Jump to content

This is the support site for Andrews & Arnold Ltd, a UK Internet provider. Information on these pages is generally for our customers but may be useful to others, enjoy!

FireBrick 2700 Configuration run-through: Difference between revisions

FireBrick 2700 Configuration run-through (view source)

Revision as of 11:37, 5 January 2011

4,347 bytes added ,  5 January 2011
no edit summary
No edit summary
Here we will build a config file for a FB2700, from scratch, it should help you to build a configuration for your line(s) and help you understand the XML syntax etc.
=PPPoE=
 
= Overview =
 
We have an ADSL line with the following details:
 
*Username= abc@a.1 Password=secret
*Routed IP block = 90.155.1.0/28
 
= Default Config =
 
The default configuration (or a fully-loaded FireBrick) looks like this:
<pre>&lt;?xml version="1.0" encoding="UTF-8"?&gt;
&lt;config xmlns="http://firebrick.ltd.uk/xml/fb2700/"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://firebrick.ltd.uk/xml/fb2700/
http://firebrick.ltd.uk/xml/fb2700/0.00.605.xsd"
timestamp="1970-01-01T00:00:07Z"&gt;
&lt;port name="LAN1" ports="1"/&gt;
&lt;port name="LAN2" ports="2"/&gt;
&lt;port name="LAN3" ports="3"/&gt;
&lt;port name="LAN4" ports="4"/&gt;
&lt;interface port="LAN1"&gt;
&lt;subnet comment="dhcp client"/&gt;
&lt;subnet ip="2001:DB8::1/64 10.0.0.1/24" nat="true"
comment="Temporary IPs for setup only, delete when finished configuring"/&gt;
&lt;dhcp ip="10.0.0.100-199"/&gt;
&lt;/interface&gt;
&lt;ppp port="LAN4" username="startup_user@startup_domain" password=""
comment="Example PPPoE config for DSL/FTTC/FTTP/etc"/&gt;
&lt;services&gt;
&lt;ntp/&gt;
&lt;telnet comment="Set allow IP list to restrict access"/&gt;
&lt;http/&gt;
&lt;/services&gt;
&lt;rule-set target-interface="LAN1" drop="reject" comment="default
firewall rule - block incoming"&gt;
&lt;rule source-interface="self" comment="allow from the FireBrick
though"/&gt;
&lt;/rule-set&gt;
&lt;/config&gt;
 
</pre>
Which sets up the 4 Ethernet ports as separate LANs, and an IP of 10.0.0.1 (and 2001:DB8::1)&nbsp;with the FireBrick acting DHCP server on the first port. So, connecting a computer to Port 1 should get you a 10.0.0.x IP address, and you can access http://10.0.0.1
 
Port 4 is set as an example of a PPPoE client, we'll set this up a little later.
 
= Configuring Initial Basic Settings =
 
Set yourself a user with full debug rights, eg:
<pre>&lt;user name="john" timeout="PT20M" level="DEBUG" password="secret"/&gt;
 
</pre>
Modify the ntp time server to use the AAISP time server:
<pre>&lt;ntp timeserver="90.155.53.32 2001:8B0:0:53::5A9B:3520"/&gt;
</pre>
modify the telnet service to permit only access from your LAN:
<pre>&lt;telnet allow="90.155.1.0/28"/&gt;
</pre>
<br>
 
= LAN Subnet =
 
We want to use just Ethernet port 1 on the FireBrick for our LAN, we'll be connecting port 1 to a switch, and all our devices will be plugged in to that switch.
 
So, first we'll add a new subnet, this can go under the current 10.0.0.1 subnet (which we'll delete later.)&nbsp;And we'll make this a DHCP server:
<pre>&lt;interface name="LAN" port="LAN1"&gt;
&lt;subnet ip="90.155.1.1/28" comment="LAN"/&gt;
&lt;dhcp ip="90.155.1.2-12"/&gt;
&lt;/interface&gt;
</pre>
Remove the existing DHCP settings for the 10.0.0.1 interface.
 
<br>
 
Our config now looks like this:
<pre>&lt;?xml version="1.0" encoding="UTF-8"?&gt;
&lt;config xmlns="http://firebrick.ltd.uk/xml/fb2700/" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://firebrick.ltd.uk/xml/fb2700/
http://firebrick.ltd.uk/xml/fb2700/0.00.605.xsd" timestamp="1970-01-01T00:00:07Z"&gt;
&lt;user name="john" timeout="PT20M" level="DEBUG" password="secret"/&gt;
&lt;port name="LAN1" ports="1"/&gt;
&lt;port name="LAN2" ports="2"/&gt;
&lt;port name="LAN3" ports="3"/&gt;
&lt;port name="LAN4" ports="4"/&gt;
&lt;interface port="LAN1"&gt;
&lt;subnet comment="dhcp client"/&gt;
&lt;subnet ip="2001:DB8::1/64 10.0.0.1/24" nat="true"
comment="Temporary IPs for setup only, delete when finished configuring"/&gt;
&lt;/interface&gt;
&lt;interface name="LAN" port="LAN1"&gt;
&lt;subnet ip="90.155.1.1/28" comment="LAN"/&gt;
&lt;dhcp ip="90.155.1.2-12"/&gt;
&lt;/interface&gt;
&lt;ppp port="LAN4" username="startup_user@startup_domain" password=""
comment="Example PPPoE config for DSL/FTTC/FTTP/etc"/&gt;
&lt;services&gt;
&lt;ntp timeserver="90.155.53.32 2001:8B0:0:53::5A9B:3520"/&gt;
&lt;telnet allow="90.155.1.0/28"/&gt;
&lt;http/&gt;
&lt;/services&gt;
&lt;rule-set target-interface="LAN1" drop="reject" comment="default
firewall rule - block incoming"&gt;
&lt;rule source-interface="self" comment="allow from the FireBrick
though"/&gt;
&lt;/rule-set&gt;
&lt;/config&gt;
</pre>
= PPPoE =
 
The FireBrick 2700 supports PPPoE - so you can use it to connect via a modem, eg a:
 
<br>
 
== Example XML Configuration (now deprecated, as ppp config now in top level) ==
<pre> &lt;port name="PPPoE" ports="1"/&gt;
&lt;interface name="PPPoE" port="PPPoE"&gt;
&lt;/interface&gt;
</pre>
Herewe are using the first ethernet port as the one connected to the modem... We had also set up the other 3 ports as the LAN. More details in the FireBrick documentation.<br>
 
= Native IPv6 =
 
Assuming you have an IPv6 block allocated to your line on Clueless and you're using the FB for PPPoE, then all the FB config needs is:
 
*An IPv6 address on the LAN subnet
=Native IPv6=
Assuming you have an IPv6 block allocated to your line on Clueless and you're using the FB for PPPoE, then all the FB config needs is:
*An IPv6 address on the LAN subnet
*ra="true" in the subnet
 
Your computers should then get IPv6 details. test on http://ip.help.me.uk
test on http://ip.help.me.uk
AA-Andrew
autoreview, Bureaucrats, editor, Interface administrators, reviewer, Administrators
12,274

edits

Retrieved from ‘http://support.aa.net.uk/Special:MobileDiff/243