FireBrick 2700 Configuration: Difference between revisions

From AAISP Support Site
mNo edit summary
mNo edit summary
Line 245: Line 245:
<syntaxhighlight>
<syntaxhighlight>
<rule name="Allow Firebrick" source-interface="self" comment="Allow all from the FireBrick to LAN"/>
<rule name="Allow Firebrick" source-interface="self" comment="Allow all from the FireBrick to LAN"/>
</syntaxhighlight>
Allow Voiceless inbound to your Snom Phone:
<syntaxhighlight>
<rule name="SIP" source-ip="81.187.30.110-119 90.155.3.0/24 90.155.103.0/24 2001:8b0:0:30::5060:0/112 2001:8b0:5060::/48" target-ip="2001:8b0::1" target-port="5060" action="accept"/>
<rule name="RTP" source-ip="81.187.30.110-119 90.155.3.0/24 90.155.103.0/24 2001:8b0:0:30::5060:0/112 2001:8b0:5060::/48" target-ip="2001:8b0::1" target-port="49152-65534" protocol="17" action="accept"/>
</syntaxhighlight>
</syntaxhighlight>



Revision as of 13:00, 19 August 2014

2700-small.png

This page describes editing the XML directly. The Firebrick does have a Web User Interface too. Both can be used to edit the config, as they edit the same underlying XML.

These instructions are mostly applicable to the 2500 too. The difference between the 2700 and the 2500 is that:

  • The 2700 has a USB port so supports 3G fallback, the 2500 does not have a USB port.
  • The 2700 has faster throughput - 350Mb/s on the 2700 compared to 100Mb/s on the 2500.


Factory Default Config

The factory default config of a FireBrick looks like this:

<?xml version="1.0" encoding="UTF-8"?>
<config xmlns="http://firebrick.ltd.uk/xml/fb2700/"
        xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
        xsi:schemaLocation="http://firebrick.ltd.uk/xml/fb2700/ http://firebrick.ltd.uk/download/FB2701/xml/fb2700/1.31.000.xsd"
        patch="20687">
   <system contact="John Doe" log-panic="fb-support"/>
   <log name="default" comment="General logging for web viewing"/>
   <log name="fb-support" comment="Log target for sending logs to FireBrick support team">
      <email to="crashlog@firebrick.ltd.uk" delay="10" comment="Crash logs emailed to FireBrick support team"/>
   </log>
   <services>
      <ntp/>
      <telnet/>
      <http local-only="true"/>
      <dns>
         <host name="my.firebrick.co.uk my.firebrick.uk"/>
      </dns>
   </services>
   <port name="LAN1" ports="1"/>
   <port name="LAN2" ports="2"/>
   <port name="LAN3" ports="3"/>
   <port name="WAN" ports="4"/>
   <interface name="LAN1" port="LAN1" ra-client="false" comment="Default LAN interface">
      <subnet name="Default IPs" ip="2001:db8::1/64 10.0.0.1/24" ra="false" nat="true" comment="Temporary IPs for setup only, delete when finished configuring"/>
      <dhcp name="Auto allocated IPs" comment="Allocates IP addresses automatically"/>
   </interface>
   <interface name="LAN2" port="LAN2" ra-client="false" comment="Default LAN interface">
      <subnet name="Default IPs" ip="2001:db8::1/64 10.0.0.1/24" ra="false" nat="true" comment="Temporary IPs for setup only, delete when finished configuring"/>
      <dhcp name="Auto allocated IPs" comment="Allocates IP addresses automatically"/>
   </interface>
   <interface name="LAN3" port="LAN3" ra-client="false" comment="Default LAN interface">
      <subnet name="Default IPs" ip="2001:db8::1/64 10.0.0.1/24" ra="false" nat="true" comment="Temporary IPs for setup only, delete when finished configuring"/>
      <dhcp name="Auto allocated IPs" comment="Allocates IP addresses automatically"/>
   </interface>
   <interface name="WAN" port="WAN" ra-client="true" comment="Default WAN interface">
      <subnet name="DHCP client" comment="Delete if not required, not needed if using PPP"/>
   </interface>
   <ppp name="LAN-PPPoE" port="LAN1" username="me@firebrick" password="password" nat="true"/>
   <ppp name="WAN-PPPoE" port="WAN" username="me@firebrick" password="password" nat="true"/>
   <usb>
      <dongle name="Example-3G" comment="Default 3G config, does not usually require any more settings"/>
   </usb>
   <rule-set name="Firewall: LAN" target-interface="LAN1 LAN2 LAN3" no-match-action="reject" comment="Default firewall rule for traffic to LAN">
      <rule name="Allow Firebrick" source-interface="self" comment="Allow all from the FireBrick to LAN"/>
   </rule-set>
</config>


Config Run Through

The FireBrick uses XML version 1.0 and UTF-8 encoding:

<?xml version="1.0" encoding="UTF-8"?>

FireBrick is running factory release firmware 1.31.000 (Janus):

<config xmlns="http://firebrick.ltd.uk/xml/fb2700/"
        xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
        xsi:schemaLocation="http://firebrick.ltd.uk/xml/fb2700/ http://firebrick.ltd.uk/download/FB2701/xml/fb2700/1.31.000.xsd"
        patch="20687">

System:

FireBrick with basic system config. Automatic updates to new factory release firmware are enabled by default:

<system contact="John Doe" log-panic="fb-support"/>

Same as above but automatic firmware updates are disabled:

<system contact="John Doe" log-panic="fb-support" sw-update="false"/>

User:

Admin account with password "secret". Login idle timeout is "5:00". Login level is "ADMIN".

<user name="Admin" password="SHA1#D57E4F7EE70491BBD274B5F71185A2A577B0DAFBF558BD"/>

Same as above but login idle timeout is disabled:

<user name="Admin" password="SHA1#D57E4F7EE70491BBD274B5F71185A2A577B0DAFBF558BD" timeout="0"/>

Basic Guest/User account with many things hidden:

<user name="Admin" password="SHA1#D57E4F7EE70491BBD274B5F71185A2A577B0DAFBF558BD" timeout="0" level="GUEST"/>

or

<user name="Admin" password="SHA1#D57E4F7EE70491BBD274B5F71185A2A577B0DAFBF558BD" timeout="0" level="USER"/>

Debug account with a few extra things unhidden:

<user name="Admin" password="SHA1#D57E4F7EE70491BBD274B5F71185A2A577B0DAFBF558BD" timeout="0" level="DEBUG"/>

Logging:

General logging:

<log name="default" comment="General logging for web viewing"/>

Crash logs emailed to FireBrick support team, ties in with <system log-panic="fb-support"> as above:

<log name="fb-support" comment="Log target for sending logs to FireBrick support team">
<email to="crashlog@firebrick.ltd.uk" delay="10" comment="Crash logs emailed to FireBrick support team"/>
</log>

Services - NTP Client:

Set time from AAISP time server, local-only by default:

<ntp ntpserver="time.aa.net.uk"/>

Services - Telnet Server:

Enable telnet server, local-only by default:

<telnet/>

Services - HTTP Server:

Enable HTTP server, local-only by default:

<http/>

Services - DNS Service:

Enable DNS service, local-only by default:

<dns resolvers="217.169.20.20 217.169.20.21 2001:8b0::2020 2001:8b0::2021"/>

Port Grouping and Naming:

Port grouping for a single PPPoE session:

<port name="LAN" ports="1 2 3"/>
<port name="WAN" ports="4"/>

Port grouping for dual PPPoE sessions:

<port name="LAN" ports="1 2"/>
<port name="WAN2" ports="3"/>
<port name="WAN1" ports="4"/>

Port grouping for triple PPPoE sessions:

<port name="LAN" ports="1"/>
<port name="WAN3" ports="2"/>
<port name="WAN2" ports="3"/>
<port name="WAN1" ports="4"/>

Ethernet Interface:

LAN Interface:

<interface name="LAN" port="LAN" ra-client="false">
<subnet ip="1.2.3.4/24 2001:8b0::1/64"/>
</interface>

LAN Interface for IPv6 tunnel over 3G dongle with MTU 1500:

<interface name="LAN" port="LAN" ra-client="false">
<subnet ip="1.2.3.4/24 2001:8b0::1/64" ra="true" ra-mtu="1480" ra-dns="2001:8b0::2020 2001:8b0::2021"/>
</interface>

LAN Interface for IPv6 tunnel over 3G dongle with MTU 1492:

<interface name="LAN" port="LAN" ra-client="false">
<subnet ip="1.2.3.4/24 2001:8b0::1/64" ra="true" ra-mtu="1472" ra-dns="2001:8b0::2020 2001:8b0::2021"/>
</interface>

WAN Interface for a single PPPoE session:

<interface name="WAN" port="WAN" ra-client="false"/>

WAN Interface for dual PPPoE sessions:

<interface name="WAN1" port="WAN1" ra-client="false"/>
<interface name="WAN2" port="WAN2" ra-client="false"/>

WAN Interface for triple PPPoE sessions:

<interface name="WAN1" port="WAN1" ra-client="false"/>
<interface name="WAN2" port="WAN2" ra-client="false"/>
<interface name="WAN3" port="WAN3" ra-client="false"/>

PPPoE:

Connect to AAISP over PPPoE session:

<ppp name="AAISP" port="WAN" username="me@a.1" password="secret" graph="AAISP" log="default"/>

Same as above with MTU 1500:

<ppp name="AAISP" port="WAN" username="me@a.1" password="secret" mtu="1500" graph="AAISP" log="default"/>

Same as above with MTU 1500 and 3G dongle tweaks:

<ppp name="AAISP" port="WAN" username="me@a.1" password="secret" mtu="1500" lcp-rate="1" lcp-timeout="5" graph="AAISP" log="default"/>

USB and 3G dongle:

Connect to AAISP over 3G dongle with NAT:

<dongle name="AAISP-3G" username="me@a.2" password="secret" graph="AAISP-3G" log="default"/>

Connect to AAISP over 3G dongle without NAT:

<dongle name="AAISP-3G" username="me@a.2" password="secret" nat="false" graph="AAISP-3G" log="default"/>

Connect to AAISP over 3G dongle with APN and NAT:

<dongle name="AAISP-3G" apn="m2m.aql.net" username="me@a.2" password="secret" graph="AAISP-3G" log="default"/>

Connect to AAISP over 3G dongle with APN and without NAT:

<dongle name="AAISP-3G" apn="m2m.aql.net" username="me@a.2" password="secret" nat="false" graph="AAISP-3G" log="default"/>

Static Routes:

3G dongle IPv6 default route using IPv4 tunnel:

<route ip="::/0" gateway="81.187.81.6" comment="IPv6 default route using IPv4 tunnel"/>

Firewall - Rule Set:

Default firewall rule for traffic to LAN:

<rule-set name="Firewall: LAN" target-interface="LAN" no-match-action="reject" comment="Default firewall rule for traffic to LAN">
</rule-set>

Firewall - Rule(s):

Allow all from the FireBrick to LAN:

<rule name="Allow Firebrick" source-interface="self" comment="Allow all from the FireBrick to LAN"/>

Allow Voiceless inbound to your Snom Phone:

<rule name="SIP" source-ip="81.187.30.110-119 90.155.3.0/24 90.155.103.0/24 2001:8b0:0:30::5060:0/112 2001:8b0:5060::/48" target-ip="2001:8b0::1" target-port="5060" action="accept"/>
<rule name="RTP" source-ip="81.187.30.110-119 90.155.3.0/24 90.155.103.0/24 2001:8b0:0:30::5060:0/112 2001:8b0:5060::/48" target-ip="2001:8b0::1" target-port="49152-65534" protocol="17" action="accept"/>


Complete Config Example

<?xml version="1.0" encoding="UTF-8"?>

<config xmlns="http://firebrick.ltd.uk/xml/fb2700/"
        xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
        xsi:schemaLocation="http://firebrick.ltd.uk/xml/fb2700/ http://firebrick.ltd.uk/download/FB2701/xml/fb2700/1.31.000.xsd"
        patch="20687">

<system contact="John Doe" log-panic="fb-support"/>

<user name="Admin" password="SHA1#D57E4F7EE70491BBD274B5F71185A2A577B0DAFBF558BD" timeout="0"/>

<log name="default" comment="General logging for web viewing"/>

<log name="fb-support" comment="Log target for sending logs to FireBrick support team">
<email to="crashlog@firebrick.ltd.uk" delay="10" comment="Crash logs emailed to FireBrick support team"/>
</log>

<services>
<ntp ntpserver="time.aa.net.uk"/>
<telnet/>
<http/>
<dns resolvers="217.169.20.20 217.169.20.21 2001:8b0::2020 2001:8b0::2021"/>
</services>

<port name="LAN" ports="1 2 3"/>
<port name="WAN" ports="4"/>

<interface name="LAN" port="LAN" ra-client="false">
<subnet ip="1.2.3.4/24 2001:8b0::1/64"/>
</interface>

<interface name="WAN" port="WAN" ra-client="false"/>

<ppp name="AAISP" port="WAN" username="me@a.1" password="secret" graph="AAISP" log="default"/>

<usb>
<dongle name="AAISP-3G" username="me@a.2" password="secret" graph="AAISP-3G" log="default"/>
</usb>