Jump to content

This is the support site for Andrews & Arnold Ltd, a UK Internet provider. Information on these pages is generally for our customers but may be useful to others, enjoy!

FireBrick 2700 Configuration: Difference between revisions

← Older editNewer edit →
Content deleted Content added
CrazyTeeka (talk | contribs)
editor
426 edits
mNo edit summary
CrazyTeeka (talk | contribs)
editor
426 edits
No edit summary
Line 130: Line 130:
</syntaxhighlight>
</syntaxhighlight>



=Config Run Through=
The FireBrick uses XML version 1.0 and UTF-8 encoding:
<syntaxhighlight>
<?xml version="1.0" encoding="UTF-8"?>
</syntaxhighlight>
FireBrick is running factory release firmware 1.35.001:
<syntaxhighlight>
<config xmlns="http://firebrick.ltd.uk/xml/fb2700/"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://firebrick.ltd.uk/xml/fb2700/ http://firebrick.ltd.uk/download/FB2701/xml/fb2700/1.35.001.xsd"
patch="21695">
</syntaxhighlight>

==System==
FireBrick with basic system config. Automatic updates to new factory release firmware are enabled by default:
<syntaxhighlight>
<system contact="John Doe" log-panic="fb-support"/>
</syntaxhighlight>
Same as above but automatic firmware updates are disabled:
<syntaxhighlight>
<system contact="John Doe" log-panic="fb-support" sw-update="false"/>
</syntaxhighlight>

==User==
Full administrator account:
<syntaxhighlight>
<user name="admin" password="secret"/>
</syntaxhighlight>
Full administrator account with login idle timeout disabled:
<syntaxhighlight>
<user name="admin" password="secret" timeout="0"/>
</syntaxhighlight>
Debug account with a few extra things unhidden:
<syntaxhighlight>
<user name="admin" password="secret" timeout="0" level="DEBUG"/>
</syntaxhighlight>
Guest account with many things hidden:
<syntaxhighlight>
<user name="guest" password="secret" timeout="0" level="GUEST"/>
</syntaxhighlight>

==Logging==
General logging:
<syntaxhighlight>
<log name="default" comment="General logging for web viewing"/>
</syntaxhighlight>
Crash logs emailed to FireBrick support team:
<syntaxhighlight>
<log name="fb-support" comment="Log target for sending logs to FireBrick support team">
<email to="crashlog@firebrick.ltd.uk" delay="10" comment="Crash logs emailed to FireBrick support team"/>
</log>
</syntaxhighlight>

==Services - NTP Client==
Set time from FireBrick time server:
<syntaxhighlight>
<ntp/>
</syntaxhighlight>
Set time from AAISP time server:
<syntaxhighlight>
<ntp ntpserver="time.aa.net.uk"/>
</syntaxhighlight>

==Services - Telnet Server==
Enable telnet server, local-only by default:
<syntaxhighlight>
<telnet/>
</syntaxhighlight>
Enable telnet server, allow inbound to telnet server from a single IPv4 address:
<syntaxhighlight>
<telnet allow="10.0.0.2" local-only="false"/>
</syntaxhighlight>
Enable telnet server, allow inbound to telnet server from a block of IPv4s:
<syntaxhighlight>
<telnet allow="10.0.0.2-254" local-only="false"/>
</syntaxhighlight>
Enable telnet server, allow inbound to telnet server from a /29 block of IPv4s:
<syntaxhighlight>
<telnet allow="10.0.0.2/29" local-only="false"/>
</syntaxhighlight>
Enable telnet server, allow inbound to telnet server from a single IPv6 address:
<syntaxhighlight>
<telnet allow="2001:8b0:119c:acf2::1" local-only="false"/>
</syntaxhighlight>
Enable telnet server, allow inbound to telnet server from a /48 block of IPv6s:
<syntaxhighlight>
<telnet allow="2001:8b0:119c::/48" local-only="false"/>
</syntaxhighlight>
Enable telnet server, allow inbound to telnet server from a /64 block of IPv6s:
<syntaxhighlight>
<telnet allow="2001:8b0:119c:acf2::/64" local-only="false"/>
</syntaxhighlight>

==Services - HTTP Server==
Enable HTTP server, local-only by default:
<syntaxhighlight>
<http/>
</syntaxhighlight>
Enable HTTP server, allow inbound to HTTP server from a single IPv4 address:
<syntaxhighlight>
<http allow="10.0.0.2" local-only="false"/>
</syntaxhighlight>
Enable HTTP server, allow inbound to HTTP server from a block of IPv4s:
<syntaxhighlight>
<http allow="10.0.0.2-254" local-only="false"/>
</syntaxhighlight>
Enable HTTP server, allow inbound to HTTP server from a /29 block of IPv4s:
<syntaxhighlight>
<http allow="10.0.0.2/29" local-only="false"/>
</syntaxhighlight>
Enable HTTP server, allow inbound to HTTP server from a single IPv6 address:
<syntaxhighlight>
<http allow="2001:8b0:119c:acf2::1" local-only="false"/>
</syntaxhighlight>
Enable HTTP server, allow inbound to HTTP server from a /48 block of IPv6s:
<syntaxhighlight>
<http allow="2001:8b0:119c::/48" local-only="false"/>
</syntaxhighlight>
Enable HTTP server, allow inbound to HTTP server from a /64 block of IPv6s:
<syntaxhighlight>
<http allow="2001:8b0:119c:acf2::/64" local-only="false"/>
</syntaxhighlight>

==Services - DNS Service==
Enable DNS service, local-only by default:
<syntaxhighlight>
<dns resolvers="2001:8b0::2020 2001:8b0::2021 217.169.20.20 217.169.20.21"/>
</syntaxhighlight>

==Port Grouping and Naming==
Port grouping for one PPPoE connection:
<syntaxhighlight>
<port name="LAN" ports="1 2 3"/>
<port name="WAN" ports="4"/>
</syntaxhighlight>
Port grouping for two PPPoE connections:
<syntaxhighlight>
<port name="LAN" ports="1 2"/>
<port name="WAN2" ports="3"/>
<port name="WAN1" ports="4"/>
</syntaxhighlight>
Port grouping for three PPPoE connections:
<syntaxhighlight>
<port name="LAN" ports="1"/>
<port name="WAN3" ports="2"/>
<port name="WAN2" ports="3"/>
<port name="WAN1" ports="4"/>
</syntaxhighlight>

==Ethernet Interface==
LAN Interface:
<syntaxhighlight>
<interface name="LAN" port="LAN" ra-client="false">
<subnet ip="10.0.0.1/24 2001:8b0::1/64"/>
</interface>
</syntaxhighlight>
LAN Interface for IPv6 tunnel over 3G dongle (with MTU 1500):
<syntaxhighlight>
<interface name="LAN" port="LAN" ra-client="false">
<subnet ip="10.0.0.1/24 2001:8b0::1/64" ra="true" ra-mtu="1480" ra-dns="2001:8b0::2020 2001:8b0::2021"/>
</interface>
</syntaxhighlight>
LAN Interface for IPv6 tunnel over 3G dongle (with MTU 1492):
<syntaxhighlight>
<interface name="LAN" port="LAN" ra-client="false">
<subnet ip="10.0.0.1/24 2001:8b0::1/64" ra="true" ra-mtu="1472" ra-dns="2001:8b0::2020 2001:8b0::2021"/>
</interface>
</syntaxhighlight>
WAN Interface for a single PPPoE session:
<syntaxhighlight>
<interface name="WAN" port="WAN" ra-client="true"/>
</syntaxhighlight>
WAN Interface for dual PPPoE sessions:
<syntaxhighlight>
<interface name="WAN1" port="WAN1" ra-client="true"/>
<interface name="WAN2" port="WAN2" ra-client="true"/>
</syntaxhighlight>
WAN Interface for triple PPPoE sessions:
<syntaxhighlight>
<interface name="WAN1" port="WAN1" ra-client="true"/>
<interface name="WAN2" port="WAN2" ra-client="true"/>
<interface name="WAN3" port="WAN3" ra-client="true"/>
</syntaxhighlight>

==PPPoE==
Connect to AAISP over PPPoE session (with NAT):
<syntaxhighlight>
<ppp name="AAISP" port="WAN" username="me@a.1" password="secret" nat="true" graph="AAISP" log="default"/>
</syntaxhighlight>
Connect to AAISP over PPPoE session (without NAT):
<syntaxhighlight>
<ppp name="AAISP" port="WAN" username="me@a.1" password="secret" nat="false" graph="AAISP" log="default"/>
</syntaxhighlight>
Connect to AAISP over PPPoE session (with MTU 1500 and NAT):
<syntaxhighlight>
<ppp name="AAISP" port="WAN" username="me@a.1" password="secret" nat="true" mtu="1500" graph="AAISP" log="default"/>
</syntaxhighlight>
Connect to AAISP over PPPoE session (with MTU 1500 but without NAT):
<syntaxhighlight>
<ppp name="AAISP" port="WAN" username="me@a.1" password="secret" nat="false" mtu="1500" graph="AAISP" log="default"/>
</syntaxhighlight>
Connect to AAISP over PPPoE session (with MTU 1500, 3G dongle tweaks and NAT):
<syntaxhighlight>
<ppp name="AAISP" port="WAN" username="me@a.1" password="secret" nat="true" mtu="1500" lcp-rate="1" lcp-timeout="5" graph="AAISP" log="default"/>
</syntaxhighlight>
Connect to AAISP over PPPoE session (with MTU 1500, 3G dongle tweaks but without NAT):
<syntaxhighlight>
<ppp name="AAISP" port="WAN" username="me@a.1" password="secret" nat="false" mtu="1500" lcp-rate="1" lcp-timeout="5" graph="AAISP" log="default"/>
</syntaxhighlight>

==USB and 3G dongle==
Connect to AAISP over 3G dongle (with NAT):
<syntaxhighlight>
<dongle name="AAISP-3G" username="me@a.2" password="secret" nat="true" graph="AAISP-3G" log="default"/>
</syntaxhighlight>
Connect to AAISP over 3G dongle (without NAT):
<syntaxhighlight>
<dongle name="AAISP-3G" username="me@a.2" password="secret" nat="false" graph="AAISP-3G" log="default"/>
</syntaxhighlight>
Connect to AAISP over 3G dongle (with APN and NAT):
<syntaxhighlight>
<dongle name="AAISP-3G" apn="m2m.aql.net" username="me@a.2" password="secret" nat="true" graph="AAISP-3G" log="default"/>
</syntaxhighlight>
Connect to AAISP over 3G dongle (with APN but without NAT):
<syntaxhighlight>
<dongle name="AAISP-3G" apn="m2m.aql.net" username="me@a.2" password="secret" nat="false" graph="AAISP-3G" log="default"/>
</syntaxhighlight>

==Static Routes==
3G dongle IPv6 default route using IPv4 tunnel:
<syntaxhighlight>
<route ip="::/0" gateway="81.187.81.6" comment="IPv6 default route using IPv4 tunnel"/>
</syntaxhighlight>

==Firewall - Rule Set==
Default firewall rule for traffic to LAN:
<syntaxhighlight>
<rule-set name="Firewall: LAN" target-interface="LAN" no-match-action="reject" comment="Default firewall rule for traffic to LAN">
</rule-set>
</syntaxhighlight>

==Firewall - Rule(s)==
Allow all from the FireBrick to LAN - This rule is important:
<syntaxhighlight>
<rule name="Allow Firebrick" source-interface="self" comment="Allow all from the FireBrick to LAN"/>
</syntaxhighlight>
Allow inbound calls to your VoIP Phone, if you register it with Voiceless:
<syntaxhighlight>
<rule name="SIP" source-ip="81.187.30.110-119 90.155.3.0/24 90.155.103.0/24 2001:8b0:0:30::5060:0/112 2001:8b0:5060::/48" target-ip="10.0.0.3" target-port="5060" action="accept"/>
<rule name="RTP" source-ip="81.187.30.110-119 90.155.3.0/24 90.155.103.0/24 2001:8b0:0:30::5060:0/112 2001:8b0:5060::/48" target-ip="10.0.0.3" target-port="1024-65535" protocol="17" action="accept"/>
</syntaxhighlight>
Allow inbound calls to your Snom Phone, if you register it with Voiceless:
<syntaxhighlight>
<rule name="SIP" source-ip="81.187.30.110-119 90.155.3.0/24 90.155.103.0/24 2001:8b0:0:30::5060:0/112 2001:8b0:5060::/48" target-ip="10.0.0.3" target-port="5060" action="accept"/>
<rule name="RTP" source-ip="81.187.30.110-119 90.155.3.0/24 90.155.103.0/24 2001:8b0:0:30::5060:0/112 2001:8b0:5060::/48" target-ip="10.0.0.3" target-port="49152-65534" protocol="17" action="accept"/>
</syntaxhighlight>

==VoIP==
VoIP with IPv6 source IP defined:
<syntaxhighlight>
<voip source-ip6="2001:8b0::1">
</voip>
</syntaxhighlight>
VoIP with IPv4 and IPv6 source IPs defined:
<syntaxhighlight>
<voip source-ip4="10.0.0.1" source-ip6="2001:8b0::1">
</voip>
</syntaxhighlight>

==VoIP Carriers==
VoIP carrier that registers with Voiceless and binds inbound/outbound calls to extension 1000 as below:
<syntaxhighlight>
<carrier name="AASIP+441234567890" allow="81.187.30.110-119 90.155.3.0/24 90.155.103.0/24 2001:8b0:0:30::5060:0/112 2001:8b0:5060::/48" registrar="voiceless.aa.net.uk" username="+441234567890" password="secret" extn="1000"/>
</syntaxhighlight>

==VoIP Users==
VoIP user that accepts registrations from your VoIP phone:
<syntaxhighlight>
<telephone name="John" display-name="John" username="John" password="secret" extn="1000" carrier="AASIP+441234567890"/>
</syntaxhighlight>


[[Category:FireBrick]]
[[Category:FireBrick]]
Retrieved from "http://support.aa.net.uk/FireBrick_2700_Configuration"