Jump to content

This is the support site for Andrews & Arnold Ltd, a UK Internet provider. Information on these pages is generally for our customers but may be useful to others, enjoy!

FireBrick 2700 Configuration: Difference between revisions

FireBrick 2700 Configuration (view source)

Revision as of 16:19, 16 February 2015

2,240 bytes removed ,  16 February 2015
m
no edit summary
mNo edit summary
mNo edit summary
Enable telnet server, allow inbound to telnet server from a single IPv4 address:
<syntaxhighlight>
<telnet allow="110.20.30.42" local-only="false"/>
</syntaxhighlight>
Enable telnet server, allow inbound to telnet server from a block of IPv4s:
<syntaxhighlight>
<telnet allow="110.20.30.42-100254" local-only="false"/>
</syntaxhighlight>
Enable telnet server, allow inbound to telnet server from a /29 block of IPv4s:
<syntaxhighlight>
<telnet allow="110.20.30.42/29" local-only="false"/>
</syntaxhighlight>
Enable telnet server, allow inbound to telnet server from a single IPv6 address:
Enable HTTP server, allow inbound to HTTP server from a single IPv4 address:
<syntaxhighlight>
<http allow="110.20.30.42" local-only="false"/>
</syntaxhighlight>
Enable HTTP server, allow inbound to HTTP server from a block of IPv4s:
<syntaxhighlight>
<http allow="110.20.30.42-100254" local-only="false"/>
</syntaxhighlight>
Enable HTTP server, allow inbound to HTTP server from a /29 block of IPv4s:
<syntaxhighlight>
<http allow="110.20.30.42/29" local-only="false"/>
</syntaxhighlight>
Enable HTTP server, allow inbound to HTTP server from a single IPv6 address:
Enable DNS service, local-only by default:
<syntaxhighlight>
<dns resolvers="2001:8b0::2020 2001:8b0::2021 217.169.20.20 217.169.20.21 2001:8b0::2020 2001:8b0::2021"/>
</syntaxhighlight>
 
==Port Grouping and Naming==
Port grouping for a singleone PPPoE sessionconnection:
<syntaxhighlight>
<port name="LAN" ports="1 2 3"/>
<port name="WAN" ports="4"/>
</syntaxhighlight>
Port grouping for dualtwo PPPoE sessionsconnections:
<syntaxhighlight>
<port name="LAN" ports="1 2"/>
<port name="WAN1" ports="4"/>
</syntaxhighlight>
Port grouping for triplethree PPPoE sessionsconnections:
<syntaxhighlight>
<port name="LAN" ports="1"/>
VoIP with IPv4 and IPv6 source IPs defined:
<syntaxhighlight>
<voip source-ip4="110.20.30.41" source-ip6="2001:8b0::1">
</voip>
</syntaxhighlight>
 
 
=Example Config=
=With NAT vs Without NAT=
You have 8 IPv4 for example "1.1.1.1-1.1.1.8" or "1.1.1.1/29", you can use them with NAT or without NAT. By using NAT you would only be using "1.1.1.1" and the other IPs would be unused.
==With NAT==
LAN Interface (with NAT):
<syntaxhighlight>
<interface name="LAN" port="LAN" ra-client="false">
<subnet ip="10.0.0.1/24"/>
<dhcp name="DHCP" ip="10.0.0.1/24" lease="1:00:00"/>
</interface>
</syntaxhighlight>
Connect to AAISP over PPPoE session (with NAT):
<syntaxhighlight>
<ppp name="AAISP" port="WAN" username="me@a.1" password="secret" nat="true" graph="AAISP" log="default"/>
</syntaxhighlight>
==Without NAT==
LAN Interface (without NAT):
<syntaxhighlight>
<interface name="LAN" port="LAN" ra-client="false">
<subnet ip="1.1.1.1/29"/>
<dhcp name="DHCP" ip="1.1.1.1/29" lease="1:00:00"/>
</interface>
</syntaxhighlight>
Connect to AAISP over PPPoE session (without NAT):
<syntaxhighlight>
<ppp name="AAISP" port="WAN" username="me@a.1" password="secret" nat="false" graph="AAISP" log="default"/>
</syntaxhighlight>
 
 
=NAT on a Single Port=
It is possible to have NAT on a single port, for example port 3, while ports 1 and 2 are without NAT.
==Port Grouping and Naming with NAT on Port 3==
<syntaxhighlight>
<port name="LAN" ports="1 2"/>
<port name="LAN-NAT" ports="3"/>
<port name="WAN" ports="4"/>
</syntaxhighlight>
==Ethernet Interface==
<syntaxhighlight>
<interface name="LAN" port="LAN" ra-client="false">
<subnet ip="1.1.1.1/29 2001:8b0::1/64"/>
<dhcp name="DHCP" ip="1.1.1.1/29" lease="1:00:00"/>
</interface>
 
<interface name="LAN-NAT" port="LAN-NAT" ra-client="false">
<subnet ip="10.0.0.1/24" nat="true"/>
<dhcp name="DHCP" ip="10.0.0.1/24" lease="1:00:00"/>
</interface>
 
<interface name="WAN" port="WAN" ra-client="false"/>
</syntaxhighlight>
==PPPoE==
<syntaxhighlight>
<ppp name="AAISP" port="WAN" username="me@a.1" password="secret" nat="false" graph="AAISP" log="default"/>
</syntaxhighlight>
==Firewall==
<syntaxhighlight>
<rule-set name="Firewall: LAN" target-interface="LAN" no-match-action="reject" comment="Default firewall rule for traffic to LAN">
<rule name="Allow Firebrick" source-interface="self" comment="Allow all from the FireBrick to LAN"/>
</rule-set>
</syntaxhighlight>
 
 
=Config Example=
<syntaxhighlight>
<?xml version="1.0" encoding="UTF-8"?>
patch="21695">
<system contact="John Doe" log-panic="fb-support"/>
<user name="admin" password="secret" timeout="0"/>
<log name="default" comment="General logging for web viewing"/>
<log name="fb-support" comment="Log target for sending logs to FireBrick support team">
<telnet/>
<http/>
<dns resolvers="2001:8b0::2020 2001:8b0::2021 217.169.20.20 217.169.20.21 2001:8b0::2020 2001:8b0::2021"/>
</services>
<port name="LAN" ports="1 2 3"/>
CrazyTeeka
editor
426

edits

Retrieved from ‘http://support.aa.net.uk/Special:MobileDiff/6786