Management. VLAN. On January 20, 2015 8:51:22 AM AKST, Bill Prince <[email protected]> wrote: >Not the AP side, but the client side. We have traditionally NATted all >residential subs on Canopy, and were trying to do the same with UBNT. > >With Canopy it's easy, because the NATted TCP stack just passes >through, >and if SSH ports are open, it goes to the sub's router (no impact on >the >SM). > >Not so with UBNT, as the public IP for NAT is also the IP for the CPE. > >Just wondering if anyone else has tried the CPE firewall to prevent >brute-force SSH logins. > >I suppose I could cobble together something on the POP router, but >looking for options. > >bp ><part15sbs{at}gmail{dot}com> > >On 1/20/2015 9:37 AM, Peter Kranz wrote: >> Generally a bad idea to use that firewall (at least on the access >point side) as it supposedly cuts into your PPS capacity on the radio. >> >> Peter Kranz >> Founder/CEO - Unwired Ltd >> www.UnwiredLtd.com >> Desk: 510-868-1614 x100 >> Mobile: 510-207-0000 >> [email protected] >> >> -----Original Message----- >> From: Af [mailto:[email protected]] On Behalf Of Bill Prince >> Sent: Monday, January 19, 2015 1:47 PM >> To: [email protected] >> Subject: Re: [AFMUG] UBNT firewall >> >> Nobody actually using the UBNT firewall? >> >> bp >> <part15sbs{at}gmail{dot}com> >> >> On 1/14/2015 11:25 AM, Bill Prince wrote: >>> We notice that any time we use NAT on UBNT we get a lot of login >>> attempts via SSH. Are any of you using the firewall built in? It's >>> not clear from the GUI interface whether this affects input or >>> forwarding, or both. >>> >>> What I'd like to do is block any SSH logins that are not in one of >our >>> subnets, but I'm afraid if I turn it on, it will affect forwarded >>> traffic. >>> >>> Examples? >>> >>> >>
-- Sent from my Android device with K-9 Mail. Please excuse my brevity.
