Jump to content

This is the support site for Andrews & Arnold Ltd, a UK Internet provider. Information on these pages is generally for our customers but may be useful to others, enjoy!

FireBrick 2700 Configuration: Difference between revisions

← Older editNewer edit →
Content deleted Content added
CrazyTeeka (talk | contribs)
editor
426 edits
mNo edit summary
CrazyTeeka (talk | contribs)
editor
426 edits
mNo edit summary
Line 130: Line 130:
Enable telnet server, allow inbound to telnet server from a single IPv4 address:
Enable telnet server, allow inbound to telnet server from a single IPv4 address:
<syntaxhighlight>
<syntaxhighlight>
<telnet allow="1.2.3.4" local-only="false"/>
<telnet allow="10.0.0.2" local-only="false"/>
</syntaxhighlight>
</syntaxhighlight>
Enable telnet server, allow inbound to telnet server from a block of IPv4s:
Enable telnet server, allow inbound to telnet server from a block of IPv4s:
<syntaxhighlight>
<syntaxhighlight>
<telnet allow="1.2.3.4-100" local-only="false"/>
<telnet allow="10.0.0.2-254" local-only="false"/>
</syntaxhighlight>
</syntaxhighlight>
Enable telnet server, allow inbound to telnet server from a /29 block of IPv4s:
Enable telnet server, allow inbound to telnet server from a /29 block of IPv4s:
<syntaxhighlight>
<syntaxhighlight>
<telnet allow="1.2.3.4/29" local-only="false"/>
<telnet allow="10.0.0.2/29" local-only="false"/>
</syntaxhighlight>
</syntaxhighlight>
Enable telnet server, allow inbound to telnet server from a single IPv6 address:
Enable telnet server, allow inbound to telnet server from a single IPv6 address:
Line 160: Line 160:
Enable HTTP server, allow inbound to HTTP server from a single IPv4 address:
Enable HTTP server, allow inbound to HTTP server from a single IPv4 address:
<syntaxhighlight>
<syntaxhighlight>
<http allow="1.2.3.4" local-only="false"/>
<http allow="10.0.0.2" local-only="false"/>
</syntaxhighlight>
</syntaxhighlight>
Enable HTTP server, allow inbound to HTTP server from a block of IPv4s:
Enable HTTP server, allow inbound to HTTP server from a block of IPv4s:
<syntaxhighlight>
<syntaxhighlight>
<http allow="1.2.3.4-100" local-only="false"/>
<http allow="10.0.0.2-254" local-only="false"/>
</syntaxhighlight>
</syntaxhighlight>
Enable HTTP server, allow inbound to HTTP server from a /29 block of IPv4s:
Enable HTTP server, allow inbound to HTTP server from a /29 block of IPv4s:
<syntaxhighlight>
<syntaxhighlight>
<http allow="1.2.3.4/29" local-only="false"/>
<http allow="10.0.0.2/29" local-only="false"/>
</syntaxhighlight>
</syntaxhighlight>
Enable HTTP server, allow inbound to HTTP server from a single IPv6 address:
Enable HTTP server, allow inbound to HTTP server from a single IPv6 address:
Line 186: Line 186:
Enable DNS service, local-only by default:
Enable DNS service, local-only by default:
<syntaxhighlight>
<syntaxhighlight>
<dns resolvers="217.169.20.20 217.169.20.21 2001:8b0::2020 2001:8b0::2021"/>
<dns resolvers="2001:8b0::2020 2001:8b0::2021 217.169.20.20 217.169.20.21"/>
</syntaxhighlight>
</syntaxhighlight>


==Port Grouping and Naming==
==Port Grouping and Naming==
Port grouping for a single PPPoE session:
Port grouping for one PPPoE connection:
<syntaxhighlight>
<syntaxhighlight>
<port name="LAN" ports="1 2 3"/>
<port name="LAN" ports="1 2 3"/>
<port name="WAN" ports="4"/>
<port name="WAN" ports="4"/>
</syntaxhighlight>
</syntaxhighlight>
Port grouping for dual PPPoE sessions:
Port grouping for two PPPoE connections:
<syntaxhighlight>
<syntaxhighlight>
<port name="LAN" ports="1 2"/>
<port name="LAN" ports="1 2"/>
Line 201: Line 201:
<port name="WAN1" ports="4"/>
<port name="WAN1" ports="4"/>
</syntaxhighlight>
</syntaxhighlight>
Port grouping for triple PPPoE sessions:
Port grouping for three PPPoE connections:
<syntaxhighlight>
<syntaxhighlight>
<port name="LAN" ports="1"/>
<port name="LAN" ports="1"/>
Line 325: Line 325:
VoIP with IPv4 and IPv6 source IPs defined:
VoIP with IPv4 and IPv6 source IPs defined:
<syntaxhighlight>
<syntaxhighlight>
<voip source-ip4="1.2.3.4" source-ip6="2001:8b0::1">
<voip source-ip4="10.0.0.1" source-ip6="2001:8b0::1">
</voip>
</voip>
</syntaxhighlight>
</syntaxhighlight>
Line 342: Line 342:




=Example Config=
=With NAT vs Without NAT=
You have 8 IPv4 for example "1.1.1.1-1.1.1.8" or "1.1.1.1/29", you can use them with NAT or without NAT. By using NAT you would only be using "1.1.1.1" and the other IPs would be unused.
==With NAT==
LAN Interface (with NAT):
<syntaxhighlight>
<interface name="LAN" port="LAN" ra-client="false">
<subnet ip="10.0.0.1/24"/>
<dhcp name="DHCP" ip="10.0.0.1/24" lease="1:00:00"/>
</interface>
</syntaxhighlight>
Connect to AAISP over PPPoE session (with NAT):
<syntaxhighlight>
<ppp name="AAISP" port="WAN" username="me@a.1" password="secret" nat="true" graph="AAISP" log="default"/>
</syntaxhighlight>
==Without NAT==
LAN Interface (without NAT):
<syntaxhighlight>
<interface name="LAN" port="LAN" ra-client="false">
<subnet ip="1.1.1.1/29"/>
<dhcp name="DHCP" ip="1.1.1.1/29" lease="1:00:00"/>
</interface>
</syntaxhighlight>
Connect to AAISP over PPPoE session (without NAT):
<syntaxhighlight>
<ppp name="AAISP" port="WAN" username="me@a.1" password="secret" nat="false" graph="AAISP" log="default"/>
</syntaxhighlight>


=NAT on a Single Port=
It is possible to have NAT on a single port, for example port 3, while ports 1 and 2 are without NAT.
==Port Grouping and Naming with NAT on Port 3==
<syntaxhighlight>
<port name="LAN" ports="1 2"/>
<port name="LAN-NAT" ports="3"/>
<port name="WAN" ports="4"/>
</syntaxhighlight>
==Ethernet Interface==
<syntaxhighlight>
<interface name="LAN" port="LAN" ra-client="false">
<subnet ip="1.1.1.1/29 2001:8b0::1/64"/>
<dhcp name="DHCP" ip="1.1.1.1/29" lease="1:00:00"/>
</interface>

<interface name="LAN-NAT" port="LAN-NAT" ra-client="false">
<subnet ip="10.0.0.1/24" nat="true"/>
<dhcp name="DHCP" ip="10.0.0.1/24" lease="1:00:00"/>
</interface>

<interface name="WAN" port="WAN" ra-client="false"/>
</syntaxhighlight>
==PPPoE==
<syntaxhighlight>
<ppp name="AAISP" port="WAN" username="me@a.1" password="secret" nat="false" graph="AAISP" log="default"/>
</syntaxhighlight>
==Firewall==
<syntaxhighlight>
<rule-set name="Firewall: LAN" target-interface="LAN" no-match-action="reject" comment="Default firewall rule for traffic to LAN">
<rule name="Allow Firebrick" source-interface="self" comment="Allow all from the FireBrick to LAN"/>
</rule-set>
</syntaxhighlight>


=Config Example=
<syntaxhighlight>
<syntaxhighlight>
<?xml version="1.0" encoding="UTF-8"?>
<?xml version="1.0" encoding="UTF-8"?>
Line 412: Line 350:
patch="21695">
patch="21695">
<system contact="John Doe" log-panic="fb-support"/>
<system contact="John Doe" log-panic="fb-support"/>
<user name="admin" password="secret" timeout="0"/>
<user name="admin" password="secret"/>
<log name="default" comment="General logging for web viewing"/>
<log name="default" comment="General logging for web viewing"/>
<log name="fb-support" comment="Log target for sending logs to FireBrick support team">
<log name="fb-support" comment="Log target for sending logs to FireBrick support team">
Line 421: Line 359:
<telnet/>
<telnet/>
<http/>
<http/>
<dns resolvers="217.169.20.20 217.169.20.21 2001:8b0::2020 2001:8b0::2021"/>
<dns resolvers="2001:8b0::2020 2001:8b0::2021 217.169.20.20 217.169.20.21"/>
</services>
</services>
<port name="LAN" ports="1 2 3"/>
<port name="LAN" ports="1 2 3"/>
Retrieved from "http://support.aa.net.uk/FireBrick_2700_Configuration"