Jump to content

This is the support site for Andrews & Arnold Ltd, a UK Internet provider. Information on these pages is generally for our customers but may be useful to others, enjoy!

FireBrick 2700 Configuration: Difference between revisions

← Older editNewer edit →
Content deleted Content added
CrazyTeeka (talk | contribs)
editor
426 edits
CrazyTeeka (talk | contribs)
editor
426 edits
mNo edit summary
Line 213: Line 213:
<syntaxhighlight>
<syntaxhighlight>
<interface name="LAN" port="LAN" ra-client="false">
<interface name="LAN" port="LAN" ra-client="false">
<subnet ip="1.2.3.4/24 2001:8b0::1/64"/>
<subnet ip="10.0.0.1/24 2001:8b0::1/64"/>
</interface>
</interface>
</syntaxhighlight>
</syntaxhighlight>
Line 219: Line 219:
<syntaxhighlight>
<syntaxhighlight>
<interface name="LAN" port="LAN" ra-client="false">
<interface name="LAN" port="LAN" ra-client="false">
<subnet ip="1.2.3.4/24 2001:8b0::1/64" ra="true" ra-mtu="1480" ra-dns="2001:8b0::2020 2001:8b0::2021"/>
<subnet ip="10.0.0.1/24 2001:8b0::1/64" ra="true" ra-mtu="1480" ra-dns="2001:8b0::2020 2001:8b0::2021"/>
</interface>
</interface>
</syntaxhighlight>
</syntaxhighlight>
Line 225: Line 225:
<syntaxhighlight>
<syntaxhighlight>
<interface name="LAN" port="LAN" ra-client="false">
<interface name="LAN" port="LAN" ra-client="false">
<subnet ip="1.2.3.4/24 2001:8b0::1/64" ra="true" ra-mtu="1472" ra-dns="2001:8b0::2020 2001:8b0::2021"/>
<subnet ip="10.0.0.1/24 2001:8b0::1/64" ra="true" ra-mtu="1472" ra-dns="2001:8b0::2020 2001:8b0::2021"/>
</interface>
</interface>
</syntaxhighlight>
</syntaxhighlight>
Line 247: Line 247:
Connect to AAISP over PPPoE session (with NAT):
Connect to AAISP over PPPoE session (with NAT):
<syntaxhighlight>
<syntaxhighlight>
<ppp name="AAISP" port="WAN" username="me@a.1" password="secret" graph="AAISP" log="default"/>
<ppp name="AAISP" port="WAN" username="me@a.1" password="secret" nat="true" graph="AAISP" log="default"/>
</syntaxhighlight>
</syntaxhighlight>
Connect to AAISP over PPPoE session (without NAT):
Connect to AAISP over PPPoE session (without NAT):
Line 255: Line 255:
Connect to AAISP over PPPoE session (with MTU 1500 and NAT):
Connect to AAISP over PPPoE session (with MTU 1500 and NAT):
<syntaxhighlight>
<syntaxhighlight>
<ppp name="AAISP" port="WAN" username="me@a.1" password="secret" mtu="1500" graph="AAISP" log="default"/>
<ppp name="AAISP" port="WAN" username="me@a.1" password="secret" nat="true" mtu="1500" graph="AAISP" log="default"/>
</syntaxhighlight>
</syntaxhighlight>
Connect to AAISP over PPPoE session (with MTU 1500 but without NAT):
Connect to AAISP over PPPoE session (with MTU 1500 but without NAT):
Line 263: Line 263:
Connect to AAISP over PPPoE session (with MTU 1500, 3G dongle tweaks and NAT):
Connect to AAISP over PPPoE session (with MTU 1500, 3G dongle tweaks and NAT):
<syntaxhighlight>
<syntaxhighlight>
<ppp name="AAISP" port="WAN" username="me@a.1" password="secret" mtu="1500" lcp-rate="1" lcp-timeout="5" graph="AAISP" log="default"/>
<ppp name="AAISP" port="WAN" username="me@a.1" password="secret" nat="true" mtu="1500" lcp-rate="1" lcp-timeout="5" graph="AAISP" log="default"/>
</syntaxhighlight>
</syntaxhighlight>
Connect to AAISP over PPPoE session (with MTU 1500, 3G dongle tweaks but without NAT):
Connect to AAISP over PPPoE session (with MTU 1500, 3G dongle tweaks but without NAT):
Line 273: Line 273:
Connect to AAISP over 3G dongle (with NAT):
Connect to AAISP over 3G dongle (with NAT):
<syntaxhighlight>
<syntaxhighlight>
<dongle name="AAISP-3G" username="me@a.2" password="secret" graph="AAISP-3G" log="default"/>
<dongle name="AAISP-3G" username="me@a.2" password="secret" nat="true" graph="AAISP-3G" log="default"/>
</syntaxhighlight>
</syntaxhighlight>
Connect to AAISP over 3G dongle (without NAT):
Connect to AAISP over 3G dongle (without NAT):
Line 281: Line 281:
Connect to AAISP over 3G dongle (with APN and NAT):
Connect to AAISP over 3G dongle (with APN and NAT):
<syntaxhighlight>
<syntaxhighlight>
<dongle name="AAISP-3G" apn="m2m.aql.net" username="me@a.2" password="secret" graph="AAISP-3G" log="default"/>
<dongle name="AAISP-3G" apn="m2m.aql.net" username="me@a.2" password="secret" nat="true" graph="AAISP-3G" log="default"/>
</syntaxhighlight>
</syntaxhighlight>
Connect to AAISP over 3G dongle (with APN but without NAT):
Connect to AAISP over 3G dongle (with APN but without NAT):
Line 308: Line 308:
Allow inbound calls to your VoIP Phone, if you register it with Voiceless:
Allow inbound calls to your VoIP Phone, if you register it with Voiceless:
<syntaxhighlight>
<syntaxhighlight>
<rule name="SIP" source-ip="81.187.30.110-119 90.155.3.0/24 90.155.103.0/24 2001:8b0:0:30::5060:0/112 2001:8b0:5060::/48" target-ip="1.2.3.4" target-port="5060" action="accept"/>
<rule name="SIP" source-ip="81.187.30.110-119 90.155.3.0/24 90.155.103.0/24 2001:8b0:0:30::5060:0/112 2001:8b0:5060::/48" target-ip="10.0.0.3" target-port="5060" action="accept"/>
<rule name="RTP" source-ip="81.187.30.110-119 90.155.3.0/24 90.155.103.0/24 2001:8b0:0:30::5060:0/112 2001:8b0:5060::/48" target-ip="1.2.3.4" target-port="1024-65535" protocol="17" action="accept"/>
<rule name="RTP" source-ip="81.187.30.110-119 90.155.3.0/24 90.155.103.0/24 2001:8b0:0:30::5060:0/112 2001:8b0:5060::/48" target-ip="10.0.0.3" target-port="1024-65535" protocol="17" action="accept"/>
</syntaxhighlight>
</syntaxhighlight>
Allow inbound calls to your Snom Phone, if you register it with Voiceless:
Allow inbound calls to your Snom Phone, if you register it with Voiceless:
<syntaxhighlight>
<syntaxhighlight>
<rule name="SIP" source-ip="81.187.30.110-119 90.155.3.0/24 90.155.103.0/24 2001:8b0:0:30::5060:0/112 2001:8b0:5060::/48" target-ip="1.2.3.4" target-port="5060" action="accept"/>
<rule name="SIP" source-ip="81.187.30.110-119 90.155.3.0/24 90.155.103.0/24 2001:8b0:0:30::5060:0/112 2001:8b0:5060::/48" target-ip="10.0.0.3" target-port="5060" action="accept"/>
<rule name="RTP" source-ip="81.187.30.110-119 90.155.3.0/24 90.155.103.0/24 2001:8b0:0:30::5060:0/112 2001:8b0:5060::/48" target-ip="1.2.3.4" target-port="49152-65534" protocol="17" action="accept"/>
<rule name="RTP" source-ip="81.187.30.110-119 90.155.3.0/24 90.155.103.0/24 2001:8b0:0:30::5060:0/112 2001:8b0:5060::/48" target-ip="10.0.0.3" target-port="49152-65534" protocol="17" action="accept"/>
</syntaxhighlight>
</syntaxhighlight>


==VoIP:==
==VoIP:==
VoIP with IPv6 source IP defined:
<syntaxhighlight>
<voip source-ip6="2001:8b0::1">
</voip>
</syntaxhighlight>
VoIP with IPv4 and IPv6 source IPs defined:
VoIP with IPv4 and IPv6 source IPs defined:
<syntaxhighlight>
<syntaxhighlight>
<voip source-ip4="1.2.3.4" source-ip6="2001:8b0::1">
<voip source-ip4="x.x.x.x" source-ip6="2001:8b0::1">
</voip>
</voip>
</syntaxhighlight>
</syntaxhighlight>
Line 349: Line 354:
Connect to AAISP over PPPoE session (with NAT):
Connect to AAISP over PPPoE session (with NAT):
<syntaxhighlight>
<syntaxhighlight>
<ppp name="AAISP" port="WAN" username="me@a.1" password="secret" graph="AAISP" log="default"/>
<ppp name="AAISP" port="WAN" username="me@a.1" password="secret" nat="true" graph="AAISP" log="default"/>
</syntaxhighlight>
</syntaxhighlight>
==Without NAT:==
==Without NAT:==
Line 368: Line 373:
<syntaxhighlight>
<syntaxhighlight>
<?xml version="1.0" encoding="UTF-8"?>
<?xml version="1.0" encoding="UTF-8"?>

<config xmlns="http://firebrick.ltd.uk/xml/fb2700/"
<config xmlns="http://firebrick.ltd.uk/xml/fb2700/"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://firebrick.ltd.uk/xml/fb2700/ http://firebrick.ltd.uk/download/FB2701/xml/fb2700/1.31.000.xsd"
xsi:schemaLocation="http://firebrick.ltd.uk/xml/fb2700/ http://firebrick.ltd.uk/download/FB2701/xml/fb2700/1.31.000.xsd"
patch="20687">
patch="20687">
<system contact="John Doe" log-panic="fb-support"/>

<user name="admin" password="secret" timeout="0"/>
<system contact="John Doe" log-panic="fb-support"/>
<log name="default" comment="General logging for web viewing"/>

<log name="fb-support" comment="Log target for sending logs to FireBrick support team">
<user name="admin" password="secret" timeout="0"/>
<email to="crashlog@firebrick.ltd.uk" delay="10" comment="Crash logs emailed to FireBrick support team"/>

</log>
<log name="default" comment="General logging for web viewing"/>
<services>

<ntp/>
<log name="fb-support" comment="Log target for sending logs to FireBrick support team">
<telnet/>
<email to="crashlog@firebrick.ltd.uk" delay="10" comment="Crash logs emailed to FireBrick support team"/>
<http/>
</log>
<dns resolvers="217.169.20.20 217.169.20.21 2001:8b0::2020 2001:8b0::2021"/>

<services>
</services>
<port name="LAN" ports="1 2 3"/>
<ntp ntpserver="time.aa.net.uk"/>
<port name="WAN" ports="4"/>
<telnet/>
<interface name="LAN" port="LAN" ra-client="false">
<http/>
<dns resolvers="217.169.20.20 217.169.20.21 2001:8b0::2020 2001:8b0::2021"/>
<subnet ip="10.0.0.1/24 2001:8b0::1/64"/>
<dhcp name="DHCP" ip="10.0.0.1-254" lease="1:00:00"/>
</services>
</interface>

<port name="LAN" ports="1 2 3"/>
<interface name="WAN" port="WAN" ra-client="false"/>
<ppp name="AAISP" port="WAN" username="me@a.1" password="secret" graph="AAISP" log="default" nat="true"/>
<port name="WAN" ports="4"/>
<rule-set name="Firewall: LAN" target-interface="LAN" no-match-action="reject" comment="Default firewall rule for traffic to LAN">

<rule name="Allow Firebrick" source-interface="self" comment="Allow all from the FireBrick to LAN"/>
<interface name="LAN" port="LAN" ra-client="false">
</rule-set>
<subnet ip="10.0.0.1/24"/>
<dhcp name="DHCP" ip="10.0.0.1-254" lease="1:00:00"/>
</interface>

<interface name="WAN" port="WAN" ra-client="false"/>

<ppp name="AAISP" port="WAN" username="me@a.1" password="secret" graph="AAISP" log="default"/>

<usb>
<dongle name="AAISP-3G" username="me@a.2" password="secret" graph="AAISP-3G" log="default"/>
</usb>

<route ip="::/0" gateway="81.187.81.6" comment="IPv6 default route using IPv4 tunnel"/>

<rule-set name="Firewall: LAN" target-interface="LAN" no-match-action="reject" comment="Default firewall rule for traffic to LAN">
<rule name="Allow Firebrick" source-interface="self" comment="Allow all from the FireBrick to LAN"/>
</rule-set>

</config>
</config>
</syntaxhighlight>
</syntaxhighlight>
Retrieved from "http://support.aa.net.uk/FireBrick_2700_Configuration"