Jump to content

This is the support site for Andrews & Arnold Ltd, a UK Internet provider. Information on these pages is generally for our customers but may be useful to others, enjoy!

FireBrick 2700 Configuration run-through: Difference between revisions

← Older editNewer edit →
Content deleted Content added
AA-Andrew (talk | contribs)
autoreview, Bureaucrats, editor, Interface administrators, reviewer, Administrators
12,616 edits
Undo revision 277 by AA-Andrew (talk)
AA-Andrew (talk | contribs)
autoreview, Bureaucrats, editor, Interface administrators, reviewer, Administrators
12,616 edits
Undo revision 278 by AA-Andrew (talk)
Line 15: Line 15:


The default configuration (or a fully-loaded FireBrick) looks like this:
The default configuration (or a fully-loaded FireBrick) looks like this:
<div dir="ltr" class="mw-geshi" style="text-align: left;"><div class="xml source-xml"><pre class="de1"><span class="sc3"><span class="re1">&lt;?xml</span> <span class="re0">version</span>=<span class="st0">"1.0"</span> <span class="re0">encoding</span>=<span class="st0">"UTF-8"</span><span class="re2">?&gt;</span></span> <span class="sc3"><span class="re1">&lt;config</span> <span class="re0">xmlns</span>=<span class="st0">"http://firebrick.ltd.uk/xml/fb2700/"</span></span> <span class="sc3"><span class="re0">xmlns:xsi</span>=<span class="st0">"http://www.w3.org/2001/XMLSchema-instance"</span></span> <span class="sc3"><span class="re0">xsi:schemaLocation</span>=<span class="st0">"http://firebrick.ltd.uk/xml/fb2700/</span> <span class="sc3">http://firebrick.ltd.uk/xml/fb2700/0.00.605.xsd"</span></span> <span class="sc3"><span class="re0">timestamp</span>=<span class="st0">"1970-01-01T00:00:07Z"</span><span class="re2">&gt;</span></span> <span class="sc3"><span class="re1">&lt;port</span> <span class="re0">name</span>=<span class="st0">"LAN1"</span> <span class="re0">ports</span>=<span class="st0">"1"</span><span class="re2">/&gt;</span></span> <span class="sc3"><span class="re1">&lt;port</span> <span class="re0">name</span>=<span class="st0">"LAN2"</span> <span class="re0">ports</span>=<span class="st0">"2"</span><span class="re2">/&gt;</span></span> <span class="sc3"><span class="re1">&lt;port</span> <span class="re0">name</span>=<span class="st0">"LAN3"</span> <span class="re0">ports</span>=<span class="st0">"3"</span><span class="re2">/&gt;</span></span> <span class="sc3"><span class="re1">&lt;port</span> <span class="re0">name</span>=<span class="st0">"LAN4"</span> <span class="re0">ports</span>=<span class="st0">"4"</span><span class="re2">/&gt;</span></span> <span class="sc3"><span class="re1">&lt;interface</span> <span class="re0">name</span>=<span class="st0">"LAN1"</span> <span class="re0">port</span>=<span class="st0">"LAN1"</span><span class="re2">&gt;</span></span> <span class="sc3"><span class="re1">&lt;subnet</span> <span class="re0">comment</span>=<span class="st0">"dhcp client"</span><span class="re2">/&gt;</span></span> <span class="sc3"><span class="re1">&lt;subnet</span> <span class="re0">ip</span>=<span class="st0">"2001:DB8::1/64 10.0.0.1/24"</span> <span class="re0">nat</span>=<span class="st0">"true"</span></span> <span class="sc3"><span class="re0">comment</span>=<span class="st0">"Temporary IPs for setup only, delete when finished configuring"</span><span class="re2">/&gt;</span></span> <span class="sc3"><span class="re1">&lt;dhcp</span> <span class="re0">ip</span>=<span class="st0">"10.0.0.100-199"</span><span class="re2">/&gt;</span></span> <span class="sc3"><span class="re1">&lt;/interface<span class="re2">&gt;</span></span></span> <span class="sc3"><span class="re1">&lt;ppp</span> <span class="re0">port</span>=<span class="st0">"LAN4"</span> <span class="re0">username</span>=<span class="st0">"startup_user@startup_domain"</span> <span class="re0">password</span>=<span class="st0">""</span></span> <span class="sc3"><span class="re0">comment</span>=<span class="st0">"Example PPPoE config for DSL/FTTC/FTTP/etc"</span><span class="re2">/&gt;</span></span> <span class="sc3"><span class="re1">&lt;services<span class="re2">&gt;</span></span></span> <span class="sc3"><span class="re1">&lt;ntp</span><span class="re2">/&gt;</span></span> <span class="sc3"><span class="re1">&lt;telnet</span> <span class="re0">comment</span>=<span class="st0">"Set allow IP list to restrict access"</span><span class="re2">/&gt;</span></span> <span class="sc3"><span class="re1">&lt;http</span><span class="re2">/&gt;</span></span> <span class="sc3"><span class="re1">&lt;/services<span class="re2">&gt;</span></span></span> <span class="sc3"><span class="re1">&lt;rule-set</span> <span class="re0">target-interface</span>=<span class="st0">"LAN1"</span> <span class="re0">drop</span>=<span class="st0">"reject"</span> <span class="re0">comment</span>=<span class="st0">"default</span> <span class="sc3">firewall rule - block incoming"</span><span class="re2">&gt;</span></span> <span class="sc3"><span class="re1">&lt;rule</span> <span class="re0">source-interface</span>=<span class="st0">"self"</span> <span class="re0">comment</span>=<span class="st0">"allow from the FireBrick</span> <span class="sc3">though"</span><span class="re2">/&gt;</span></span> <span class="sc3"><span class="re1">&lt;/rule-set<span class="re2">&gt;</span></span></span> <span class="sc3"><span class="re1">&lt;/config<span class="re2">&gt;</span></span></span></pre></div></div>
<div dir="ltr" class="mw-geshi" style="text-align: left;"><div class="xml source-xml"><pre class="de1">&lt;span class="sc3"&gt;&lt;span class="re1"&gt;&lt;?xml&lt;/span&gt; &lt;span class="re0"&gt;version&lt;/span&gt;=&lt;span class="st0"&gt;"1.0"&lt;/span&gt; &lt;span class="re0"&gt;encoding&lt;/span&gt;=&lt;span class="st0"&gt;"UTF-8"&lt;/span&gt;&lt;span class="re2"&gt;?&gt;&lt;/span&gt;&lt;/span&gt; &lt;span class="sc3"&gt;&lt;span class="re1"&gt;&lt;config&lt;/span&gt; &lt;span class="re0"&gt;xmlns&lt;/span&gt;=&lt;span class="st0"&gt;"http://firebrick.ltd.uk/xml/fb2700/" &lt;/span&gt;&lt;/span&gt;&lt;span class="sc3"&gt;&lt;span class="re0"&gt;xmlns:xsi&lt;/span&gt;=&lt;span class="st0"&gt;"http://www.w3.org/2001/XMLSchema-instance" &lt;/span&gt;&lt;/span&gt;&lt;span class="sc3"&gt;&lt;span class="re0"&gt;xsi:schemaLocation&lt;/span&gt;=&lt;span class="st0"&gt;"http://firebrick.ltd.uk/xml/fb2700/&lt;/span&gt; &lt;span class="sc3"&gt;http://firebrick.ltd.uk/xml/fb2700/0.00.605.xsd"&lt;/span&gt;&lt;/span&gt; &lt;span class="sc3"&gt;&lt;span class="re0"&gt;timestamp&lt;/span&gt;=&lt;span class="st0"&gt;"1970-01-01T00:00:07Z"&lt;/span&gt;&lt;span class="re2"&gt;&gt;&lt;/span&gt;&lt;/span&gt; &lt;span class="sc3"&gt;&lt;span class="re1"&gt;&lt;port&lt;/span&gt; &lt;span class="re0"&gt;name&lt;/span&gt;=&lt;span class="st0"&gt;"LAN1"&lt;/span&gt; &lt;span class="re0"&gt;ports&lt;/span&gt;=&lt;span class="st0"&gt;"1"&lt;/span&gt;&lt;span class="re2"&gt;/&gt;&lt;/span&gt;&lt;/span&gt; &lt;span class="sc3"&gt;&lt;span class="re1"&gt;&lt;port&lt;/span&gt; &lt;span class="re0"&gt;name&lt;/span&gt;=&lt;span class="st0"&gt;"LAN2"&lt;/span&gt; &lt;span class="re0"&gt;ports&lt;/span&gt;=&lt;span class="st0"&gt;"2"&lt;/span&gt;&lt;span class="re2"&gt;/&gt;&lt;/span&gt;&lt;/span&gt; &lt;span class="sc3"&gt;&lt;span class="re1"&gt;&lt;port&lt;/span&gt; &lt;span class="re0"&gt;name&lt;/span&gt;=&lt;span class="st0"&gt;"LAN3"&lt;/span&gt; &lt;span class="re0"&gt;ports&lt;/span&gt;=&lt;span class="st0"&gt;"3"&lt;/span&gt;&lt;span class="re2"&gt;/&gt;&lt;/span&gt;&lt;/span&gt; &lt;span class="sc3"&gt;&lt;span class="re1"&gt;&lt;port&lt;/span&gt; &lt;span class="re0"&gt;name&lt;/span&gt;=&lt;span class="st0"&gt;"LAN4"&lt;/span&gt; &lt;span class="re0"&gt;ports&lt;/span&gt;=&lt;span class="st0"&gt;"4"&lt;/span&gt;&lt;span class="re2"&gt;/&gt;&lt;/span&gt;&lt;/span&gt; &lt;span class="sc3"&gt;&lt;span class="re1"&gt;&lt;interface&lt;/span&gt; &lt;span class="re0"&gt;name&lt;/span&gt;=&lt;span class="st0"&gt;"LAN1"&lt;/span&gt; &lt;span class="re0"&gt;port&lt;/span&gt;=&lt;span class="st0"&gt;"LAN1"&lt;/span&gt;&lt;span class="re2"&gt;&gt;&lt;/span&gt;&lt;/span&gt; &lt;span class="sc3"&gt;&lt;span class="re1"&gt;&lt;subnet&lt;/span&gt; &lt;span class="re0"&gt;comment&lt;/span&gt;=&lt;span class="st0"&gt;"dhcp client"&lt;/span&gt;&lt;span class="re2"&gt;/&gt;&lt;/span&gt;&lt;/span&gt; &lt;span class="sc3"&gt;&lt;span class="re1"&gt;&lt;subnet&lt;/span&gt; &lt;span class="re0"&gt;ip&lt;/span&gt;=&lt;span class="st0"&gt;"2001:DB8::1/64 10.0.0.1/24"&lt;/span&gt; &lt;span class="re0"&gt;nat&lt;/span&gt;=&lt;span class="st0"&gt;"true" &lt;/span&gt;&lt;/span&gt;&lt;span class="sc3"&gt;&lt;span class="re0"&gt;comment&lt;/span&gt;=&lt;span class="st0"&gt;"Temporary IPs for setup only, delete when finished configuring"&lt;/span&gt;&lt;span class="re2"&gt;/&gt;&lt;/span&gt;&lt;/span&gt; &lt;span class="sc3"&gt;&lt;span class="re1"&gt;&lt;dhcp&lt;/span&gt; &lt;span class="re0"&gt;ip&lt;/span&gt;=&lt;span class="st0"&gt;"10.0.0.100-199"&lt;/span&gt;&lt;span class="re2"&gt;/&gt;&lt;/span&gt;&lt;/span&gt; &lt;span class="sc3"&gt;&lt;span class="re1"&gt;&lt;/interface&lt;span class="re2"&gt;&gt;&lt;/span&gt;&lt;/span&gt;&lt;/span&gt; &lt;span class="sc3"&gt;&lt;span class="re1"&gt;&lt;ppp&lt;/span&gt; &lt;span class="re0"&gt;port&lt;/span&gt;=&lt;span class="st0"&gt;"LAN4"&lt;/span&gt; &lt;span class="re0"&gt;username&lt;/span&gt;=&lt;span class="st0"&gt;"startup_user@startup_domain"&lt;/span&gt; &lt;span class="re0"&gt;password&lt;/span&gt;=&lt;span class="st0"&gt;"" &lt;/span&gt;&lt;/span&gt;&lt;span class="sc3"&gt;&lt;span class="re0"&gt;comment&lt;/span&gt;=&lt;span class="st0"&gt;"Example PPPoE config for DSL/FTTC/FTTP/etc"&lt;/span&gt;&lt;span class="re2"&gt;/&gt;&lt;/span&gt;&lt;/span&gt; &lt;span class="sc3"&gt;&lt;span class="re1"&gt;&lt;services&lt;span class="re2"&gt;&gt;&lt;/span&gt;&lt;/span&gt;&lt;/span&gt; &lt;span class="sc3"&gt;&lt;span class="re1"&gt;&lt;ntp&lt;/span&gt;&lt;span class="re2"&gt;/&gt;&lt;/span&gt;&lt;/span&gt; &lt;span class="sc3"&gt;&lt;span class="re1"&gt;&lt;telnet&lt;/span&gt; &lt;span class="re0"&gt;comment&lt;/span&gt;=&lt;span class="st0"&gt;"Set allow IP list to restrict access"&lt;/span&gt;&lt;span class="re2"&gt;/&gt;&lt;/span&gt;&lt;/span&gt; &lt;span class="sc3"&gt;&lt;span class="re1"&gt;&lt;http&lt;/span&gt;&lt;span class="re2"&gt;/&gt;&lt;/span&gt;&lt;/span&gt; &lt;span class="sc3"&gt;&lt;span class="re1"&gt;&lt;/services&lt;span class="re2"&gt;&gt;&lt;/span&gt;&lt;/span&gt;&lt;/span&gt; &lt;span class="sc3"&gt;&lt;span class="re1"&gt;&lt;rule-set&lt;/span&gt; &lt;span class="re0"&gt;target-interface&lt;/span&gt;=&lt;span class="st0"&gt;"LAN1"&lt;/span&gt; &lt;span class="re0"&gt;drop&lt;/span&gt;=&lt;span class="st0"&gt;"reject"&lt;/span&gt; &lt;span class="re0"&gt;comment&lt;/span&gt;=&lt;span class="st0"&gt;"default &lt;/span&gt;&lt;span class="sc3"&gt;firewall rule - block incoming"&lt;/span&gt;&lt;span class="re2"&gt;&gt;&lt;/span&gt;&lt;/span&gt; &lt;span class="sc3"&gt;&lt;span class="re1"&gt;&lt;rule&lt;/span&gt; &lt;span class="re0"&gt;source-interface&lt;/span&gt;=&lt;span class="st0"&gt;"self"&lt;/span&gt; &lt;span class="re0"&gt;comment&lt;/span&gt;=&lt;span class="st0"&gt;"allow from the FireBrick &lt;/span&gt;&lt;span class="sc3"&gt;though"&lt;/span&gt;&lt;span class="re2"&gt;/&gt;&lt;/span&gt;&lt;/span&gt; &lt;span class="sc3"&gt;&lt;span class="re1"&gt;&lt;/rule-set&lt;span class="re2"&gt;&gt;&lt;/span&gt;&lt;/span&gt;&lt;/span&gt; &lt;span class="sc3"&gt;&lt;span class="re1"&gt;&lt;/config&lt;span class="re2"&gt;&gt;&lt;/span&gt;&lt;/span&gt;&lt;/span&gt;</pre></div></div>
Which sets up the 4 Ethernet ports as separate LANs, and an IP of 10.0.0.1 (and 2001:DB8::1)&nbsp;with the FireBrick acting DHCP server on the first port. So, connecting a computer to Port 1 should get you a 10.0.0.x IP address, and you can access http://10.0.0.1
Which sets up the 4 Ethernet ports as separate LANs, and an IP of 10.0.0.1 (and 2001:DB8::1)&nbsp;with the FireBrick acting DHCP server on the first port. So, connecting a computer to Port 1 should get you a 10.0.0.x IP address, and you can access http://10.0.0.1


Retrieved from "http://support.aa.net.uk/FireBrick_2700_Configuration_run-through"