Can't you just firewall the management ports? ________________________________ From: Af [[email protected]] on behalf of Wireless Admin via Af [[email protected]] Sent: Friday, December 26, 2014 10:58 AM To: [email protected] Subject: Re: [AFMUG] ePMP management access from Internet
I don’t know that the radio is capable of distinguishing the difference between a forward packet and Input like Mikrotik. Steve B. ________________________________ From: Af [mailto:[email protected]] On Behalf Of Josh Luthman via Af Sent: Friday, December 26, 2014 11:56 AM To: [email protected] Subject: Re: [AFMUG] ePMP management access from Internet Firewall it? Josh Luthman Office: 937-552-2340 Direct: 937-552-2343 1100 Wayne St Suite 1337 Troy, OH 45373 On Dec 26, 2014 11:54 AM, "Wireless Admin via Af" <[email protected]<mailto:[email protected]>> wrote: They did but the radio still responds on the NAT public IP. In our case that’s a PPPoE connection. Steve B. ________________________________ From: Af [mailto:[email protected]<mailto:[email protected]>] On Behalf Of Josh Luthman via Af Sent: Friday, December 26, 2014 11:48 AM To: [email protected]<mailto:[email protected]> Subject: Re: [AFMUG] ePMP management access from Internet Two WAN like Canopy. I believe it was added in 2.3.3. Josh Luthman Office: 937-552-2340<tel:937-552-2340> Direct: 937-552-2343<tel:937-552-2343> 1100 Wayne St Suite 1337 Troy, OH 45373 On Dec 26, 2014 11:46 AM, "Wireless Admin via Af" <[email protected]<mailto:[email protected]>> wrote: Has anyone figured out how to lock down an ePMP radio so it can not be accessed from the Internet? In bridged mode this is not a problem since the Radio can be configured for a private IP. As soon as NAT is enabled and a public IP is used on the radio the management interface is exposed. We got Cambium to implement a secondary IP for management but the radio still responds on the Public side of the NAT. Could this just be an oversight on their part? Steve B
