FireBrick 2700 Configuration run-through: Difference between revisions
Content deleted Content added
→Default Config: lang=xml |
lots of lang=xml |
||
| Line 62: | Line 62: | ||
<tabs> |
<tabs> |
||
<tab name="XML"> |
<tab name="XML"> |
||
<syntaxhighlight> |
<syntaxhighlight lang=xml> |
||
<user name="john" timeout="PT20M" level="DEBUG" password="secret"/> |
<user name="john" timeout="PT20M" level="DEBUG" password="secret"/> |
||
</syntaxhighlight> |
</syntaxhighlight> |
||
| Line 79: | Line 79: | ||
Modify the ntp time server to use the AAISP time server: |
Modify the ntp time server to use the AAISP time server: |
||
<syntaxhighlight> |
<syntaxhighlight lang=xml> |
||
<ntp timeserver="time.aaisp.net.uk"/> |
<ntp timeserver="time.aaisp.net.uk"/> |
||
</syntaxhighlight> |
</syntaxhighlight> |
||
modify the telnet service to permit only access from your LAN: |
modify the telnet service to permit only access from your LAN: |
||
<syntaxhighlight> |
<syntaxhighlight lang=xml> |
||
<telnet allow="192.0.2.0/28"/> |
<telnet allow="192.0.2.0/28"/> |
||
</syntaxhighlight> |
</syntaxhighlight> |
||
Set DNS servers and your domain name, under the services (here we're using the AAISP DNS servers: |
Set DNS servers and your domain name, under the services (here we're using the AAISP DNS servers: |
||
<syntaxhighlight> |
<syntaxhighlight lang=xml> |
||
<dns domain="yourdomain.tld" resolvers="217.169.20.20 217.169.20.21"/> |
<dns domain="yourdomain.tld" resolvers="217.169.20.20 217.169.20.21"/> |
||
</syntaxhighlight> |
</syntaxhighlight> |
||
| Line 97: | Line 97: | ||
So, first we'll add a new subnet, this can go under the current 10.0.0.1 subnet (which we'll delete later.) And we'll make this a DHCP server: |
So, first we'll add a new subnet, this can go under the current 10.0.0.1 subnet (which we'll delete later.) And we'll make this a DHCP server: |
||
<syntaxhighlight> |
<syntaxhighlight lang=xml> |
||
<subnet ip="192.0.2.1/28" comment="LAN"/> |
<subnet ip="192.0.2.1/28" comment="LAN"/> |
||
<dhcp ip="192.0.2.2-12"/> |
<dhcp ip="192.0.2.2-12"/> |
||
| Line 103: | Line 103: | ||
Remove the existing DHCP settings for the 10.0.0.1 interface. The LAN1 interface now looks like this: |
Remove the existing DHCP settings for the 10.0.0.1 interface. The LAN1 interface now looks like this: |
||
<syntaxhighlight> |
<syntaxhighlight lang=xml> |
||
<interface name="LAN1" port="LAN1"> |
<interface name="LAN1" port="LAN1"> |
||
<subnet comment="dhcp client"/> |
<subnet comment="dhcp client"/> |
||
| Line 114: | Line 114: | ||
Our complete config now looks like this: |
Our complete config now looks like this: |
||
<syntaxhighlight> |
<syntaxhighlight lang=xml> |
||
<?xml version="1.0" encoding="UTF-8"?> |
<?xml version="1.0" encoding="UTF-8"?> |
||
<config xmlns="http://firebrick.ltd.uk/xml/fb2700/" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://firebrick.ltd.uk/xml/fb2700/ http://firebrick.ltd.uk/xml/fb2700/0.00.605.xsd" timestamp="1970-01-01T00:00:07Z"> |
<config xmlns="http://firebrick.ltd.uk/xml/fb2700/" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://firebrick.ltd.uk/xml/fb2700/ http://firebrick.ltd.uk/xml/fb2700/0.00.605.xsd" timestamp="1970-01-01T00:00:07Z"> |
||
| Line 146: | Line 146: | ||
if that works, we can now safely remove the DHCP client subnet and the 10.0.0.1 subnet, so remove the lines: |
if that works, we can now safely remove the DHCP client subnet and the 10.0.0.1 subnet, so remove the lines: |
||
<syntaxhighlight> |
<syntaxhighlight lang=xml> |
||
<subnet comment="dhcp client"/> |
<subnet comment="dhcp client"/> |
||
<subnet ip="2001:DB8::1/64 10.0.0.1/24" nat="true" comment="Temporary IPs for setup only, delete when finished configuring"/> |
<subnet ip="2001:DB8::1/64 10.0.0.1/24" nat="true" comment="Temporary IPs for setup only, delete when finished configuring"/> |
||
| Line 166: | Line 166: | ||
In our default config, you can see that we already have some PPPoE settings: |
In our default config, you can see that we already have some PPPoE settings: |
||
<syntaxhighlight> |
<syntaxhighlight lang=xml> |
||
<ppp port="LAN4" username="startup_user@startup_domain" password="" comment="Example PPPoE config for DSL/FTTC/FTTP/etc"/> |
<ppp port="LAN4" username="startup_user@startup_domain" password="" comment="Example PPPoE config for DSL/FTTC/FTTP/etc"/> |
||
</syntaxhighlight> |
</syntaxhighlight> |
||
| Line 172: | Line 172: | ||
This line can be changed for your ADSL settings, e.g.: |
This line can be changed for your ADSL settings, e.g.: |
||
<syntaxhighlight> |
<syntaxhighlight lang=xml> |
||
<ppp port="WAN1" username="abc@a.1" password="secret" comment="BT ADSL" graph="BT ADSL" log="true"/> |
<ppp port="WAN1" username="abc@a.1" password="secret" comment="BT ADSL" graph="BT ADSL" log="true"/> |
||
</syntaxhighlight> |
</syntaxhighlight> |
||
| Line 178: | Line 178: | ||
We've changed the port to WAN1, so we also need to change the port config earlier in the file, so change |
We've changed the port to WAN1, so we also need to change the port config earlier in the file, so change |
||
<syntaxhighlight> |
<syntaxhighlight lang=xml> |
||
<port name="LAN4" ports="4"/> |
<port name="LAN4" ports="4"/> |
||
</syntaxhighlight> |
</syntaxhighlight> |
||
to: |
to: |
||
<syntaxhighlight> |
<syntaxhighlight lang=xml> |
||
<port name="WAN1" ports="4"/> |
<port name="WAN1" ports="4"/> |
||
</syntaxhighlight> |
</syntaxhighlight> |
||
Our complete config in full now looks like this: |
Our complete config in full now looks like this: |
||
<syntaxhighlight> |
<syntaxhighlight lang=xml> |
||
<?xml version="1.0" encoding="UTF-8"?> |
<?xml version="1.0" encoding="UTF-8"?> |
||
<config xmlns="http://firebrick.ltd.uk/xml/fb2700/" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://firebrick.ltd.uk/xml/fb2700/ http://firebrick.ltd.uk/xml/fb2700/0.00.605.xsd" timestamp="1970-01-01T00:00:07Z"> |
<config xmlns="http://firebrick.ltd.uk/xml/fb2700/" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://firebrick.ltd.uk/xml/fb2700/ http://firebrick.ltd.uk/xml/fb2700/0.00.605.xsd" timestamp="1970-01-01T00:00:07Z"> |
||
| Line 216: | Line 217: | ||
Config wise, just add mtu="1500" to the ppp element. |
Config wise, just add mtu="1500" to the ppp element. |
||
e.g.: |
e.g.: |
||
<syntaxhighlight> |
<syntaxhighlight lang=xml> |
||
<ppp port="WAN1" username="abc@a.1" password="secret" comment="BT ADSL" graph="BT ADSL" log="true" mtu="1500"/> |
<ppp port="WAN1" username="abc@a.1" password="secret" comment="BT ADSL" graph="BT ADSL" log="true" mtu="1500"/> |
||
</syntaxhighlight> |
</syntaxhighlight> |
||
| Line 248: | Line 249: | ||
Since that page is more of a referece than a tutorial, it contains no examples. So here's a code snippet from a working config which allows incoming SMTP to your mail server, and IAX2 to an asterisk box as a starting-point: |
Since that page is more of a referece than a tutorial, it contains no examples. So here's a code snippet from a working config which allows incoming SMTP to your mail server, and IAX2 to an asterisk box as a starting-point: |
||
<syntaxhighlight> |
<syntaxhighlight lang=xml> |
||
<rule-set target-interface="LAN1" drop="reject" comment="Default firewall rule - block incoming"> |
<rule-set target-interface="LAN1" drop="reject" comment="Default firewall rule - block incoming"> |
||
<rule source-interface="self" comment="Allow from the FireBrick though"/> |
<rule source-interface="self" comment="Allow from the FireBrick though"/> |
||
| Line 261: | Line 262: | ||
If you have VoIP phones on your LAN, then here are some example rules to allow SIP and RTP from the AAISP phone servers: |
If you have VoIP phones on your LAN, then here are some example rules to allow SIP and RTP from the AAISP phone servers: |
||
<syntaxhighlight> |
<syntaxhighlight lang=xml> |
||
<rule-set name="Incoming Firewall Rules"> |
<rule-set name="Incoming Firewall Rules"> |
||
<rule name="SIP" source-ip="81.187.30.110-119" target-ip="192.0.2.0/28" target-port="5060-5069"/> |
<rule name="SIP" source-ip="81.187.30.110-119" target-ip="192.0.2.0/28" target-port="5060-5069"/> |
||
| Line 274: | Line 275: | ||
You may only want to allow access to the FireBrick webserver from your LAN, do this in the http service, e.g., change the current line to: |
You may only want to allow access to the FireBrick webserver from your LAN, do this in the http service, e.g., change the current line to: |
||
<syntaxhighlight> |
<syntaxhighlight lang=xml> |
||
<http allow="192.0.2.1/28"/> |
<http allow="192.0.2.1/28"/> |
||
</syntaxhighlight> |
</syntaxhighlight> |
||
| Line 292: | Line 293: | ||
So, our config will look like this: |
So, our config will look like this: |
||
<syntaxhighlight> |
<syntaxhighlight lang=xml> |
||
<interface name="LAN1" port="LAN1"> |
<interface name="LAN1" port="LAN1"> |
||
<subnet ip="2001:8B0:123:1::1/64" ra="true" comment="[[IPv6]] LAN"/> |
<subnet ip="2001:8B0:123:1::1/64" ra="true" comment="[[IPv6]] LAN"/> |
||
| Line 302: | Line 303: | ||
Our complete config now looks like: |
Our complete config now looks like: |
||
<syntaxhighlight> |
<syntaxhighlight lang=xml> |
||
<?xml version="1.0" encoding="UTF-8"?> |
<?xml version="1.0" encoding="UTF-8"?> |
||
<config xmlns="http://firebrick.ltd.uk/xml/fb2700/" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://firebrick.ltd.uk/xml/fb2700/ http://firebrick.ltd.uk/xml/fb2700/0.00.605.xsd" timestamp="1970-01-01T00:00:07Z"> |
<config xmlns="http://firebrick.ltd.uk/xml/fb2700/" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://firebrick.ltd.uk/xml/fb2700/ http://firebrick.ltd.uk/xml/fb2700/0.00.605.xsd" timestamp="1970-01-01T00:00:07Z"> |
||
| Line 343: | Line 344: | ||
In this example, I'm pointing it to a DNS server on 2001:8B0:B7:1::2. |
In this example, I'm pointing it to a DNS server on 2001:8B0:B7:1::2. |
||
<syntaxhighlight> |
<syntaxhighlight lang=xml> |
||
<subnet ip="2001:8B0:123:1::1/64" ra="true" ra-dns="2001:8B0:123:1::2"/> |
<subnet ip="2001:8B0:123:1::1/64" ra="true" ra-dns="2001:8B0:123:1::2"/> |
||
</syntaxhighlight> |
</syntaxhighlight> |
||
| Line 354: | Line 355: | ||
Setting the 'O' flag in the RA, telling the client to do DHCPv6 after auto-configuration, and request 'Other' config data, i.e. DNS. |
Setting the 'O' flag in the RA, telling the client to do DHCPv6 after auto-configuration, and request 'Other' config data, i.e. DNS. |
||
<syntaxhighlight> |
<syntaxhighlight lang=xml> |
||
<subnet ip="2001:8B0:123:1::1/64" ra="true" ra-other="true"/> |
<subnet ip="2001:8B0:123:1::1/64" ra="true" ra-other="true"/> |
||
</syntaxhighlight> |
</syntaxhighlight> |
||
| Line 364: | Line 365: | ||
To enable the 'O' flag AND the mini-DHCPv6, set the ra-other option to 'dhcpv6', and also specify the DNS server address to be doled out in the rd-dns option: |
To enable the 'O' flag AND the mini-DHCPv6, set the ra-other option to 'dhcpv6', and also specify the DNS server address to be doled out in the rd-dns option: |
||
<syntaxhighlight> |
<syntaxhighlight lang=xml> |
||
<subnet ip="2001:8B0:123:1::1/64" ra="true" ra-other="dhcpv6" ra-dns="2001:8B0:123:1::2"/> |
<subnet ip="2001:8B0:123:1::1/64" ra="true" ra-other="dhcpv6" ra-dns="2001:8B0:123:1::2"/> |
||
</syntaxhighlight> |
</syntaxhighlight> |
||
| Line 387: | Line 388: | ||
Set up port 3 to connect to the second modem you have, i.e.: |
Set up port 3 to connect to the second modem you have, i.e.: |
||
<syntaxhighlight> |
<syntaxhighlight lang=xml> |
||
<ppp port="WAN2" username="abc@a.2" password="secret" comment="BT ADSL" graph="BT ADSL 2" log="true"/> |
<ppp port="WAN2" username="abc@a.2" password="secret" comment="BT ADSL" graph="BT ADSL 2" log="true"/> |
||
</syntaxhighlight> |
</syntaxhighlight> |
||
and change the port from: |
and change the port from: |
||
<syntaxhighlight> |
<syntaxhighlight lang=xml> |
||
<port name="LAN3" ports="3"/> |
<port name="LAN3" ports="3"/> |
||
</syntaxhighlight> |
</syntaxhighlight> |
||
to |
to |
||
<syntaxhighlight> |
<syntaxhighlight lang=xml> |
||
<port name="WAN2" ports="3"/> |
<port name="WAN2" ports="3"/> |
||
</syntaxhighlight> |
</syntaxhighlight> |
||
| Line 415: | Line 416: | ||
e.g.: |
e.g.: |
||
<syntaxhighlight> |
<syntaxhighlight lang=xml> |
||
<ppp port="WAN1" username="abc@a.1" password="secret" comment="BT ADSL" graph="BT ADSL" log="true" speed="1000000"/> |
<ppp port="WAN1" username="abc@a.1" password="secret" comment="BT ADSL" graph="BT ADSL" log="true" speed="1000000"/> |
||
<ppp port="WAN2" username="abc@a.2" password="secret" comment="BT ADSL" graph="BT ADSL 2" log="true" speed="1000000"/> |
<ppp port="WAN2" username="abc@a.2" password="secret" comment="BT ADSL" graph="BT ADSL 2" log="true" speed="1000000"/> |
||
| Line 424: | Line 425: | ||
Our config now looks like this: |
Our config now looks like this: |
||
<syntaxhighlight> |
<syntaxhighlight lang=xml> |
||
<?xml version="1.0" encoding="UTF-8"?> |
<?xml version="1.0" encoding="UTF-8"?> |
||
<config xmlns="http://firebrick.ltd.uk/xml/fb2700/" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://firebrick.ltd.uk/xml/fb2700/ http://firebrick.ltd.uk/xml/fb2700/0.00.605.xsd" timestamp="1970-01-01T00:00:07Z"> |
<config xmlns="http://firebrick.ltd.uk/xml/fb2700/" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://firebrick.ltd.uk/xml/fb2700/ http://firebrick.ltd.uk/xml/fb2700/0.00.605.xsd" timestamp="1970-01-01T00:00:07Z"> |
||
| Line 455: | Line 456: | ||
If you have an AA data SIM, the FireBrick can configured to use this as a backup connection, by using a 3G dongle plugged into the USB port. Any routed legacy IP blocks will continue to work across this link, but so far [[IPv6]] isn't supported. The FireBrick is known to support the ZTE MF112 Dongle and some Huawei dongles. Others may work too. |
If you have an AA data SIM, the FireBrick can configured to use this as a backup connection, by using a 3G dongle plugged into the USB port. Any routed legacy IP blocks will continue to work across this link, but so far [[IPv6]] isn't supported. The FireBrick is known to support the ZTE MF112 Dongle and some Huawei dongles. Others may work too. |
||
The basic config is: |
The basic config is: |
||
<syntaxhighlight> |
<syntaxhighlight lang=xml> |
||
<usb> |
<usb> |
||
<dongle username="startup_user@startup_domain" password=""/> |
<dongle username="startup_user@startup_domain" password=""/> |
||
| Line 468: | Line 469: | ||
To make use of port 2, we can configure it to be another LAN1 port. |
To make use of port 2, we can configure it to be another LAN1 port. |
||
Our current port config is: |
Our current port config is: |
||
<syntaxhighlight> |
<syntaxhighlight lang=xml> |
||
<port name="LAN1" ports="1"/> |
<port name="LAN1" ports="1"/> |
||
<port name="LAN2" ports="2"/> |
<port name="LAN2" ports="2"/> |
||
| Line 475: | Line 476: | ||
</syntaxhighlight> |
</syntaxhighlight> |
||
We can change this to make port 2 a LAN1 port: |
We can change this to make port 2 a LAN1 port: |
||
<syntaxhighlight> |
<syntaxhighlight lang=xml> |
||
<port name="LAN1" ports="1 2"/> |
<port name="LAN1" ports="1 2"/> |
||
<port name="WAN2" ports="3"/> |
<port name="WAN2" ports="3"/> |
||
| Line 490: | Line 491: | ||
In order to talk to the Modem from the LAN side of the FireBrick, a Subnet on the FireBrick needs to be made. This subnet would be on the WAN Interface, e.g.: |
In order to talk to the Modem from the LAN side of the FireBrick, a Subnet on the FireBrick needs to be made. This subnet would be on the WAN Interface, e.g.: |
||
<syntaxhighlight> |
<syntaxhighlight lang=xml> |
||
<interface name="WAN" port="WAN1"> |
<interface name="WAN" port="WAN1"> |
||
<subnet ip="192.168.1.1/24" comment="IP subnet on WAN for router config"/> |
<subnet ip="192.168.1.1/24" comment="IP subnet on WAN for router config"/> |
||