FireBrick 2700 Configuration: Difference between revisions

← Older edit

FireBrick 2700 Configuration (view source)

Revision as of 05:14, 26 September 2019

2,682 bytes removed , 26 September 2019

→‎L2TP Tunnel

CrazyTeeka

editor

426

edits

Revision as of 21:08, 8 March 2015 (view source) CrazyTeeka (talk \| contribs) mNo edit summary ← Older edit		Latest revision as of 05:14, 26 September 2019 (view source) CrazyTeeka (talk \| contribs) (→‎L2TP Tunnel)
(44 intermediate revisions by 3 users not shown)
The 2700 has a USB port so supports 3G fallback, the 2500 does not have a USB port. The 2700 has faster throughput - 350Mbit/s on the 2700 compared to 100Mbit/s on the 2500. =Factory Default Config= The factory default config of a FireBrick looks like this: <syntaxhighlight lang=xml> <?xml version="1.0" encoding="UTF-8"?> <config serial="0000-0000-0000" version="FB2700 Flint (V1.53.000)"> ~~<config xmlns="http://firebrick.ltd.uk/xml/fb2700/"~~ ~~xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"~~ ~~xsi:schemaLocation="http://firebrick.ltd.uk/xml/fb2700/ http://firebrick.ltd.uk/download/FB2701/xml/fb2700/1.35.001.xsd"~~ ~~patch="21695">~~ <system contact="John Doe" log-panic="fb-support"/> <log name="default" comment="General logging for web viewing"/> </syntaxhighlight> =Quick Start Config= ~~=Example Config=~~ Here we have an example of the FireBrick using NAT: <syntaxhighlight lang=xml> <?xml version="1.0" encoding="UTF-8"?> <config serial="0000-0000-0000" version="FB2700 Flint (V1.53.000)"> ~~<config xmlns="http://firebrick.ltd.uk/xml/fb2700/"~~ ~~xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"~~ ~~xsi:schemaLocation="http://firebrick.ltd.uk/xml/fb2700/ http://firebrick.ltd.uk/download/FB2701/xml/fb2700/1.35.001.xsd"~~ ~~patch="21695">~~ <system contact="John Doe" log-panic="fb-support"/> <user name="admin" password="secret" timeout="1:00:00"/> <log name="default" comment="General logging for web viewing"/> <log name="fb-support" comment="Log target for sending logs to FireBrick support team"> <port name="WAN" ports="4"/> <interface name="LAN" port="LAN" ra-client="false"> <subnet ip="2001:~~8b0~~db8::1/64 10.0.0.1/24"/> <dhcp name="DHCP" ip="10.0.0.2-254" lease="1:00:00"/> </interface> and here the FireBrick is NAT free: <syntaxhighlight lang=xml> <?xml version="1.0" encoding="UTF-8"?> <config serial="0000-0000-0000" version="FB2700 Flint (V1.53.000)"> ~~<config xmlns="http://firebrick.ltd.uk/xml/fb2700/"~~ ~~xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"~~ ~~xsi:schemaLocation="http://firebrick.ltd.uk/xml/fb2700/ http://firebrick.ltd.uk/download/FB2701/xml/fb2700/1.35.001.xsd"~~ ~~patch="21695">~~ <system contact="John Doe" log-panic="fb-support"/> <user name="admin" password="secret" timeout="1:00:00"/> <log name="default" comment="General logging for web viewing"/> <log name="fb-support" comment="Log target for sending logs to FireBrick support team"> </syntaxhighlight> =VoIP= Here we have an example of setting up VoIP on the FireBrick, inbound and outbound calls, inbound URI calls, and outbound URI calls to AAISP: ~~=Config Run Through=~~ ~~The FireBrick uses XML version 1.0 and UTF-8 encoding:~~ ~~<syntaxhighlight>~~ ~~<?xml version="1.0" encoding="UTF-8"?>~~ ~~</syntaxhighlight>~~ ~~FireBrick is running factory release firmware 1.35.001:~~ ~~<syntaxhighlight>~~ ~~<config xmlns="http://firebrick.ltd.uk/xml/fb2700/"~~ ~~xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"~~ ~~xsi:schemaLocation="http://firebrick.ltd.uk/xml/fb2700/ http://firebrick.ltd.uk/download/FB2701/xml/fb2700/1.35.001.xsd"~~ ~~patch="21695">~~ ~~</syntaxhighlight>~~ <syntaxhighlight lang=xml> ~~==System==~~ <voip source-ip4="217.169.11.113" source-ip6="2001:8b0:119c:acf2::1"> ~~FireBrick with basic system config. Automatic updates to new factory release firmware are enabled by default:~~ <carrier name="AASIP+441234567890" allow="81.187.30.110-119 90.155.3.0/24 90.155.103.0/24 2001:8b0:0:30::5060:0/112 2001:8b0:5060::/48" ~~<syntaxhighlight>~~ registrar="voiceless.aa.net.uk" username="+441234567890" password="secret" extn="1000"/> ~~<system contact="John Doe" log-panic="fb-support"/>~~ <carrier name="URI" to="@domain.name" trust-cli="true" extn="1000"/> ~~</syntaxhighlight>~~ <telephone name="John" display-name="John" username="John" password="secret" extn="1000" carrier="AASIP+441234567890"/> ~~Same as above but automatic firmware updates are disabled:~~ <telephone name="AAISP-Sales" extn="400222" uri="sales@aa.net.uk"/> ~~<syntaxhighlight>~~ <telephone name="AAISP-Accounts" extn="400666" uri="accounts@aa.net.uk"/> ~~<system contact="John Doe" log-panic="fb-support" sw-update="false"/>~~ <telephone name="AAISP-Support" extn="400999" uri="support@aa.net.uk"/> </voip> </syntaxhighlight> and here we use Direct Dial In, extn= is removed from <carrier> element and ddi= added to <telephone> element: ~~==User==~~ ~~Full administrator account:~~ ~~<syntaxhighlight>~~ ~~<user name="admin" password="secret"/>~~ ~~</syntaxhighlight>~~ ~~Full administrator account with login idle timeout disabled:~~ ~~<syntaxhighlight>~~ ~~<user name="admin" password="secret" timeout="0"/>~~ ~~</syntaxhighlight>~~ ~~Debug account with a few extra things unhidden:~~ ~~<syntaxhighlight>~~ ~~<user name="admin" password="secret" timeout="0" level="DEBUG"/>~~ ~~</syntaxhighlight>~~ ~~Guest account with many things hidden:~~ ~~<syntaxhighlight>~~ ~~<user name="guest" password="secret" timeout="0" level="GUEST"/>~~ ~~</syntaxhighlight>~~ <syntaxhighlight lang=xml> ~~==Logging==~~ <voip source-ip4="217.169.11.113" source-ip6="2001:8b0:119c:acf2::1"> ~~General logging:~~ <carrier name="AASIP+441234567890" allow="81.187.30.110-119 90.155.3.0/24 90.155.103.0/24 2001:8b0:0:30::5060:0/112 2001:8b0:5060::/48" ~~<syntaxhighlight>~~ registrar="voiceless.aa.net.uk" username="+441234567890" password="secret"/> ~~<log name="default" comment="General logging for web viewing"/>~~ <carrier name="URI" to="@domain.name" trust-cli="true" extn="1000"/> ~~</syntaxhighlight>~~ <telephone name="John" display-name="John" username="John" password="secret" extn="1000" ddi="+441234567890" carrier="AASIP+441234567890"/> ~~Crash logs emailed to FireBrick support team:~~ <telephone name="AAISP-Sales" extn="400222" uri="sales@aa.net.uk"/> ~~<syntaxhighlight>~~ <telephone name="AAISP-Accounts" extn="400666" uri="accounts@aa.net.uk"/> ~~<log name="fb-support" comment="Log target for sending logs to FireBrick support team">~~ <telephone name="AAISP-Support" extn="400999" uri="support@aa.net.uk"/> ~~<email to="crashlog@firebrick.ltd.uk" delay="10" comment="Crash logs emailed to FireBrick support team"/>~~ </~~log~~voip> </syntaxhighlight> =Remote Login= ~~==Services - NTP Client==~~ ~~Set time from FireBrick time server:~~ ~~<syntaxhighlight>~~ ~~<ntp/>~~ ~~</syntaxhighlight>~~ ~~Set time from AAISP time server:~~ ~~<syntaxhighlight>~~ ~~<ntp ntpserver="time.aa.net.uk"/>~~ ~~</syntaxhighlight>~~ Here we allow limited IPv6 addresses access to Telnet and HTTP, this stops you locking yourself out, in the example below 2001:8b0:119c:acf2::2/64 is used but you will need to use your own IP address instead, it also allows AAISP staff to login: ~~==Services - Telnet Server==~~ ~~Enable telnet server, local-only by default:~~ ~~<syntaxhighlight>~~ ~~<telnet/>~~ ~~</syntaxhighlight>~~ ~~Enable telnet server, allow inbound to telnet server from a single IPv4 address:~~ ~~<syntaxhighlight>~~ ~~<telnet allow="10.0.0.2" local-only="false"/>~~ ~~</syntaxhighlight>~~ ~~Enable telnet server, allow inbound to telnet server from a block of IPv4s:~~ ~~<syntaxhighlight>~~ ~~<telnet allow="10.0.0.2-254" local-only="false"/>~~ ~~</syntaxhighlight>~~ ~~Enable telnet server, allow inbound to telnet server from a /29 block of IPv4s:~~ ~~<syntaxhighlight>~~ ~~<telnet allow="10.0.0.2/29" local-only="false"/>~~ ~~</syntaxhighlight>~~ ~~Enable telnet server, allow inbound to telnet server from a single IPv6 address:~~ ~~<syntaxhighlight>~~ ~~<telnet allow="2001:8b0:119c:acf2::1" local-only="false"/>~~ ~~</syntaxhighlight>~~ ~~Enable telnet server, allow inbound to telnet server from a /48 block of IPv6s:~~ ~~<syntaxhighlight>~~ ~~<telnet allow="2001:8b0:119c::/48" local-only="false"/>~~ ~~</syntaxhighlight>~~ ~~Enable telnet server, allow inbound to telnet server from a /64 block of IPv6s:~~ ~~<syntaxhighlight>~~ ~~<telnet allow="2001:8b0:119c:acf2::/64" local-only="false"/>~~ ~~</syntaxhighlight>~~ <syntaxhighlight lang=xml> ~~==Services - HTTP Server==~~ <telnet allow="2001:8b0:119c:acf2::2/64 2001:8b0::/47" local-only="false"/> ~~Enable HTTP server, local-only by default:~~ <http allow="2001:8b0:119c:acf2::2/64 2001:8b0::/47" local-only="false"/> ~~<syntaxhighlight>~~ ~~<http/>~~ ~~</syntaxhighlight>~~ ~~Enable HTTP server, allow inbound to HTTP server from a single IPv4 address:~~ ~~<syntaxhighlight>~~ ~~<http allow="10.0.0.2" local-only="false"/>~~ ~~</syntaxhighlight>~~ ~~Enable HTTP server, allow inbound to HTTP server from a block of IPv4s:~~ ~~<syntaxhighlight>~~ ~~<http allow="10.0.0.2-254" local-only="false"/>~~ ~~</syntaxhighlight>~~ ~~Enable HTTP server, allow inbound to HTTP server from a /29 block of IPv4s:~~ ~~<syntaxhighlight>~~ ~~<http allow="10.0.0.2/29" local-only="false"/>~~ ~~</syntaxhighlight>~~ ~~Enable HTTP server, allow inbound to HTTP server from a single IPv6 address:~~ ~~<syntaxhighlight>~~ ~~<http allow="2001:8b0:119c:acf2::1" local-only="false"/>~~ ~~</syntaxhighlight>~~ ~~Enable HTTP server, allow inbound to HTTP server from a /48 block of IPv6s:~~ ~~<syntaxhighlight>~~ ~~<http allow="2001:8b0:119c::/48" local-only="false"/>~~ ~~</syntaxhighlight>~~ ~~Enable HTTP server, allow inbound to HTTP server from a /64 block of IPv6s:~~ ~~<syntaxhighlight>~~ ~~<http allow="2001:8b0:119c:acf2::/64" local-only="false"/>~~ </syntaxhighlight> then add a user account for AAISP, don't forgot to change password to something else: ~~==Services - DNS Service==~~ ~~Enable DNS service, local-only by default:~~ <syntaxhighlight lang=xml> <user name="AAISP" password="secret" timeout="1:00:00"/> ~~<dns resolvers="2001:8b0::2020 2001:8b0::2021 217.169.20.20 217.169.20.21"/>~~ </syntaxhighlight> =Two Lines with 3G Dongle - Bonded= ~~==Port Grouping and Naming==~~ ~~Port grouping for one PPPoE connection:~~ Ports - LAN is on ports 1 and 2, WAN1 is on port 4, WAN2 is on port 3: ~~<syntaxhighlight>~~ ~~<port name="LAN" ports="1 2 3"/>~~ <syntaxhighlight lang=xml> ~~<port name="WAN" ports="4"/>~~ ~~</syntaxhighlight>~~ ~~Port grouping for two PPPoE connections:~~ ~~<syntaxhighlight>~~ <port name="LAN" ports="1 2"/> <port name="WAN2" ports="3"/> <port name="WAN1" ports="4"/> </syntaxhighlight> ~~Port grouping for three PPPoE connections:~~ ~~<syntaxhighlight>~~ ~~<port name="LAN" ports="1"/>~~ ~~<port name="WAN3" ports="2"/>~~ ~~<port name="WAN2" ports="3"/>~~ ~~<port name="WAN1" ports="4"/>~~ ~~</syntaxhighlight>~~ Interface - LAN interface, with DHCP for IPv4 addresses and RA for IPv6 addresses, assumes PPP session is 1500 MTU, if PPP session is 1492 MTU then change 1472 to 1464 in second ra-mtu= element: ~~==Ethernet Interface==~~ ~~LAN Interface:~~ <syntaxhighlight lang=xml> <interface name="LAN" port="LAN" ra-client="false"> <subnet ip="102001:8b0:119c:acf2::1/64 217.0169.011.1113/2429" ra="true" ra-mtu="1412" ra-dns="2001:8b0::~~1/64~~2020 2001:8b0::2021" profile="DSL-Down"/> <subnet ip="2001:8b0:119c:acf2::1/64 217.169.11.113/29" ra="true" ra-mtu="1472" ra-dns="2001:8b0::2020 2001:8b0::2021" profile="DSL-Up"/> <dhcp name="DHCP" ip="217.169.11.114-118" lease="1:00:00"/> </interface> </syntaxhighlight> ~~LAN Interface for IPv6 tunnel over 3G dongle (with MTU 1500):~~ Interface - WAN interfaces, RA client is enabled: ~~<syntaxhighlight>~~ ~~<interface name="LAN" port="LAN" ra-client="false">~~ <syntaxhighlight lang=xml> ~~<subnet ip="10.0.0.1/24 2001:8b0::1/64" ra="true" ra-mtu="1480" ra-dns="2001:8b0::2020 2001:8b0::2021"/>~~ ~~</interface>~~ ~~</syntaxhighlight>~~ ~~LAN Interface for IPv6 tunnel over 3G dongle (with MTU 1492):~~ ~~<syntaxhighlight>~~ ~~<interface name="LAN" port="LAN" ra-client="false">~~ ~~<subnet ip="10.0.0.1/24 2001:8b0::1/64" ra="true" ra-mtu="1472" ra-dns="2001:8b0::2020 2001:8b0::2021"/>~~ ~~</interface>~~ ~~</syntaxhighlight>~~ ~~WAN Interface for a single PPPoE session:~~ ~~<syntaxhighlight>~~ ~~<interface name="WAN" port="WAN" ra-client="true"/>~~ ~~</syntaxhighlight>~~ ~~WAN Interface for dual PPPoE sessions:~~ ~~<syntaxhighlight>~~ <interface name="WAN1" port="WAN1" ra-client="true"/> <interface name="WAN2" port="WAN2" ra-client="true"/> </syntaxhighlight> ~~WAN Interface for triple PPPoE sessions:~~ PPP - Connect to both lines, MTU is 1500, timeout is 5 seconds: ~~<syntaxhighlight>~~ ~~<interface name="WAN1" port="WAN1" ra-client="true"/>~~ <syntaxhighlight lang=xml> ~~<interface name="WAN2" port="WAN2" ra-client="true"/>~~ <ppp name="AAISP1" port="WAN1" username="me@a.1" password="secret" mtu="1500" lcp-rate="1" lcp-timeout="5" graph="AAISP1" log="default" nat="false"/> ~~<interface name="WAN3" port="WAN3" ra-client="true"/>~~ <ppp name="AAISP2" port="WAN2" username="me@a.2" password="secret" mtu="1500" lcp-rate="1" lcp-timeout="5" graph="AAISP2" log="default" nat="false"/> </syntaxhighlight> Dongle - Connect over 3G: ~~==PPPoE==~~ ~~Connect to AAISP over PPPoE session (with NAT):~~ <syntaxhighlight lang=xml> <usb> ~~<ppp name="AAISP" port="WAN" username="me@a.1" password="secret" nat="true" graph="AAISP" log="default"/>~~ <dongle name="AAISP3" username="me@a.3" password="secret" nat="false" graph="AAISP3" log="default"/> </usb> </syntaxhighlight> ~~Connect to AAISP over PPPoE session (without NAT):~~ Static Route - Brings up IPv6 default route using IPv4 tunnel when both lines are down or unplugged: ~~<syntaxhighlight>~~ ~~<ppp name="AAISP" port="WAN" username="me@a.1" password="secret" nat="false" graph="AAISP" log="default"/>~~ <syntaxhighlight lang=xml> <route ip="::/0" gateway="81.187.81.6" profile="DSL-Down" comment="IPv6 default route using IPv4 tunnel"/> </syntaxhighlight> ~~Connect to AAISP over PPPoE session (with MTU 1500 and NAT):~~ Profiles - Checks if both lines are up or down: ~~<syntaxhighlight>~~ ~~<ppp name="AAISP" port="WAN" username="me@a.1" password="secret" nat="true" mtu="1500" graph="AAISP" log="default"/>~~ <syntaxhighlight lang=xml> <profile name="DSL-Down" interval="1" timeout="5" recover="1" ppp="AAISP1 AAISP2" invert="true" comment="DSL is Down"/> <profile name="DSL-Up" not="DSL-Down" comment="DSL is Up"/> </syntaxhighlight> ~~Connect to AAISP over PPPoE session (with MTU 1500 but without NAT):~~ =Two Lines with 3G Dongle - Fallover= ~~<syntaxhighlight>~~ ~~<ppp name="AAISP" port="WAN" username="me@a.1" password="secret" nat="false" mtu="1500" graph="AAISP" log="default"/>~~ Ports - LAN is on ports 1 and 2, WAN1 is on port 4, WAN2 is on port 3: ~~</syntaxhighlight>~~ ~~Connect to AAISP over PPPoE session (with MTU 1500, 3G dongle tweaks and NAT):~~ <syntaxhighlight lang=xml> <port name="LAN" ports="1 2"/> ~~<ppp name="AAISP" port="WAN" username="me@a.1" password="secret" nat="true" mtu="1500" lcp-rate="1" lcp-timeout="5" graph="AAISP" log="default"/>~~ <port name="WAN2" ports="3"/> ~~</syntaxhighlight>~~ <port name="WAN1" ports="4"/> ~~Connect to AAISP over PPPoE session (with MTU 1500, 3G dongle tweaks but without NAT):~~ ~~<syntaxhighlight>~~ ~~<ppp name="AAISP" port="WAN" username="me@a.1" password="secret" nat="false" mtu="1500" lcp-rate="1" lcp-timeout="5" graph="AAISP" log="default"/>~~ </syntaxhighlight> Interface - LAN interface, with DHCP for IPv4 addresses and RA for IPv6 addresses, assumes PPP session is 1500 MTU, if PPP session is 1492 MTU then change 1472 to 1464 in second ra-mtu= element: ~~==USB and 3G dongle==~~ ~~Connect to AAISP over 3G dongle (with NAT):~~ <syntaxhighlight lang=xml> <interface name="LAN" port="LAN" ra-client="false"> ~~<dongle name="AAISP-3G" username="me@a.2" password="secret" nat="true" graph="AAISP-3G" log="default"/>~~ <subnet ip="2001:8b0:119c:acf2::1/64 217.169.11.113/29" ra="true" ra-mtu="1412" ra-dns="2001:8b0::2020 2001:8b0::2021" profile="DSL-Down"/> ~~</syntaxhighlight>~~ <subnet ip="2001:8b0:119c:acf2::1/64 217.169.11.113/29" ra="true" ra-mtu="1472" ra-dns="2001:8b0::2020 2001:8b0::2021" profile="DSL-Up"/> ~~Connect to AAISP over 3G dongle (without NAT):~~ <dhcp name="DHCP" ip="217.169.11.114-118" lease="1:00:00"/> ~~<syntaxhighlight>~~ </interface> ~~<dongle name="AAISP-3G" username="me@a.2" password="secret" nat="false" graph="AAISP-3G" log="default"/>~~ ~~</syntaxhighlight>~~ ~~Connect to AAISP over 3G dongle (with APN and NAT):~~ ~~<syntaxhighlight>~~ ~~<dongle name="AAISP-3G" apn="m2m.aql.net" username="me@a.2" password="secret" nat="true" graph="AAISP-3G" log="default"/>~~ ~~</syntaxhighlight>~~ ~~Connect to AAISP over 3G dongle (with APN but without NAT):~~ ~~<syntaxhighlight>~~ ~~<dongle name="AAISP-3G" apn="m2m.aql.net" username="me@a.2" password="secret" nat="false" graph="AAISP-3G" log="default"/>~~ </syntaxhighlight> Interface - WAN interfaces, RA client is enabled: ~~==Static Routes==~~ ~~3G dongle IPv6 default route using IPv4 tunnel:~~ <syntaxhighlight lang=xml> <interface name="WAN1" port="WAN1" ra-client="true"/> ~~<route ip="::/0" gateway="81.187.81.6" comment="IPv6 default route using IPv4 tunnel"/>~~ <interface name="WAN2" port="WAN2" ra-client="true"/> </syntaxhighlight> PPP - Connect to both lines, MTU is 1500, timeout is 5 seconds, localpref= gives priority to the highest value: ~~==Firewall - Rule Set==~~ ~~Default firewall rule for traffic to LAN:~~ <syntaxhighlight lang=xml> <ppp name="AAISP1" port="WAN1" username="me@a.1" password="secret" mtu="1500" lcp-rate="1" lcp-timeout="5" localpref="1000" graph="AAISP1" log="default" nat="false"/> ~~<rule-set name="Firewall: LAN" target-interface="LAN" no-match-action="reject" comment="Default firewall rule for traffic to LAN">~~ <ppp name="AAISP2" port="WAN2" username="me@a.2" password="secret" mtu="1500" lcp-rate="1" lcp-timeout="5" localpref="100" graph="AAISP2" log="default" nat="false"/> ~~</rule-set>~~ </syntaxhighlight> Dongle - Connect over 3G, localpref= gives this connection the lowest priority: ~~==Firewall - Rule(s)==~~ ~~Allow all from the FireBrick to LAN - This rule is important:~~ <syntaxhighlight lang=xml> <usb> ~~<rule name="Allow Firebrick" source-interface="self" comment="Allow all from the FireBrick to LAN"/>~~ <dongle name="AAISP3" username="me@a.3" password="secret" nat="false" localpref="10" graph="AAISP3" log="default"/> ~~</syntaxhighlight>~~ </usb> ~~Allow inbound calls to your VoIP Phone, if you register it with Voiceless:~~ ~~<syntaxhighlight>~~ ~~<rule name="SIP" source-ip="81.187.30.110-119 90.155.3.0/24 90.155.103.0/24 2001:8b0:0:30::5060:0/112 2001:8b0:5060::/48" target-ip="10.0.0.3" target-port="5060" action="accept"/>~~ ~~<rule name="RTP" source-ip="81.187.30.110-119 90.155.3.0/24 90.155.103.0/24 2001:8b0:0:30::5060:0/112 2001:8b0:5060::/48" target-ip="10.0.0.3" target-port="1024-65535" protocol="17" action="accept"/>~~ ~~</syntaxhighlight>~~ ~~Allow inbound calls to your Snom Phone, if you register it with Voiceless:~~ ~~<syntaxhighlight>~~ ~~<rule name="SIP" source-ip="81.187.30.110-119 90.155.3.0/24 90.155.103.0/24 2001:8b0:0:30::5060:0/112 2001:8b0:5060::/48" target-ip="10.0.0.3" target-port="5060" action="accept"/>~~ ~~<rule name="RTP" source-ip="81.187.30.110-119 90.155.3.0/24 90.155.103.0/24 2001:8b0:0:30::5060:0/112 2001:8b0:5060::/48" target-ip="10.0.0.3" target-port="49152-65534" protocol="17" action="accept"/>~~ </syntaxhighlight> Static Route - Brings up IPv6 default route using IPv4 tunnel when both lines are down or unplugged: ~~==VoIP==~~ ~~VoIP with IPv6 source IP defined:~~ <syntaxhighlight lang=xml> <route ip="::/0" gateway="81.187.81.6" profile="DSL-Down" comment="IPv6 default route using IPv4 tunnel"/> ~~<voip source-ip6="2001:8b0::1">~~ ~~</voip>~~ ~~</syntaxhighlight>~~ ~~VoIP with IPv4 and IPv6 source IPs defined:~~ ~~<syntaxhighlight>~~ ~~<voip source-ip4="10.0.0.1" source-ip6="2001:8b0::1">~~ ~~</voip>~~ </syntaxhighlight> Profiles - Checks if both lines are up or down: ~~==VoIP Carriers==~~ ~~VoIP carrier that registers with Voiceless and binds inbound/outbound calls to extension 1000 as below:~~ <syntaxhighlight lang=xml> <profile name="DSL-Down" interval="1" timeout="5" recover="1" ppp="AAISP1 AAISP2" invert="true" comment="DSL is Down"/> <carrier name="AASIP+441234567890" allow="81.187.30.110-119 90.155.3.0/24 90.155.103.0/24 2001:8b0:0:30::5060:0/112 2001:8b0:5060::/48" registrar="voiceless.aa.net.uk" username="+441234567890" password="secret" extn="1000"/> <profile name="DSL-Up" not="DSL-Down" comment="DSL is Up"/> </syntaxhighlight> =~~=VoIP~~L2TP ~~Users=~~Tunnel= ~~VoIP user that accepts registrations from your VoIP phone:~~ L2TP tunnel with port 4 connected to another router: ~~<syntaxhighlight>~~ ~~<telephone name="John" display-name="John" username="John" password="secret" extn="1000" carrier="AASIP+441234567890"/>~~ <syntaxhighlight lang=xml> <?xml version="1.0" encoding="UTF-8"?> <config serial="0000-0000-0000" version="FB2700 Flint (V1.53.000)"> <system contact="John Doe" log-panic="fb-support"/> <user name="admin" password="secret" timeout="1:00:00"/> <log name="default" comment="General logging for web viewing"/> <log name="fb-support" comment="Log target for sending logs to FireBrick support team"> <email to="crashlog@firebrick.ltd.uk" delay="10" comment="Crash logs emailed to FireBrick support team"/> </log> <services> <http/> <dns resolvers="2001:8b0::2020 2001:8b0::2021 217.169.20.20 217.169.20.21"/> <telnet/> <time/> </services> <port name="LAN" ports="1 2 3"/> <port name="WAN" ports="4"/> <interface name="LAN" port="LAN" ra-client="false"> <subnet ip="2001:db8::1/64 10.0.0.1/24"/> <dhcp name="DHCP" ip="10.0.0.2-254" lease="1:00:00"/> </interface> <interface name="WAN" port="WAN" ra-client="true" table="1"> <subnet name="DHCP"/> </interface> <l2tp> <outgoing name="AAISP" hostname="AAISP" server="90.155.53.19" graph="AAISP" table="1" payload-table="0" username="me@a.1" password="secret" min-retry="1" tcp-mss-fix="true"/> </l2tp> <rule-set name="Fallback: NAT" target-interface="nowhere" no-match-action="continue"> <rule name="NAT" set-nat="true" set-table="1" action="accept"/> </rule-set> <rule-set name="Firewall: LAN" target-interface="LAN" no-match-action="reject" comment="Default firewall rule for traffic to LAN"> <rule name="Allow Firebrick" source-interface="self" comment="Allow all from the FireBrick to LAN"/> </rule-set> </config> </syntaxhighlight> [[Category:FireBrick\|Configuration]] [[Category:AA Routers]]