FireBrick 2700 Configuration: Difference between revisions

=Factory Default Config=

The factory default config of a FireBrick looks like this:

<?xml version="1.0" encoding="UTF-8"?>

<config xmlns="http://firebrick.ltd.uk/xml/fb2700/" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://firebrick.ltd.uk/xml/fb2700/ http://firebrick.ltd.uk/download/FB2701/xml/fb2700/1.38.001.xsd" patch="22527">

Here we have an example of the FireBrick using NAT:

<?xml version="1.0" encoding="UTF-8"?>

<config xmlns="http://firebrick.ltd.uk/xml/fb2700/" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://firebrick.ltd.uk/xml/fb2700/ http://firebrick.ltd.uk/download/FB2701/xml/fb2700/1.38.001.xsd" patch="22527">

and here the FireBrick is NAT free:

<?xml version="1.0" encoding="UTF-8"?>

<config xmlns="http://firebrick.ltd.uk/xml/fb2700/" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://firebrick.ltd.uk/xml/fb2700/ http://firebrick.ltd.uk/download/FB2701/xml/fb2700/1.38.001.xsd" patch="22527">

Here we have an example of setting up VoIP on the FireBrick, inbound and outbound calls, inbound URI calls, and outbound URI calls to AAISP:

<voip source-ip4="217.169.11.113" source-ip6="2001:8b0:119c:acf2::1">

<carrier name="AASIP+441234567890" allow="81.187.30.110-119 90.155.3.0/24 90.155.103.0/24 2001:8b0:0:30::5060:0/112 2001:8b0:5060::/48"

and here we use Direct Dial In, extn= is removed from <carrier> element and ddi= added to <telephone> element:

<voip source-ip4="217.169.11.113" source-ip6="2001:8b0:119c:acf2::1">

<carrier name="AASIP+441234567890" allow="81.187.30.110-119 90.155.3.0/24 90.155.103.0/24 2001:8b0:0:30::5060:0/112 2001:8b0:5060::/48"

Here we allow limited IPv6 addresses access to Telnet and HTTP, this stops you locking yourself out, in the example below 2001:8b0:119c:acf2::2/64 is used but you will need to use your own IP address instead, it also allows AAISP staff to login:

<telnet allow="2001:8b0:119c:acf2::2/64 2001:8b0::/47" local-only="false"/>

<http allow="2001:8b0:119c:acf2::2/64 2001:8b0::/47" local-only="false"/>

then add a user account for AAISP, don't forgot to change password to something else:

<user name="AAISP" password="secret" timeout="1:00:00"/>

</syntaxhighlight>

Ports - LAN is on ports 1 and 2, WAN1 is on port 4, WAN2 is on port 3:

<port name="LAN" ports="1 2"/>

<port name="WAN2" ports="3"/>

Interface - LAN interface, with DHCP for IPv4 addresses and RA for IPv6 addresses, assumes PPP session is 1500 MTU, if PPP session is 1492 MTU then change 1472 to 1464 in second ra-mtu= element:

<interface name="LAN" port="LAN" ra-client="false">

<subnet ip="2001:8b0:119c:acf2::1/64 217.169.11.113/29" ra="true" ra-mtu="1412" ra-dns="2001:8b0::2020 2001:8b0::2021" profile="DSL-Down"/>

Interface - WAN interfaces, RA client is enabled:

<interface name="WAN1" port="WAN1" ra-client="true"/>

<interface name="WAN2" port="WAN2" ra-client="true"/>

PPP - Connect to both lines, MTU is 1500, timeout is 5 seconds:

<ppp name="AAISP1" port="WAN1" username="me@a.1" password="secret" mtu="1500" lcp-rate="1" lcp-timeout="5" graph="AAISP1" log="default" nat="false"/>

<ppp name="AAISP2" port="WAN2" username="me@a.2" password="secret" mtu="1500" lcp-rate="1" lcp-timeout="5" graph="AAISP2" log="default" nat="false"/>

Dongle - Connect over 3G:

<usb>

<dongle name="AAISP3" username="me@a.3" password="secret" nat="false" graph="AAISP3" log="default"/>

Static Route - Brings up IPv6 default route using IPv4 tunnel when both lines are down or unplugged:

<route ip="::/0" gateway="81.187.81.6" profile="DSL-Down" comment="IPv6 default route using IPv4 tunnel"/>

</syntaxhighlight>

Profiles - Checks if both lines are up or down:

<profile name="DSL-Down" interval="1" timeout="5" recover="1" ppp="AAISP1 AAISP2" invert="true" comment="DSL is Down"/>

<profile name="DSL-Up" not="DSL-Down" comment="DSL is Up"/>

Ports - LAN is on ports 1 and 2, WAN1 is on port 4, WAN2 is on port 3:

<port name="LAN" ports="1 2"/>

<port name="WAN2" ports="3"/>

Interface - LAN interface, with DHCP for IPv4 addresses and RA for IPv6 addresses, assumes PPP session is 1500 MTU, if PPP session is 1492 MTU then change 1472 to 1464 in second ra-mtu= element:

<interface name="LAN" port="LAN" ra-client="false">

<subnet ip="2001:8b0:119c:acf2::1/64 217.169.11.113/29" ra="true" ra-mtu="1412" ra-dns="2001:8b0::2020 2001:8b0::2021" profile="DSL-Down"/>

Interface - WAN interfaces, RA client is enabled:

<interface name="WAN1" port="WAN1" ra-client="true"/>

<interface name="WAN2" port="WAN2" ra-client="true"/>

PPP - Connect to both lines, MTU is 1500, timeout is 5 seconds, localpref= gives priority to the highest value:

<ppp name="AAISP1" port="WAN1" username="me@a.1" password="secret" mtu="1500" lcp-rate="1" lcp-timeout="5" localpref="1000" graph="AAISP1" log="default" nat="false"/>

<ppp name="AAISP2" port="WAN2" username="me@a.2" password="secret" mtu="1500" lcp-rate="1" lcp-timeout="5" localpref="100" graph="AAISP2" log="default" nat="false"/>

Dongle - Connect over 3G, localpref= gives this connection the lowest priority:

<usb>

<dongle name="AAISP3" username="me@a.3" password="secret" nat="false" localpref="10" graph="AAISP3" log="default"/>

Static Route - Brings up IPv6 default route using IPv4 tunnel when both lines are down or unplugged:

<route ip="::/0" gateway="81.187.81.6" profile="DSL-Down" comment="IPv6 default route using IPv4 tunnel"/>

</syntaxhighlight>

Profiles - Checks if both lines are up or down:

<profile name="DSL-Down" interval="1" timeout="5" recover="1" ppp="AAISP1 AAISP2" invert="true" comment="DSL is Down"/>

<profile name="DSL-Up" not="DSL-Down" comment="DSL is Up"/>