Setting an IP address

Stealth - no IP

The FireBrick® can be accessed using a stealth IP address (my.FireBrick.co.uk) from the LAN side if it is part of an existing network. This works right out of the box.

However you may also want to be able to set the time which requires an IP address that will get back to the FireBrick®. All you have to do to ensure that the time works is to set up a WAN stealth IP address which is one of the addresses of a computer that is normally on your LAN and turned on, and also set a gateway route address. Both of these are in the set up screen.

This will allow time, and if you wish syslog and email, to be sent externally apparently from a machine on your network. The FireBrick® will pick up the reply to the requests it sends but will not otherwise interfere with the normal working of the machine you have picked. The machine needs to be switched on to allow your internet router to send the packets which the FireBrick intercepts.

Stealth - with IP

Even if basically operating in a Stealth mode you may want to provide a real IP address to your FireBrick®.

Assuming you have a subnet of public IP addresses already, and have a spare IP address for the FireBrick®, then you can set up an IP address as follows :-

In this example we will assume that you have IP addresses 123.4.5.0/28 i.e. you have the range 123.4.5.0 to 123.4.5.15. Your router is 123.4.5.1 and you have picked 123.4.5.2 as the address for the FireBrick®.

  1. Set the LAN subnet to the FireBrick® IP (e.g. 123.4.5.2) and the subnet (e.g. 255.255.255.240) and set stealth mode
  2. Set the WAN subnet the same
  3. Set the default gateway route to 123.4.5.1 on the WAN
In this case the computers on your network will use the outside router as their gateway address, and the FireBrick® will respond from either side as 123.4.5.2.

Routed

You can give your FireBrick® a genuine IP and subnet each side if you wish. Some networks (e.g. radio internet connections and cable modems) will give you an external IP and gateway address as well as an internal IP and netmask.

For example - your ISP has allocated you an external address of 123.10.20.56/24 and a gateway of 123.10.20.1. You also have a block of addresses 123.4.5.0/28 allocated and you will make the FireBrick® 123.4.5.1.

  1. Set the WAN subnet to the outside addresses (e.g. IP 123.10.20.56 mask 255.255.255.0)
  2. Set the LAN subnet to the inside addresses (e.g. IP 123.4.5.1 mask 255.255.255.240)
  3. Set the default gateway route to 123.10.20.1 on the WAN
In this case the computers on your network will use the FireBrick® LAN IP address as their gateway.

Private with NAT

You could have the situation where you have a block of addresses allocated, but no inside addresses. This the same as above except that the inside addresses are a private range you pick (e.g. 10.0.0.0-255) and you should set the NAT tick box on the subnet.

DHCP with NAT - e.g. cable modem

Simply set a subnet for LAN with a private address and range and NAT set, and set a WAN subnet with DHCP client set (no other values needed). The cable modem will allocate the FireBrick® the network address and subnet as well as a gateway. Machines on your local network use the firebrick as a gateway and DNS servers.

You could set a range of IP addresses on your LAN subnet for DHCP serving to machines on your LAN.