Jump to content

This is the support site for Andrews & Arnold Ltd, a UK Internet provider. Information on these pages is generally for our customers but may be useful to others, enjoy!

FireBrick 2700 Configuration run-through: Difference between revisions

FireBrick 2700 Configuration run-through (view source)

Revision as of 14:26, 5 January 2011

3,531 bytes added ,  5 January 2011
→‎Default Config
 
= Default Config =
 
 
 
 
The default configuration (or a fully-loaded FireBrick) looks like this:
<div dir="ltr" class="mw-geshi" style="text-align: left;"><div class="xml source-xml"><pre class="de1"><span class="sc3"><span class="re1">&lt;?xml</span> <span class="re0">version</span>=<span class="st0">"1.0"</span> <span class="re0">encoding</span>=<span class="st0">"UTF-8"</span><span class="re2">?&gt;</span></span> <span class="sc3"><span class="re1">&lt;config</span> <span class="re0">xmlns</span>=<span class="st0">"http://firebrick.ltd.uk/xml/fb2700/" </span></span><span class="sc3"><span class="re0">xmlns:xsi</span>=<span class="st0">"http://www.w3.org/2001/XMLSchema-instance" </span></span><span class="sc3"><span class="re0">xsi:schemaLocation</span>=<span class="st0">"http://firebrick.ltd.uk/xml/fb2700/</span> <span class="sc3">http://firebrick.ltd.uk/xml/fb2700/0.00.605.xsd"</span></span> <span class="sc3"><span class="re0">timestamp</span>=<span class="st0">"1970-01-01T00:00:07Z"</span><span class="re2">&gt;</span></span> <span class="sc3"><span class="re1">&lt;port</span> <span class="re0">name</span>=<span class="st0">"LAN1"</span> <span class="re0">ports</span>=<span class="st0">"1"</span><span class="re2">/&gt;</span></span> <span class="sc3"><span class="re1">&lt;port</span> <span class="re0">name</span>=<span class="st0">"LAN2"</span> <span class="re0">ports</span>=<span class="st0">"2"</span><span class="re2">/&gt;</span></span> <span class="sc3"><span class="re1">&lt;port</span> <span class="re0">name</span>=<span class="st0">"LAN3"</span> <span class="re0">ports</span>=<span class="st0">"3"</span><span class="re2">/&gt;</span></span> <span class="sc3"><span class="re1">&lt;port</span> <span class="re0">name</span>=<span class="st0">"LAN4"</span> <span class="re0">ports</span>=<span class="st0">"4"</span><span class="re2">/&gt;</span></span> <span class="sc3"><span class="re1">&lt;interface</span> <span class="re0">name</span>=<span class="st0">"LAN1"</span> <span class="re0">port</span>=<span class="st0">"LAN1"</span><span class="re2">&gt;</span></span> <span class="sc3"><span class="re1">&lt;subnet</span> <span class="re0">comment</span>=<span class="st0">"dhcp client"</span><span class="re2">/&gt;</span></span> <span class="sc3"><span class="re1">&lt;subnet</span> <span class="re0">ip</span>=<span class="st0">"2001:DB8::1/64 10.0.0.1/24"</span> <span class="re0">nat</span>=<span class="st0">"true" </span></span><span class="sc3"><span class="re0">comment</span>=<span class="st0">"Temporary IPs for setup only, delete when finished configuring"</span><span class="re2">/&gt;</span></span> <span class="sc3"><span class="re1">&lt;dhcp</span> <span class="re0">ip</span>=<span class="st0">"10.0.0.100-199"</span><span class="re2">/&gt;</span></span> <span class="sc3"><span class="re1">&lt;/interface<span class="re2">&gt;</span></span></span> <span class="sc3"><span class="re1">&lt;ppp</span> <span class="re0">port</span>=<span class="st0">"LAN4"</span> <span class="re0">username</span>=<span class="st0">"startup_user@startup_domain"</span> <span class="re0">password</span>=<span class="st0">"" </span></span><span class="sc3"><span class="re0">comment</span>=<span class="st0">"Example PPPoE config for DSL/FTTC/FTTP/etc"</span><span class="re2">/&gt;</span></span> <span class="sc3"><span class="re1">&lt;services<span class="re2">&gt;</span></span></span> <span class="sc3"><span class="re1">&lt;ntp</span><span class="re2">/&gt;</span></span> <span class="sc3"><span class="re1">&lt;telnet</span> <span class="re0">comment</span>=<span class="st0">"Set allow IP list to restrict access"</span><span class="re2">/&gt;</span></span> <span class="sc3"><span class="re1">&lt;http</span><span class="re2">/&gt;</span></span> <span class="sc3"><span class="re1">&lt;/services<span class="re2">&gt;</span></span></span> <span class="sc3"><span class="re1">&lt;rule-set</span> <span class="re0">target-interface</span>=<span class="st0">"LAN1"</span> <span class="re0">drop</span>=<span class="st0">"reject"</span> <span class="re0">comment</span>=<span class="st0">"default </span><span class="sc3">firewall rule - block incoming"</span><span class="re2">&gt;</span></span> <span class="sc3"><span class="re1">&lt;rule</span> <span class="re0">source-interface</span>=<span class="st0">"self"</span> <span class="re0">comment</span>=<span class="st0">"allow from the FireBrick </span><span class="sc3">though"</span><span class="re2">/&gt;</span></span> <span class="sc3"><span class="re1">&lt;/rule-set<span class="re2">&gt;</span></span></span> <span class="sc3"><span class="re1">&lt;/config<span class="re2">&gt;</span></span></span></pre></div></div>
 
<syntaxhighlight>
<?xml version="1.0" encoding="UTF-8"?>
<config xmlns="http://firebrick.ltd.uk/xml/fb2700/"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://firebrick.ltd.uk/xml/fb2700/
http://firebrick.ltd.uk/xml/fb2700/0.00.605.xsd"
timestamp="1970-01-01T00:00:07Z">
<port name="LAN1" ports="1"/>
<port name="LAN2" ports="2"/>
<port name="LAN3" ports="3"/>
<port name="LAN4" ports="4"/>
<interface name="LAN1" port="LAN1">
<subnet comment="dhcp client"/>
<subnet ip="2001:DB8::1/64 10.0.0.1/24" nat="true"
comment="Temporary IPs for setup only, delete when finished configuring"/>
<dhcp ip="10.0.0.100-199"/>
</interface>
<ppp port="LAN4" username="startup_user@startup_domain" password=""
comment="Example PPPoE config for DSL/FTTC/FTTP/etc"/>
<services>
<ntp/>
<telnet comment="Set allow IP list to restrict access"/>
<http/>
</services>
<rule-set target-interface="LAN1" drop="reject" comment="default
firewall rule - block incoming">
<rule source-interface="self" comment="allow from the FireBrick
though"/>
</rule-set>
</config>
</syntaxhighlight>
 
Which sets up the 4 Ethernet ports as separate LANs, and an IP of 10.0.0.1 (and 2001:DB8::1)&nbsp;with the FireBrick acting DHCP server on the first port. So, connecting a computer to Port 1 should get you a 10.0.0.x IP address, and you can access http://10.0.0.1
 
AA-Andrew
autoreview, Bureaucrats, editor, Interface administrators, reviewer, Administrators
12,274

edits

Retrieved from ‘http://support.aa.net.uk/Special:MobileDiff/277