I have made the following changes to the firebrick config ready to go to more than threee modems.
<port name="Port-LAN" ports="1" comment="To main LAN switch"/>
<port name="Port-WAN" ports="2 3 4" comment="To small switch then to ADSL modems"/>
instead of having multiple separate entries defining Port-WAN1, Port-WAN2 Port-WAN2
For admin and stats access, I now have
<interface name="IF-Mdm1" port="Port-WAN" plan="101">
<subnet ip="192.168.1.254/24"/>
</interface>
<interface name="IF-Mdm2" port="Port-WAN" vlan="102">
<subnet ip="192.168.2.254/24"/>
</interface>
<interface name="IF-Mdm3" port="Port-WAN" vlan="103">
<subnet ip="192.168.3.254/24"/>
</interface>
<interface name="IF-Mdm4" port="Port-WAN" vlan="104">
<subnet ip="192.168.4.254/24"/>
</interface
<!-- and -->
<!-- == Modem admin interface helper NAT rules: ‘firewall’ rules which make return traffic work by NATing
See also above ##_MDM-REVERSE-NAT
The address .254 must match that earlier - see #_MDM_RETURN_NAT_254 and the interface names have to match
Return traffic from the modem goes to the Brick at 192.168._xx_.254 and then gets NAT-rewritten to direct it onwards back to the original sender.
-->
<!-- -->
<rule-set name="Modem 1 admin NAT" target-interface="IF-Mdm1" no-match-action="continue">
<rule set-source-ip="192.168.1.254"/>
</rule-set>
<rule-set name="Modem 2 admin NAT" target-interface="IF-Mdm2" no-match-action="continue">
<rule set-source-ip="192.168.2.254"/>
</rule-set>
<rule-set name="Modem 3 admin NAT" target-interface="IF-Mdm3" no-match-action="continue">
<rule set-source-ip="192.168.3.254"/>
</rule-set>
<rule-set name="Modem 4 admin NAT" target-interface="IF-Mdm4" no-match-action="continue">
<rule set-source-ip="192.168.4.254"/>
</rule-set>
with the VLAN tag values 100-104 that are used in the AA standard switch config posted in the
article on the AA website about accomoding more than three modems with a mux switch, and I have got rid of the distinct suffixed numbers on the physical port sockets Port-WAN1, Port-WAN2 etc. The second block is a load of firewall rules that perform NAT rewriting because the modem replies to admin requests, stats queries, telnet etc by talking back to 192.168.
modem_n.254 on the Firebrick-to-modem link.
I am hoping that this is enough. I do not know if the last bit will work, as the incoming stuff is arriving VLAN-tagged and it has to have the tag recognised and removed as well as being NATed and passed on to the main LAN, directed to the remembered rewritten destination.
Notice the extra one-liner comments
<!-- --> these are inserted as a workaround for bad bugs in the xml parser of the Firebrick, where it does not process comments properly sometimes, perhaps when there are newlines in the comment but not always. This is very poorly understood. It is known that some times it fails to recognise the end of a comment. A second close-comment marker always fixes such a bug. I have written a tool that tries to spot the known problem cases and warns appropriately, but it is not perfect. I have thus far failed to persuade RevK to simply fix the parser properly. I could just write my own tool to strip comments out though of course.