default |
|||
firewall rule - block incoming"> |
|||
<rule source-interface="self" comment="allow from the FireBrick |
|||
though"/> |
|||
</rule-set> |
|||
</config> |
|||
</pre> |
|||
= Native IPv6 = |
= Native IPv6 = |
||
Revision as of 11:56, 5 Ocak 2011
Here we will build a config file for a FB2700, from scratch, it should help you to build a configuration for your line(s) and help you understand the XML syntax etc.
Overview
We have an ADSL line with the following details:
- Username= abc@a.1 Password=secret
- Routed IP block = 90.155.1.0/28
Default Config
The default configuration (or a fully-loaded FireBrick) looks like this:
<?xml version="1.0" encoding="UTF-8"?> <config xmlns="http://firebrick.ltd.uk/xml/fb2700/" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://firebrick.ltd.uk/xml/fb2700/ http://firebrick.ltd.uk/xml/fb2700/0.00.605.xsd" timestamp="1970-01-01T00:00:07Z"> <port name="LAN1" ports="1"/> <port name="LAN2" ports="2"/> <port name="LAN3" ports="3"/> <port name="LAN4" ports="4"/> <interface port="LAN1"> <subnet comment="dhcp client"/> <subnet ip="2001:DB8::1/64 10.0.0.1/24" nat="true" comment="Temporary IPs for setup only, delete when finished configuring"/> <dhcp ip="10.0.0.100-199"/> </interface> <ppp port="LAN4" username="startup_user@startup_domain" password="" comment="Example PPPoE config for DSL/FTTC/FTTP/etc"/> <services> <ntp/> <telnet comment="Set allow IP list to restrict access"/> <http/> </services> <rule-set target-interface="LAN1" drop="reject" comment="default firewall rule - block incoming"> <rule source-interface="self" comment="allow from the FireBrick though"/> </rule-set> </config>
Which sets up the 4 Ethernet ports as separate LANs, and an IP of 10.0.0.1 (and 2001:DB8::1) with the FireBrick acting DHCP server on the first port. So, connecting a computer to Port 1 should get you a 10.0.0.x IP address, and you can access http://10.0.0.1
Port 4 is set as an example of a PPPoE client, we'll set this up a little later.
Configuring Initial Basic Settings
Set yourself a user with full debug rights, eg:
<user name="john" timeout="PT20M" level="DEBUG" password="secret"/>
Modify the ntp time server to use the AAISP time server:
<ntp timeserver="90.155.53.32 2001:8B0:0:53::5A9B:3520"/>
modify the telnet service to permit only access from your LAN:
<telnet allow="90.155.1.0/28"/>
LAN Subnet
We want to use just Ethernet port 1 on the FireBrick for our LAN, we'll be connecting port 1 to a switch, and all our devices will be plugged in to that switch.
So, first we'll add a new subnet, this can go under the current 10.0.0.1 subnet (which we'll delete later.) And we'll make this a DHCP server:
<subnet ip="90.155.1.1/28" comment="LAN"/> <dhcp ip="90.155.1.2-12"/>
Remove the existing DHCP settings for the 10.0.0.1 interface. The LAN! interface now looks like this:
<interface port="LAN1"> <subnet comment="dhcp client"/> <subnet ip="2001:DB8::1/64 10.0.0.1/24" nat="true" comment="Temporary IPs for setup only, delete when finished configuring"/> <subnet ip="90.155.1.1/28" comment="LAN"/> <dhcp ip="90.155.1.2-12"/> </interface>
Our complete config now looks like this:
<?xml version="1.0" encoding="UTF-8"?> <config xmlns="http://firebrick.ltd.uk/xml/fb2700/" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://firebrick.ltd.uk/xml/fb2700/ http://firebrick.ltd.uk/xml/fb2700/0.00.605.xsd" timestamp="1970-01-01T00:00:07Z"> <user name="john" timeout="PT20M" level="DEBUG" password="secret"/> <port name="LAN1" ports="1"/> <port name="LAN2" ports="2"/> <port name="LAN3" ports="3"/> <port name="LAN4" ports="4"/> <interface port="LAN1"> <subnet comment="dhcp client"/> <subnet ip="2001:DB8::1/64 10.0.0.1/24" nat="true" comment="Temporary IPs for setup only, delete when finished configuring"/> <subnet ip="90.155.1.1/28" comment="LAN"/> <dhcp ip="90.155.1.2-12"/> </interface> <ppp port="LAN4" username="startup_user@startup_domain" password="" comment="Example PPPoE config for DSL/FTTC/FTTP/etc"/> <services> <ntp timeserver="90.155.53.32 2001:8B0:0:53::5A9B:3520"/> <telnet allow="90.155.1.0/28"/> <http/> </services> <rule-set target-interface="LAN1" drop="reject" comment="default firewall rule - block incoming"> <rule source-interface="self" comment="allow from the FireBrick though"/> </rule-set> </config>
At this point we can save the config, there should be no errors.
Our computer should then pick up a new 90.155.1.x IP address, and we can connected back to the FireBrick on http://90.155.1.1
if that works, we can now safely remove the DHCP client subnet and the 10.0.0.1 subnet, so remove the lines:
<subnet comment="dhcp client"/> <subnet ip="2001:DB8::1/64 10.0.0.1/24" nat="true" comment="Temporary IPs for setup only, delete when finished configuring"/>
Save, and re-connect to the web interface.
PPPoE
The FireBrick 2700 supports PPPoE - so you can use it to connect via a modem, eg a:
- FTTC Modem
- A standard issue AAISP ZyXEL P660-D1, in bridge mode
- Another modem set for bridge mode
- A modem such as a or Draytek 120
In our default config we already have some PPPoE settings:
<ppp port="LAN4" username="startup_user@startup_domain" password="" comment="Example PPPoE config for DSL/FTTC/FTTP/etc"/>
This is using Ethernet port 4, so plug your modem in to that port.
This line can be changed for your ADSL settings, eg:
<ppp port="WAN1" username="abc@a.1" password="secret" comment="BT ADSL" graph="BT ADSL" log="true"/>
We've also set the FireBrick to create a graph for this, as well as to log.
We've changed the port to WAN1, so we also need to change the port config earlier in the file, so change
<port name="LAN4" ports="4"/>
to:
<port name="WAN1" ports="4"/>
Our complete config in full now looks like this:
<?xml version="1.0" encoding="UTF-8"?> <config xmlns="http://firebrick.ltd.uk/xml/fb2700/" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://firebrick.ltd.uk/xml/fb2700/ http://firebrick.ltd.uk/xml/fb2700/0.00.605.xsd" timestamp="1970-01-01T00:00:07Z"> <user name="john" timeout="PT20M" level="DEBUG" password="secret"/> <port name="LAN1" ports="1"/> <port name="LAN2" ports="2"/> <port name="LAN3" ports="3"/> <port name="WAN4" ports="4"/> <interface port="LAN1"> <subnet comment="dhcp client"/> <subnet ip="2001:DB8::1/64 10.0.0.1/24" nat="true" comment="Temporary IPs for setup only, delete when finished configuring"/> <subnet ip="90.155.1.1/28" comment="LAN"/> <dhcp ip="90.155.1.2-12"/> </interface> <ppp port="WAN1" username="abc@a.1" password="secret" comment="BT ADSL" graph="BT ADSL" log="true"/> <services> <ntp timeserver="90.155.53.32 2001:8B0:0:53::5A9B:3520"/> <telnet allow="90.155.1.0/28"/> <http/> </services> <rule-set target-interface="LAN1" drop="reject" comment="default firewall rule - block incoming"> <rule source-interface="self" comment="allow from the FireBrick though"/> </rule-set> </config>
Native IPv6
Assuming you have an IPv6 block allocated to your line on Clueless and you're using the FB for PPPoE, then all the FB config needs is:
- An IPv6 address on the LAN subnet
- ra="true" in the subnet
Your computers should then get IPv6 details. test on http://ip.help.me.uk