FireBrick 2700 Configuration run-through: Difference between revisions

(Undo revision 277 by AA-Andrew (talk))
(Undo revision 278 by AA-Andrew (talk))
 
The default configuration (or a fully-loaded FireBrick) looks like this:
<div dir="ltr" class="mw-geshi" style="text-align: left;"><div class="xml source-xml"><pre class="de1"><&lt;span class="sc3"><&gt;&lt;span class="re1">&gt;&lt;?xml<&lt;/span>&gt; <&lt;span class="re0">&gt;version<&lt;/span>&gt;=<&lt;span class="st0">&gt;"1.0"<&lt;/span>&gt; <&lt;span class="re0">&gt;encoding<&lt;/span>&gt;=<&lt;span class="st0">&gt;"UTF-8"<&lt;/span><&gt;&lt;span class="re2">&gt;?&gt;<&lt;/span><&gt;&lt;/span>&gt; <&lt;span class="sc3"><&gt;&lt;span class="re1">&gt;&lt;config<&lt;/span>&gt; <&lt;span class="re0">&gt;xmlns<&lt;/span>&gt;=<&lt;span class="st0">&gt;"http://firebrick.ltd.uk/xml/fb2700/"< &lt;/span><&gt;&lt;/span> <&gt;&lt;span class="sc3"><&gt;&lt;span class="re0">&gt;xmlns:xsi<&lt;/span>&gt;=<&lt;span class="st0">&gt;"http://www.w3.org/2001/XMLSchema-instance"< &lt;/span><&gt;&lt;/span> <&gt;&lt;span class="sc3"><&gt;&lt;span class="re0">&gt;xsi:schemaLocation<&lt;/span>&gt;=<&lt;span class="st0">&gt;"http://firebrick.ltd.uk/xml/fb2700/<&lt;/span>&gt; <&lt;span class="sc3">&gt;http://firebrick.ltd.uk/xml/fb2700/0.00.605.xsd"<&lt;/span><&gt;&lt;/span>&gt; <&lt;span class="sc3"><&gt;&lt;span class="re0">&gt;timestamp<&lt;/span>&gt;=<&lt;span class="st0">&gt;"1970-01-01T00:00:07Z"<&lt;/span><&gt;&lt;span class="re2">&gt;<&gt;&lt;/span><&gt;&lt;/span>&gt; <&lt;span class="sc3"><&gt;&lt;span class="re1">&gt;&lt;port<&lt;/span>&gt; <&lt;span class="re0">&gt;name<&lt;/span>&gt;=<&lt;span class="st0">&gt;"LAN1"<&lt;/span>&gt; <&lt;span class="re0">&gt;ports<&lt;/span>&gt;=<&lt;span class="st0">&gt;"1"<&lt;/span><&gt;&lt;span class="re2">&gt;/&gt;<&lt;/span><&gt;&lt;/span>&gt; <&lt;span class="sc3"><&gt;&lt;span class="re1">&gt;&lt;port<&lt;/span>&gt; <&lt;span class="re0">&gt;name<&lt;/span>&gt;=<&lt;span class="st0">&gt;"LAN2"<&lt;/span>&gt; <&lt;span class="re0">&gt;ports<&lt;/span>&gt;=<&lt;span class="st0">&gt;"2"<&lt;/span><&gt;&lt;span class="re2">&gt;/&gt;<&lt;/span><&gt;&lt;/span>&gt; <&lt;span class="sc3"><&gt;&lt;span class="re1">&gt;&lt;port<&lt;/span>&gt; <&lt;span class="re0">&gt;name<&lt;/span>&gt;=<&lt;span class="st0">&gt;"LAN3"<&lt;/span>&gt; <&lt;span class="re0">&gt;ports<&lt;/span>&gt;=<&lt;span class="st0">&gt;"3"<&lt;/span><&gt;&lt;span class="re2">&gt;/&gt;<&lt;/span><&gt;&lt;/span>&gt; <&lt;span class="sc3"><&gt;&lt;span class="re1">&gt;&lt;port<&lt;/span>&gt; <&lt;span class="re0">&gt;name<&lt;/span>&gt;=<&lt;span class="st0">&gt;"LAN4"<&lt;/span>&gt; <&lt;span class="re0">&gt;ports<&lt;/span>&gt;=<&lt;span class="st0">&gt;"4"<&lt;/span><&gt;&lt;span class="re2">&gt;/&gt;<&lt;/span><&gt;&lt;/span>&gt; <&lt;span class="sc3"><&gt;&lt;span class="re1">&gt;&lt;interface<&lt;/span>&gt; <&lt;span class="re0">&gt;name<&lt;/span>&gt;=<&lt;span class="st0">&gt;"LAN1"<&lt;/span>&gt; <&lt;span class="re0">&gt;port<&lt;/span>&gt;=<&lt;span class="st0">&gt;"LAN1"<&lt;/span><&gt;&lt;span class="re2">&gt;<&gt;&lt;/span><&gt;&lt;/span>&gt; <&lt;span class="sc3"><&gt;&lt;span class="re1">&gt;&lt;subnet<&lt;/span>&gt; <&lt;span class="re0">&gt;comment<&lt;/span>&gt;=<&lt;span class="st0">&gt;"dhcp client"<&lt;/span><&gt;&lt;span class="re2">&gt;/&gt;<&lt;/span><&gt;&lt;/span>&gt; <&lt;span class="sc3"><&gt;&lt;span class="re1">&gt;&lt;subnet<&lt;/span>&gt; <&lt;span class="re0">&gt;ip<&lt;/span>&gt;=<&lt;span class="st0">&gt;"2001:DB8::1/64 10.0.0.1/24"<&lt;/span>&gt; <&lt;span class="re0">&gt;nat<&lt;/span>&gt;=<&lt;span class="st0">&gt;"true"< &lt;/span><&gt;&lt;/span> <&gt;&lt;span class="sc3"><&gt;&lt;span class="re0">&gt;comment<&lt;/span>&gt;=<&lt;span class="st0">&gt;"Temporary IPs for setup only, delete when finished configuring"<&lt;/span><&gt;&lt;span class="re2">&gt;/&gt;<&lt;/span><&gt;&lt;/span>&gt; <&lt;span class="sc3"><&gt;&lt;span class="re1">&gt;&lt;dhcp<&lt;/span>&gt; <&lt;span class="re0">&gt;ip<&lt;/span>&gt;=<&lt;span class="st0">&gt;"10.0.0.100-199"<&lt;/span><&gt;&lt;span class="re2">&gt;/&gt;<&lt;/span><&gt;&lt;/span>&gt; <&lt;span class="sc3"><&gt;&lt;span class="re1">&gt;&lt;/interface<&lt;span class="re2">&gt;<&gt;&lt;/span><&gt;&lt;/span><&gt;&lt;/span>&gt; <&lt;span class="sc3"><&gt;&lt;span class="re1">&gt;&lt;ppp<&lt;/span>&gt; <&lt;span class="re0">&gt;port<&lt;/span>&gt;=<&lt;span class="st0">&gt;"LAN4"<&lt;/span>&gt; <&lt;span class="re0">&gt;username<&lt;/span>&gt;=<&lt;span class="st0">&gt;"startup_user@startup_domain"<&lt;/span>&gt; <&lt;span class="re0">&gt;password<&lt;/span>&gt;=<&lt;span class="st0">&gt;""< &lt;/span><&gt;&lt;/span> <&gt;&lt;span class="sc3"><&gt;&lt;span class="re0">&gt;comment<&lt;/span>&gt;=<&lt;span class="st0">&gt;"Example PPPoE config for DSL/FTTC/FTTP/etc"<&lt;/span><&gt;&lt;span class="re2">&gt;/&gt;<&lt;/span><&gt;&lt;/span>&gt; <&lt;span class="sc3"><&gt;&lt;span class="re1">&gt;&lt;services<&lt;span class="re2">&gt;<&gt;&lt;/span><&gt;&lt;/span><&gt;&lt;/span>&gt; <&lt;span class="sc3"><&gt;&lt;span class="re1">&gt;&lt;ntp<&lt;/span><&gt;&lt;span class="re2">&gt;/&gt;<&lt;/span><&gt;&lt;/span>&gt; <&lt;span class="sc3"><&gt;&lt;span class="re1">&gt;&lt;telnet<&lt;/span>&gt; <&lt;span class="re0">&gt;comment<&lt;/span>&gt;=<&lt;span class="st0">&gt;"Set allow IP list to restrict access"<&lt;/span><&gt;&lt;span class="re2">&gt;/&gt;<&lt;/span><&gt;&lt;/span>&gt; <&lt;span class="sc3"><&gt;&lt;span class="re1">&gt;&lt;http<&lt;/span><&gt;&lt;span class="re2">&gt;/&gt;<&lt;/span><&gt;&lt;/span>&gt; <&lt;span class="sc3"><&gt;&lt;span class="re1">&gt;&lt;/services<&lt;span class="re2">&gt;<&gt;&lt;/span><&gt;&lt;/span><&gt;&lt;/span>&gt; <&lt;span class="sc3"><&gt;&lt;span class="re1">&gt;&lt;rule-set<&lt;/span>&gt; <&lt;span class="re0">&gt;target-interface<&lt;/span>&gt;=<&lt;span class="st0">&gt;"LAN1"<&lt;/span>&gt; <&lt;span class="re0">&gt;drop<&lt;/span>&gt;=<&lt;span class="st0">&gt;"reject"<&lt;/span>&gt; <&lt;span class="re0">&gt;comment<&lt;/span>&gt;=<&lt;span class="st0">&gt;"default< &lt;/span> <&gt;&lt;span class="sc3">&gt;firewall rule - block incoming"<&lt;/span><&gt;&lt;span class="re2">&gt;<&gt;&lt;/span><&gt;&lt;/span>&gt; <&lt;span class="sc3"><&gt;&lt;span class="re1">&gt;&lt;rule<&lt;/span>&gt; <&lt;span class="re0">&gt;source-interface<&lt;/span>&gt;=<&lt;span class="st0">&gt;"self"<&lt;/span>&gt; <&lt;span class="re0">&gt;comment<&lt;/span>&gt;=<&lt;span class="st0">&gt;"allow from the FireBrick< &lt;/span> <&gt;&lt;span class="sc3">&gt;though"<&lt;/span><&gt;&lt;span class="re2">&gt;/&gt;<&lt;/span><&gt;&lt;/span>&gt; <&lt;span class="sc3"><&gt;&lt;span class="re1">&gt;&lt;/rule-set<&lt;span class="re2">&gt;<&gt;&lt;/span><&gt;&lt;/span><&gt;&lt;/span>&gt; <&lt;span class="sc3"><&gt;&lt;span class="re1">&gt;&lt;/config<&lt;span class="re2">&gt;<&gt;&lt;/span><&gt;&lt;/span><&gt;&lt;/span>&gt;</pre></div></div>
Which sets up the 4 Ethernet ports as separate LANs, and an IP of 10.0.0.1 (and 2001:DB8::1)&nbsp;with the FireBrick acting DHCP server on the first port. So, connecting a computer to Port 1 should get you a 10.0.0.x IP address, and you can access http://10.0.0.1
 
Retrieved from ‘http://support.aa.net.uk/FireBrick_2700_Configuration_run-through