Jump to content

This is the support site for Andrews & Arnold Ltd, a UK Internet provider. Information on these pages is generally for our customers but may be useful to others, enjoy!

FireBrick 2700 Configuration run-through: Difference between revisions

FireBrick 2700 Configuration run-through (view source)

Revision as of 16:56, 11 January 2011

40 bytes added ,  11 January 2011
no edit summary
No edit summary
 
*Username= abc@a.1 Password=secret
*Routed IP block = 1192.20.32.0/28
(Later in the page, we'll be adding an IPv6 block, and bonding with a second line)
 
modify the telnet service to permit only access from your LAN:
<syntaxhighlight>
<telnet allow="1192.20.32.0/28"/>
</syntaxhighlight>
Set DNS servers and your domain name, under the services (here we're using the AAISP DNS servers:
So, first we'll add a new subnet, this can go under the current 10.0.0.1 subnet (which we'll delete later.)&nbsp;And we'll make this a DHCP server:
<syntaxhighlight>
<subnet ip="1192.20.32.1/28" comment="LAN"/>
<dhcp ip="1192.20.32.2-12"/>
</syntaxhighlight>
Remove the existing DHCP settings for the 10.0.0.1 interface. The LAN! interface now looks like this:
<subnet comment="dhcp client"/>
<subnet ip="2001:DB8::1/64 10.0.0.1/24" nat="true" comment="Temporary IPs for setup only, delete when finished configuring"/>
<subnet ip="1192.20.32.1/28" comment="LAN"/>
<dhcp ip="1192.20.32.2-12"/>
</interface>
</syntaxhighlight>
<subnet comment="dhcp client"/>
<subnet ip="2001:DB8::1/64 10.0.0.1/24" nat="true" comment="Temporary IPs for setup only, delete when finished configuring"/>
<subnet ip="1192.20.32.1/28" comment="LAN"/>
<dhcp ip="1192.20.32.2-12"/>
</interface>
<ppp port="LAN4" username="startup_user@startup_domain" password="" comment="Example PPPoE config for DSL/FTTC/FTTP/etc"/>
<dns domain="yourdomain.tld" resolvers="217.169.20.20 217.169.20.21"/>
<ntp timeserver="90.155.53.32 2001:8B0:0:53::5A9B:3520"/>
<telnet allow="1192.20.32.0/28"/>
<http/>
</services>
At this point we can save the config, there should be no errors.
 
Our computer should then pick up a new 1192.20.32.x IP address, and we can connected back to the FireBrick on http://1192.20.32.1
 
if that works, we can now safely remove the DHCP client subnet and the&nbsp;10.0.0.1 subnet, so remove the lines:
<subnet comment="dhcp client"/>
<subnet ip="2001:DB8::1/64 10.0.0.1/24" nat="true" comment="Temporary IPs for setup only, delete when finished configuring"/>
<subnet ip="1192.20.32.1/28" comment="LAN"/>
<dhcp ip="1192.20.32.2-12"/>
</interface>
<ppp port="WAN1" username="abc@a.1" password="secret" comment="BT ADSL" graph="BT ADSL" log="true"/>
<dns domain="yourdomain.tld" resolvers="217.169.20.20 217.169.20.21"/>
<ntp timeserver="90.155.53.32 2001:8B0:0:53::5A9B:3520"/>
<telnet allow="1192.20.32.0/28"/>
<http/>
</services>
<syntaxhighlight>
<rule-set name="Incoming Firewall Rules">
<rule name="SIP" source-ip="81.187.30.110-119" target-ip="1192.20.32.0/28" target-port="5060-5069"/>
<rule name="RTP" target-ip="1192.20.32.0/28" protocol="17" target-port="1025-5059 5070-" set-graph="RTP"/>
</rule-set>
</syntaxhighlight>
You may only want to allow access to the FireBrick webserver from your LAN, do this in the http service, eg, change the current line to:
<syntaxhighlight>
<http allow="1192.20.32.1/28"/>
</syntaxhighlight>
 
<subnet comment="dhcp client"/>
<subnet ip="2001:DB8::1/64 10.0.0.1/24" nat="true" comment="Temporary IPs for setup only, delete when finished configuring"/>
<subnet ip="1192.20.32.1/28" comment="LAN"/>
<dhcp ip="1192.20.32.2-12"/>
<subnet ip="2001:8B0:1635::1/64" ra="true" comment="IPv6 LAN"/>
</interface>
<dns domain="yourdomain.tld" resolvers="217.169.20.20 217.169.20.21"/>
<ntp timeserver="90.155.53.32 2001:8B0:0:53::5A9B:3520"/>
<telnet allow="1192.20.32.0/28"/>
<http/>
</services>
AA-Andrew
autoreview, Bureaucrats, editor, Interface administrators, reviewer, Administrators
12,274

edits

Retrieved from ‘http://support.aa.net.uk/Special:MobileDiff/363