Re: [Ubnt_users] Default open/closed ports - [WAS] DMZ Management Ports, what are they?

Sam Tetherow Wed, 26 Nov 2014 11:49:09 -0800

I think there is some confusion.

In router mode with NAT enabled and DMZ disabled the only thing it willpass to the customer is stuff that is set in the port forwardingsection. (iptables -t nat -L)

In router mode with NAT enabled and DMZ enabled it will pass everythingto the DMZ IP except management ports (unless DMZ management ports ischecked) (iptables -t nat -L will show all ports not passed to therouter). If DMZ management ports is checked then everything is sent tothe DMZ IP.

In router mode without NAT enabled it will route all traffic to the LANaddress space, this means you need to have a subnet on the LAN side thatis routed externally to the radio IP address.


In bridge mode all traffic coming in WLAN will be passed to LAN.


On 11/26/2014 11:04 AM, RickG wrote:

Thanks Sam! With that, should I assume only those ports are beingpassed through the UBNT radio to the customer?

On Wed, Nov 26, 2014 at 10:13 AM, Sam Tetherow <[email protected]<mailto:[email protected]>> wrote:


    Default should have ports 80, 443, 22 TCP for HTTP, HTTPS and SSH
    as well as 10001 UDP for the discovery protocol.  By open that
    means those are the only ports on the radio that have something
    listening on them.  If you turn those services off on the services
    tab then they will no longer be listening on those ports.  You can
    also turn on SNMP (UDP 161) and telnet (TCP 23)

    To see what ports are being listened on use 'netstat -nl' from the
    command line, to see what ports are being forwarded you can use
    'iptables -t nat -L'

    On 11/25/2014 08:27 PM, RickG wrote:

    I agree Mike, however my question is more basic than that. I
    realize that a UBNT radio comes with the firewall turned off and
    in fact I've never turned it on. So, my question is: Default from
    the factory, which ports are open and/or closed? Obviously most
    common ports are open. Do I need to open any to prevent any issues?

    On Tue, Nov 25, 2014 at 10:02 AM, Mike Hammett
    <[email protected] <mailto:[email protected]>> wrote:

        I think people go a bit excessive with firewalling. If
        there's no service there to answer, there's no need to
        firewall it.



        -----
        Mike Hammett
        Intelligent Computing Solutions
        http://www.ics-il.com

        
<https://www.facebook.com/ICSIL><https://plus.google.com/+IntelligentComputingSolutionsDeKalb><https://www.linkedin.com/company/intelligent-computing-solutions><https://twitter.com/ICSIL>

        ------------------------------------------------------------------------
        *From: *"RickG" <[email protected]
        <mailto:[email protected]>>
        *To: *"Ubiquiti Users Group" <[email protected]
        <mailto:[email protected]>>
        *Sent: *Tuesday, November 25, 2014 9:00:45 AM
        *Subject: *Re: [Ubnt_users] Default open/closed ports - [WAS]
        DMZ Management Ports, what are they?

        Ya, thank goodness for upnp. I'm just trying to understand
        and be sure I'm not causing any issues for my customers as
        far as open & closed ports. Obviously certain ports are open
        but are they all?

        On Tue, Nov 25, 2014 at 7:32 AM, Josh Luthman
        <[email protected]
        <mailto:[email protected]>> wrote:

            If you're behind Nat your Xbox will say closed because
            they need to be dstnated.  There's upnp on the later
            versions.

            Josh Luthman
            Office: 937-552-2340
            Direct: 937-552-2343
            1100 Wayne St
            Suite 1337
            Troy, OH 45373

            On Nov 25, 2014 12:28 AM, "RickG" <[email protected]
            <mailto:[email protected]>> wrote:

                So I should expect all ports to be open?

                On Mon, Nov 24, 2014 at 5:55 PM, Josh Luthman
                <[email protected]
                <mailto:[email protected]>> wrote:

                    There are no firewall rules by default.  Nothing
                    is DMZ'ed nor PAT'ed.


                    Josh Luthman
                    Office: 937-552-2340 <tel:937-552-2340>
                    Direct: 937-552-2343 <tel:937-552-2343>
                    1100 Wayne St
                    Suite 1337
                    Troy, OH 45373

                    On Mon, Nov 24, 2014 at 5:25 PM, RickG
                    <[email protected]
                    <mailto:[email protected]>> wrote:

                        This reminded me of a question: What ports
                        are open or closed by default of a UBNT radio
                        in router mode?

                        On Wed, Nov 19, 2014 at 5:56 PM, Sam Tetherow
                        <[email protected]
                        <mailto:[email protected]>> wrote:

                            Definitively list:
                            TCP telnet (23)
                            TCP http (80)
                            TCP https (443)
                            ICMP Echo-Request
                            TCP ssh (22)
                            TCP snmp (161)
                            TCP 18888
                            UDP discard (9)
                            UDP 10001 - ubiquiti discovery protocol
                            although it never seems to reply
                            when in DMZ mode

                            If any of the services are disabled on
                            the radio then the ports are
                            forwarded on to the DMZ radio, if the
                            ports are changed on the services
                            tab then they will be changed in the DMZ
                            section.

                            If in doubt, ssh into the radio and run
                            iptables -t nat -L



                            On 11/14/2014 06:36 PM, Matt Jenkins wrote:
                            > I assume 80, 22, 443. What others are
                            there? I can't find it in any of
                            > the manuals.
                            >
                            _______________________________________________
                            > Ubnt_users mailing list
                            > [email protected]
                            <mailto:[email protected]>
                            >
                            http://lists.wispa.org/mailman/listinfo/ubnt_users

                            _______________________________________________
                            Ubnt_users mailing list
                            [email protected]
                            <mailto:[email protected]>
                            http://lists.wispa.org/mailman/listinfo/ubnt_users

---RickG KyWiFi


                        _______________________________________________
                        Ubnt_users mailing list
                        [email protected]
                        <mailto:[email protected]>
                        http://lists.wispa.org/mailman/listinfo/ubnt_users



                    _______________________________________________
                    Ubnt_users mailing list
                    [email protected] <mailto:[email protected]>
                    http://lists.wispa.org/mailman/listinfo/ubnt_users

---RickG KyWiFi


                _______________________________________________
                Ubnt_users mailing list
                [email protected] <mailto:[email protected]>
                http://lists.wispa.org/mailman/listinfo/ubnt_users


            _______________________________________________
            Ubnt_users mailing list
            [email protected] <mailto:[email protected]>
            http://lists.wispa.org/mailman/listinfo/ubnt_users

---RickG KyWiFi


        _______________________________________________
        Ubnt_users mailing list
        [email protected] <mailto:[email protected]>
        http://lists.wispa.org/mailman/listinfo/ubnt_users


        _______________________________________________
        Ubnt_users mailing list
        [email protected] <mailto:[email protected]>
        http://lists.wispa.org/mailman/listinfo/ubnt_users

---RickG KyWiFi



    _______________________________________________
    Ubnt_users mailing list
    [email protected]  <mailto:[email protected]>
    http://lists.wispa.org/mailman/listinfo/ubnt_users



    _______________________________________________
    Ubnt_users mailing list
    [email protected] <mailto:[email protected]>
    http://lists.wispa.org/mailman/listinfo/ubnt_users




--
-RickG KyWiFi


_______________________________________________
Ubnt_users mailing list
[email protected]
http://lists.wispa.org/mailman/listinfo/ubnt_users

_______________________________________________
Ubnt_users mailing list
[email protected]
http://lists.wispa.org/mailman/listinfo/ubnt_users

Re: [Ubnt_users] Default open/closed ports - [WAS] DMZ Management Ports, what are they?

Reply via email to