My understanding of the UBNT VLAN is that it's all one VLAN? How do you
split management/sub traffic?
bp
<part15sbs{at}gmail{dot}com>
On 1/20/2015 10:05 AM, Josh Reynolds wrote:
Management. VLAN.
On January 20, 2015 8:51:22 AM AKST, Bill Prince <part15...@gmail.com>
wrote:
Not the AP side, but the client side. We have traditionally NATted all
residential subs on Canopy, and were trying to do the same with UBNT.
With Canopy it's easy, because the NATted TCP stack just passes through,
and if SSH ports are open, it goes to the sub's router (no impact on the
SM).
Not so with UBNT, as the public IP for NAT is also the IP for the CPE.
Just wondering if anyone else has tried the CPE firewall to prevent
brute-force SSH logins.
I suppose I could cobble together something on the POP router, but
looking for options.
bp
<part15sbs{at}gmail{dot}com>
On 1/20/2015 9:37 AM, Peter Kranz wrote:
Generally a bad idea to use that firewall (at least on the
access point side) as it supposedly cuts into your PPS
capacity on the radio. Peter Kranz Founder/CEO - Unwired Ltd
www.UnwiredLtd.com <http://www.UnwiredLtd.com> Desk:
510-868-1614 x100 Mobile: 510-207-0000 pkr...@unwiredltd.com
-----Original Message----- From: Af
[mailto:af-boun...@afmug.com] On Behalf Of Bill Prince Sent:
Monday, January 19, 2015 1:47 PM To: af@afmug.com Subject: Re:
[AFMUG] UBNT firewall Nobody actually using the UBNT firewall?
bp <part15sbs{at}gmail{dot}com> On 1/14/2015 11:25 AM, Bill
Prince wrote:
We notice that any time we use NAT on UBNT we get a lot of
login attempts via SSH. Are any of you using the firewall
built in? It's not clear from the GUI interface whether
this affects input or forwarding, or both. What I'd like
to do is block any SSH logins that are not in one of our
subnets, but I'm afraid if I turn it on, it will affect
forwarded traffic. Examples?
--
Sent from my Android device with K-9 Mail. Please excuse my brevity.