FireBrick 2700 Configuration run-through: Difference between revisions

[[File:2700-small.png|link=:Category:FireBrick]]

=2500 and 2700=

Here we will build a config file for a FB2700, from scratch, it should help you to build a configuration for your line(s) and help you understand the XML syntax etc. The examples are relevant for ADSL (Be and BT) as well as FTTC/FTTP through AAISP.

We have an AAISP ADSL line with the following details:

The default configuration (of a fully-loaded FireBrick) looks like this:

<?xml version="1.0" encoding="UTF-8"?>

<config xmlns="http://firebrick.ltd.uk/xml/fb2700/" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://firebrick.ltd.uk/xml/fb2700/ http://firebrick.ltd.uk/xml/fb2700/0.00.605.xsd"

<ppp port="LAN4" username="startup_user@startup_domain" password="" comment="Example PPPoE config for DSL/FTTC/FTTP/etc"/>

<services>

<telnet comment="Set allow IP list to restrict access"/>

<http/>

Set yourself a user with full debug rights, e.g.:

<user name="john" timeout="PT20M" level="DEBUG" password="secret"/>

</syntaxhighlight>

To explain the timeout a bit:

Modify the ntp time server to use the AAISP time server:

</syntaxhighlight>

<telnet allow="192.0.2.0/28"/>

</syntaxhighlight>

Set DNS servers and your domain name, under the services (here we're using the AAISP DNS servers:

<dns domain="yourdomain.tld" resolvers="217.169.20.20 217.169.20.21"/>

</syntaxhighlight>

Note: If you are using PPPoE, then you can leave the resolves empty, and the FireBrick will obtain the DNS servers from the ISP.

So, first we'll add a new subnet, this can go under the current 10.0.0.1 subnet (which we'll delete later.)&nbsp;And we'll make this a DHCP server:

<subnet ip="192.0.2.1/28" comment="LAN"/>

<dhcp ip="192.0.2.2-12"/>

Remove the existing DHCP settings for the 10.0.0.1 interface. The LAN1 interface now looks like this:

<interface name="LAN1" port="LAN1">

<subnet comment="dhcp client"/>

Our complete config now looks like this:

<?xml version="1.0" encoding="UTF-8"?>

<config xmlns="http://firebrick.ltd.uk/xml/fb2700/" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://firebrick.ltd.uk/xml/fb2700/ http://firebrick.ltd.uk/xml/fb2700/0.00.605.xsd" timestamp="1970-01-01T00:00:07Z">

<services>

<dns domain="yourdomain.tld" resolvers="217.169.20.20 217.169.20.21"/>

<telnet allow="192.0.2.0/28"/>

<http/>

if that works, we can now safely remove the DHCP client subnet and the&nbsp;10.0.0.1 subnet, so remove the lines:

<subnet comment="dhcp client"/>

<subnet ip="2001:DB8::1/64 10.0.0.1/24" nat="true" comment="Temporary IPs for setup only, delete when finished configuring"/>

= PPPoE =

The [[FireBrick 2700]] supports PPPoE - so you can use it to connect via an xDSL modem, e.g. a:

In our default config, you can see that we already have some PPPoE settings:

<ppp port="LAN4" username="startup_user@startup_domain" password="" comment="Example PPPoE config for DSL/FTTC/FTTP/etc"/>

</syntaxhighlight>

This line can be changed for your ADSL settings, e.g.:

<ppp port="WAN1" username="abc@a.1" password="secret" comment="BT ADSL" graph="BT ADSL" log="true"/>

</syntaxhighlight>

We've changed the port to WAN1, so we also need to change the port config earlier in the file, so change

<port name="LAN4" ports="4"/>

</syntaxhighlight>

to:

<port name="WAN1" ports="4"/>

</syntaxhighlight>

Our complete config in full now looks like this:

<?xml version="1.0" encoding="UTF-8"?>

<config xmlns="http://firebrick.ltd.uk/xml/fb2700/" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://firebrick.ltd.uk/xml/fb2700/ http://firebrick.ltd.uk/xml/fb2700/0.00.605.xsd" timestamp="1970-01-01T00:00:07Z">

<services>

<dns domain="yourdomain.tld" resolvers="217.169.20.20 217.169.20.21"/>

<telnet allow="192.0.2.0/28"/>

<http/>

==1500 MTU?==

Config wise, just add mtu="1500" to the ppp element.

e.g.:

<ppp port="WAN1" username="abc@a.1" password="secret" comment="BT ADSL" graph="BT ADSL" log="true" mtu="1500"/>

</syntaxhighlight>

*VCI: 38

*ADSL modulation type: Multimode

===Bridge Mode on Billion 7800N===

Since that page is more of a referece than a tutorial, it contains no examples. So here's a code snippet from a working config which allows incoming SMTP to your mail server, and IAX2 to an asterisk box as a starting-point:

<rule-set target-interface="LAN1" drop="reject" comment="Default firewall rule - block incoming">

<rule source-interface="self" comment="Allow from the FireBrick though"/>

If you have VoIP phones on your LAN, then here are some example rules to allow SIP and RTP from the AAISP phone servers:

<rule-set name="Incoming Firewall Rules">

</rule-set>

</syntaxhighlight>

You may only want to allow access to the FireBrick webserver from your LAN, do this in the http service, e.g., change the current line to:

<http allow="192.0.2.1/28"/>

</syntaxhighlight>

So, our config will look like this:

<interface name="LAN1" port="LAN1">

<subnet ip="2001:8B0:123:1::1/64" ra="true" comment="[[IPv6]] LAN"/>

Our complete config now looks like:

<?xml version="1.0" encoding="UTF-8"?>

<config xmlns="http://firebrick.ltd.uk/xml/fb2700/" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://firebrick.ltd.uk/xml/fb2700/ http://firebrick.ltd.uk/xml/fb2700/0.00.605.xsd" timestamp="1970-01-01T00:00:07Z">

<services>

<dns domain="yourdomain.tld" resolvers="217.169.20.20 217.169.20.21"/>

<telnet allow="192.0.2.0/28"/>

<http/>

</syntaxhighlight>

There are a couple of different mechanisms available to push out [[IPv6]] DNS servers, and the FB2700 supports both.

In this example, I'm pointing it to a DNS server on 2001:8B0:B7:1::2.

<subnet ip="2001:8B0:123:1::1/64" ra="true" ra-dns="2001:8B0:123:1::2"/>

</syntaxhighlight>

Setting the 'O' flag in the RA, telling the client to do DHCPv6 after auto-configuration, and request 'Other' config data, i.e. DNS.

<subnet ip="2001:8B0:123:1::1/64" ra="true" ra-other="true"/>

</syntaxhighlight>

To enable the 'O' flag AND the mini-DHCPv6, set the ra-other option to 'dhcpv6', and also specify the DNS server address to be doled out in the rd-dns option:

<subnet ip="2001:8B0:123:1::1/64" ra="true" ra-other="dhcpv6" ra-dns="2001:8B0:123:1::2"/>

</syntaxhighlight>

= Next Steps, Bonding a Second Line =

ADSL and FTTC lines can be bonded, typically A&A customers bond a BT and a Be line for greater resilience. Multiple FTTC lines can be bonded together too in the same way.

Set up port 3 to connect to the second modem you have, i.e.:

<ppp port="WAN2" username="abc@a.2" password="secret" comment="BT ADSL" graph="BT ADSL 2" log="true"/>

</syntaxhighlight>

and change the port from:

<port name="LAN3" ports="3"/>

</syntaxhighlight>

to

<port name="WAN2" ports="3"/>

</syntaxhighlight>

e.g.:

<ppp port="WAN1" username="abc@a.1" password="secret" comment="BT ADSL" graph="BT ADSL" log="true" speed="1000000"/>

<ppp port="WAN2" username="abc@a.2" password="secret" comment="BT ADSL" graph="BT ADSL 2" log="true" speed="1000000"/>

Our config now looks like this:

<?xml version="1.0" encoding="UTF-8"?>

<config xmlns="http://firebrick.ltd.uk/xml/fb2700/" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://firebrick.ltd.uk/xml/fb2700/ http://firebrick.ltd.uk/xml/fb2700/0.00.605.xsd" timestamp="1970-01-01T00:00:07Z">

<services>

<dns domain="yourdomain.tld" resolvers="217.169.20.20 217.169.20.21"/>

<telnet allow="192.0.2.0/28"/>

<http/>

If you have an AA data SIM, the FireBrick can configured to use this as a backup connection, by using a 3G dongle plugged into the USB port. Any routed legacy IP blocks will continue to work across this link, but so far [[IPv6]] isn't supported. The FireBrick is known to support the ZTE MF112 Dongle and some Huawei dongles. Others may work too.

The basic config is:

<usb>

</usb>

</syntaxhighlight>

To make use of port 2, we can configure it to be another LAN1 port.

Our current port config is:

<port name="LAN1" ports="1"/>

<port name="LAN2" ports="2"/>

</syntaxhighlight>

We can change this to make port 2 a LAN1 port:

<port name="LAN1" ports="1 2"/>

<port name="WAN2" ports="3"/>

In order to talk to the Modem from the LAN side of the FireBrick, a Subnet on the FireBrick needs to be made. This subnet would be on the WAN Interface, e.g.:

<interface name="WAN" port="WAN1">

<subnet ip="192.168.1.1/24" comment="IP subnet on WAN for router config"/>

The previous config will put the FB on 192.168.1.1, and allow the FB to route IP packets between your LAN subnet and the 192.168.1 subnet. However, at this stage, you may find you are still unable to ping the modem on the WAN port. This is because although packets from your 81.x.x.x address are correctly routed to the modem, the modem itself knows no route back to 81.x.x.x. It know nothing of the FB. So we need to tell it by setting a static route.

You will have configured the IP and Netmask on the 'LAN' tab. But there's no 'Gateway', so we must go to 'Advanced' -&gt; 'Static Routes' tab, and create one. Enter it as follows: IP, Mask = base address of your internal LAN; e.g.: 81.xx.xx.0, 255.255.255.192. The 'Gateway' address is pointing back at the FB, e.g. 192.168.1.1. Check the box to Activate the route, hit the 'Apply' button, and that's it done.

You need to telnet in to the CLI to set the route. The commands to set a route back to 81.x.x.0 via the FB at 192.168.1.1 are: