FireBrick Traffic Shaping: Difference between revisions
| Line 8: | Line 8: | ||
==Proxy-arp Mode== |
==Proxy-arp Mode== |
||
If you want the Firebrick to be 'invisible' on your LAN, ie, you have machines on the LAN which use the gateway IP of your router, and you do not want to use the FireBrick as the router, then setting proxy-arp on the subnets is required. - this will then proxy arps between the FireBricks LAN and WAN, both ways. -Note broadcast traffic is not passed through the FireBrick - so the router won't be able to do DHCP - the FireBrick can, or another host on the LAN can instead. |
If you want the Firebrick to be 'invisible' on your LAN, ie, you have machines on the LAN which use the gateway IP of your router, and you do not want to use the FireBrick as the router, then setting proxy-arp on the subnets is required. - this will then proxy arps between the FireBricks LAN and WAN, both ways. -Note broadcast traffic is not passed through the FireBrick - so the router won't be able to do DHCP - the FireBrick can, or another host on the LAN can instead. |
||
Here is a config snipet where physical ports are as follows: |
|||
*1 for the WAN, plugged in to the internet router |
|||
*2 for the LAN, plugged in to the network |
|||
*3 and 4 are unused. |
|||
In terms of IP addressing on the network: |
|||
*192.0.2.1 is the Internet router |
|||
*192.0.2.245 has been assigned to the FireBrick |
|||
*192.0.2.2-253 is used for the various clients on the LAN |
|||
<syntaxhighlight> |
|||
<port name="WAN" ports="1"/> |
|||
<port name="LAN" ports="2"/> |
|||
<interface name="WAN" port="WAN"> |
|||
<subnet ip="192.0.2.254/24" gateway="192.0.2.1" proxy-arp="true"/> |
|||
</interface> |
|||
<interface name="LAN" port="LAN"> |
|||
<subnet ip="192.0.2.254/24" proxy-arp="true"/> |
|||
</interface> |
|||
</syntaxhighlight> |
|||
Revision as of 15:28, 11 February 2011
Overview
The FireBrick 2700 has been used as a 'black' box traffic shaping device in shared offices. It's quite easy to configure a FireBrick for a 'serviced office' scenario where tenants pay for a slice of a fast pipe. The FireBrick can shape based on parameters such as source/target IP/port/protocol, giving flexibility. When shaping, CWL graphs are produces for each 'shaper', giving a visual representation of the traffic.
block-box
If a managed office already has network infrastructure then the FireBrick can work in a proxy-arp mode, and physically sit on your network between your router and your LAN.
Config Examples
Proxy-arp Mode
If you want the Firebrick to be 'invisible' on your LAN, ie, you have machines on the LAN which use the gateway IP of your router, and you do not want to use the FireBrick as the router, then setting proxy-arp on the subnets is required. - this will then proxy arps between the FireBricks LAN and WAN, both ways. -Note broadcast traffic is not passed through the FireBrick - so the router won't be able to do DHCP - the FireBrick can, or another host on the LAN can instead.
Here is a config snipet where physical ports are as follows:
- 1 for the WAN, plugged in to the internet router
- 2 for the LAN, plugged in to the network
- 3 and 4 are unused.
In terms of IP addressing on the network:
- 192.0.2.1 is the Internet router
- 192.0.2.245 has been assigned to the FireBrick
- 192.0.2.2-253 is used for the various clients on the LAN
<port name="WAN" ports="1"/>
<port name="LAN" ports="2"/>
<interface name="WAN" port="WAN">
<subnet ip="192.0.2.254/24" gateway="192.0.2.1" proxy-arp="true"/>
</interface>
<interface name="LAN" port="LAN">
<subnet ip="192.0.2.254/24" proxy-arp="true"/>
</interface>