FireBrick 2700 Configuration run-through: Difference between revisions

FireBrick 2700 Configuration run-through (view source)

Revision as of 21:17, 6 January 2015

29 bytes added , 6 January 2015

m

clean up, typos fixed: on it's → on its (3), recieve → receive, ie → i.e. (3), etc) → etc.), eg: → e.g.: (13), 100Mb/s → 100Mbit/s (2)

Reedy

editor

698

edits

Revision as of 20:12, 1 October 2013 (view source) Feanor (talk \| contribs) (→‎For a BT or TT Line ( which will do PPPoA or PPPoE ):) ← Older edit		Revision as of 21:17, 6 January 2015 (view source) Reedy (talk \| contribs) m (clean up, typos fixed: on it's → on its (3), recieve → receive, ie → i.e. (3), etc) → etc.), eg: → e.g.: (13), 100Mb/s → 100Mbit/s (2)) Newer edit →
These instructions are mostly applicable to the 2500 too. The difference between the 2500 and the 2700 is that: 2700 has a USB port so supports 3G fallback, 2500 does not have the USB port 2700 has faster throughput (about ~~100Mb~~100Mbit/s on the 2500 compared to about ~~350Mb~~350Mbit/s on the 2700) =XML or Web UI config editor= Which sets up the 4 [[Ethernet]] ports as separate LANs, and an IP of 10.0.0.1 (and 2001:DB8::1) with the FireBrick acting DHCP server on the first port. So, connecting a computer to Port 1 should get you a 10.0.0.x IP address, and you can access http://10.0.0.1 . Port 1 is also a DHCP client, so it will try to get an IP from your DHCP server, if you have one. -Check your DHCP server logs for what IP is allocated. Port 4 is set as an example of a PPPoE client, (iei.e. to be plugged in to a [[ADSL modem]]/FTTC/FTTP modem etc.) we'll set this up a little later. = Configuring Initial Basic Settings = Set yourself a user with full debug rights, ege.g.: <syntaxhighlight> <user name="john" timeout="PT20M" level="DEBUG" password="secret"/> PT (Period Time) 20M is 20 minutes. You can just enter 3600, and it will convert it to PT1H (as in a number on ~~it's~~its own will mean seconds). Modify the ntp time server to use the AAISP time server: More info on http://www.firebrick.co.uk/fb2700/pppoe.php The [[FireBrick 2700]] supports PPPoE - so you can use it to connect via an xDSL modem, ege.g. a: A BT supplied FTTC/FTTP Modem A standard issue AAISP ZyXEL P660-D1, in bridge mode (Go to: Wan - Wan setup, mode Bridge, Encapsulation RFC1483, Multiplex LLC) Another [[ADSL Router\|ADSL router]] set for bridge mode A modem such as a Draytek [[~~Vigor_120~~Vigor 120]] (firmware 3.2.4.3 and above) Note: You cannot just use any of these devices on any line type: There are combinations that will work, and combinations that will not. You MUST read the link above. In short, BT lines can auto-detect PPPoA or PPPoE, so will work with pretty much anything. BE lines on the other hand are hard-coded to either PPPoE OR PPPoA. For a BE PPPoE line, a simple bridge mode router like the ZyXEL is the correct choice. For a BE PPPoA line, you need a device that can do true PPPoA on the wire <-> PPPoE on the LAN to the FB. The Vigour 120 is one of the only devices that can do this. This is using [[Ethernet]] port 4, so plug your modem in to that port. This line can be changed for your ADSL settings, ege.g.: <syntaxhighlight> <ppp port="WAN1" username="abc@a.1" password="secret" comment="BT ADSL" graph="BT ADSL" log="true"/> The Default MTU is 1492 for PPPoE. However if your modem supports jumboframes, then you should be able to use a full 1500MTU on the PPPoE. The BT supplied modem for FTTC does support this, other modems may or may not... Config wise, just add mtu="1500" to the ppp element. e.g.: ~~eg:~~ <syntaxhighlight> <ppp port="WAN1" username="abc@a.1" password="secret" comment="BT ADSL" graph="BT ADSL" log="true" mtu="1500"/> When setting up the ZyXEL to work with the FireBrick, set the WAN settings to be: ===For a BT or TT Line ( which will do PPPoA or PPPoE ):=== Name: AAISP (But can be anything) Mode: Bridge ADSL modulation type: Multimode ===( Obsolete )For a Be PPPoE Line:=== Name: AAISP (But can be anything) Mode: Bridge ADSL modulation type: Multimode ===( Obsolete )For a Be PPPoA Line:=== Most A&A BE lines from around December 2010 are PPPoA - they use the same VPI/VCI as BT (0/38). </syntaxhighlight> For debugging, you can add log="true" and/or graph="xyz" to the <rule .../> lines, which will then print an entry to the log when the rule is matched, and will also draw graphs for that traffic, ege.g.: == VoIP Rules == == Restricting FireBrick Config access == You may only want to allow access to the FireBrick webserver from your LAN, do this in the http service, ege.g., change the current line to: <syntaxhighlight> <http allow="192.0.2.1/28"/> There are a couple of different mechanisms available to push out [[IPv6]] DNS servers, and the FB2700 supports both. Be sure your DNS server actually responds on ~~it's~~its [[IPv6]] address! The first method is to have the FB include the DNS server addresses as a new option( RDNSS ) in the Router Announcements. ( RFC6106 ). If the client is smart enough, this is all it will take. Most clients are not currently able to ~~recieve~~receive this option. So we can also use the more traditional method: Setting the 'O' flag in the RA, telling the client to do DHCPv6 after auto-configuration, and request 'Other' config data, iei.e. DNS. <syntaxhighlight> == Set up second PPPoE == Set up port 3 to connect to the second modem you have, iei.e.: <syntaxhighlight> <ppp port="WAN2" username="abc@a.2" password="secret" comment="BT ADSL" graph="BT ADSL 2" log="true"/> *Port 4 = ADSL Line 1 == Bond the PPPoE: == ''[[Bonding]] on a 2700 requires the [[Bonding]] capability - found on the Fully-Loaded and [[Bonding]] variants.'' Simply setting speed=x in the ppp config will bond the PPPoE for uplink. The speed value is in ''bits per sec''. You can use G/M/K when specifying the value, as well as B for bytes, or i, power of 2. ege.g., 1000000 is the same as 1M) ege.g.: <syntaxhighlight> <ppp port="WAN1" username="abc@a.1" password="secret" comment="BT ADSL" graph="BT ADSL" log="true" speed="1000000"/> </syntaxhighlight> Since each PPP connection will give the FireBrick a default route, the FireBrick will use both, and upload traffic on each ppp connection up to the speed given. The speed is in bits, so this example is where the upload is 1M. If the upload is different on the lines, then that's fine - ege.g., you may have a line using Annex-A and one Annex-M. Setting the speed correctly will mean the correct amount of traffic will be sent up each line. Our config now looks like this: == Accessing the Modem == The modem, or [[ADSL Router\|ADSL router]] in bridge mode, will also have a LAN IP that you can use to get to ~~it's~~its config pages etc. ege.g., the ZyXEL P660-R will still have a LAN setting, with an IP set. For the purpose of this example, let's assume the modem is on 192.168.1.2 mask 255.255.255.0. In order to talk to the Modem from the LAN side of the FireBrick, a Subnet on the FireBrick needs to be made. This subnet would be on the WAN Interface, ege.g.: <syntaxhighlight> </syntaxhighlight> == Static Routes: == The previous config will put the FB on 192.168.1.1, and allow the FB to route IP packets between your LAN subnet and the 192.168.1 subnet. However, at this stage, you may find you are still unable to ping the modem on the WAN port. This is because although packets from your 81.x.x.x address are correctly routed to the modem, the modem itself knows no route back to 81.x.x.x. It know nothing of the FB. So we need to tell it by setting a static route. ZyXel P-660R: You will have configured the IP and Netmask on the 'LAN' tab. But there's no 'Gateway', so we must go to 'Advanced' -> 'Static Routes' tab, and create one. Enter it as follows: IP, Mask = base address of your internal LAN; ege.g.: 81.xx.xx.0, 255.255.255.192. The 'Gateway' address is pointing back at the FB, ege.g. 192.168.1.1. Check the box to Activate the route, hit the 'Apply' button, and that's it done. [[Vigor 120]]: