That helps a lot! I have my customers in router mode with NAT enabled without opening any ports. I really dont get any complaints but I'm trying to be sure I am not causing any undo issues for my customers, so, should I open any ports or is default sufficient?
On Wed, Nov 26, 2014 at 2:48 PM, Sam Tetherow <[email protected]> wrote: > I think there is some confusion. > > In router mode with NAT enabled and DMZ disabled the only thing it will > pass to the customer is stuff that is set in the port forwarding section. > (iptables -t nat -L) > > In router mode with NAT enabled and DMZ enabled it will pass everything to > the DMZ IP except management ports (unless DMZ management ports is > checked) (iptables -t nat -L will show all ports not passed to the > router). If DMZ management ports is checked then everything is sent to the > DMZ IP. > > In router mode without NAT enabled it will route all traffic to the LAN > address space, this means you need to have a subnet on the LAN side that is > routed externally to the radio IP address. > > In bridge mode all traffic coming in WLAN will be passed to LAN. > > > > On 11/26/2014 11:04 AM, RickG wrote: > > Thanks Sam! With that, should I assume only those ports are being passed > through the UBNT radio to the customer? > > On Wed, Nov 26, 2014 at 10:13 AM, Sam Tetherow <[email protected]> > wrote: > >> Default should have ports 80, 443, 22 TCP for HTTP, HTTPS and SSH as >> well as 10001 UDP for the discovery protocol. By open that means those are >> the only ports on the radio that have something listening on them. If you >> turn those services off on the services tab then they will no longer be >> listening on those ports. You can also turn on SNMP (UDP 161) and telnet >> (TCP 23) >> >> To see what ports are being listened on use 'netstat -nl' from the >> command line, to see what ports are being forwarded you can use 'iptables >> -t nat -L' >> >> On 11/25/2014 08:27 PM, RickG wrote: >> >> I agree Mike, however my question is more basic than that. I realize that >> a UBNT radio comes with the firewall turned off and in fact I've never >> turned it on. So, my question is: Default from the factory, which ports are >> open and/or closed? Obviously most common ports are open. Do I need to open >> any to prevent any issues? >> >> On Tue, Nov 25, 2014 at 10:02 AM, Mike Hammett <[email protected] >> > wrote: >> >>> I think people go a bit excessive with firewalling. If there's no >>> service there to answer, there's no need to firewall it. >>> >>> >>> >>> ----- >>> Mike Hammett >>> Intelligent Computing Solutions >>> http://www.ics-il.com >>> >>> <https://www.facebook.com/ICSIL> >>> <https://plus.google.com/+IntelligentComputingSolutionsDeKalb> >>> <https://www.linkedin.com/company/intelligent-computing-solutions> >>> <https://twitter.com/ICSIL> >>> >>> ------------------------------ >>> *From: *"RickG" <[email protected]> >>> *To: *"Ubiquiti Users Group" <[email protected]> >>> *Sent: *Tuesday, November 25, 2014 9:00:45 AM >>> *Subject: *Re: [Ubnt_users] Default open/closed ports - [WAS] DMZ >>> Management Ports, what are they? >>> >>> Ya, thank goodness for upnp. I'm just trying to understand and be sure >>> I'm not causing any issues for my customers as far as open & closed ports. >>> Obviously certain ports are open but are they all? >>> >>> On Tue, Nov 25, 2014 at 7:32 AM, Josh Luthman < >>> [email protected]> wrote: >>> >>>> If you're behind Nat your Xbox will say closed because they need to be >>>> dstnated. There's upnp on the later versions. >>>> >>>> Josh Luthman >>>> Office: 937-552-2340 >>>> Direct: 937-552-2343 >>>> 1100 Wayne St >>>> Suite 1337 >>>> Troy, OH 45373 >>>> On Nov 25, 2014 12:28 AM, "RickG" <[email protected]> wrote: >>>> >>>>> So I should expect all ports to be open? >>>>> >>>>> On Mon, Nov 24, 2014 at 5:55 PM, Josh Luthman < >>>>> [email protected]> wrote: >>>>> >>>>>> There are no firewall rules by default. Nothing is DMZ'ed nor PAT'ed. >>>>>> >>>>>> >>>>>> Josh Luthman >>>>>> Office: 937-552-2340 >>>>>> Direct: 937-552-2343 >>>>>> 1100 Wayne St >>>>>> Suite 1337 >>>>>> Troy, OH 45373 >>>>>> >>>>>> On Mon, Nov 24, 2014 at 5:25 PM, RickG <[email protected]> wrote: >>>>>> >>>>>>> This reminded me of a question: What ports are open or closed by >>>>>>> default of a UBNT radio in router mode? >>>>>>> >>>>>>> On Wed, Nov 19, 2014 at 5:56 PM, Sam Tetherow <[email protected]> >>>>>>> wrote: >>>>>>> >>>>>>>> Definitively list: >>>>>>>> TCP telnet (23) >>>>>>>> TCP http (80) >>>>>>>> TCP https (443) >>>>>>>> ICMP Echo-Request >>>>>>>> TCP ssh (22) >>>>>>>> TCP snmp (161) >>>>>>>> TCP 18888 >>>>>>>> UDP discard (9) >>>>>>>> UDP 10001 - ubiquiti discovery protocol although it never seems to >>>>>>>> reply >>>>>>>> when in DMZ mode >>>>>>>> >>>>>>>> If any of the services are disabled on the radio then the ports are >>>>>>>> forwarded on to the DMZ radio, if the ports are changed on the >>>>>>>> services >>>>>>>> tab then they will be changed in the DMZ section. >>>>>>>> >>>>>>>> If in doubt, ssh into the radio and run iptables -t nat -L >>>>>>>> >>>>>>>> >>>>>>>> >>>>>>>> On 11/14/2014 06:36 PM, Matt Jenkins wrote: >>>>>>>> > I assume 80, 22, 443. What others are there? I can't find it in >>>>>>>> any of >>>>>>>> > the manuals. >>>>>>>> > _______________________________________________ >>>>>>>> > Ubnt_users mailing list >>>>>>>> > [email protected] >>>>>>>> > http://lists.wispa.org/mailman/listinfo/ubnt_users >>>>>>>> >>>>>>>> _______________________________________________ >>>>>>>> Ubnt_users mailing list >>>>>>>> [email protected] >>>>>>>> http://lists.wispa.org/mailman/listinfo/ubnt_users >>>>>>>> >>>>>>> >>>>>>> >>>>>>> >>>>>>> -- >>>>>>> -RickG KyWiFi >>>>>>> >>>>>>> _______________________________________________ >>>>>>> Ubnt_users mailing list >>>>>>> [email protected] >>>>>>> http://lists.wispa.org/mailman/listinfo/ubnt_users >>>>>>> >>>>>>> >>>>>> >>>>>> _______________________________________________ >>>>>> Ubnt_users mailing list >>>>>> [email protected] >>>>>> http://lists.wispa.org/mailman/listinfo/ubnt_users >>>>>> >>>>>> >>>>> >>>>> >>>>> -- >>>>> -RickG KyWiFi >>>>> >>>>> _______________________________________________ >>>>> Ubnt_users mailing list >>>>> [email protected] >>>>> http://lists.wispa.org/mailman/listinfo/ubnt_users >>>>> >>>>> >>>> _______________________________________________ >>>> Ubnt_users mailing list >>>> [email protected] >>>> http://lists.wispa.org/mailman/listinfo/ubnt_users >>>> >>>> >>> >>> >>> -- >>> -RickG KyWiFi >>> >>> _______________________________________________ >>> Ubnt_users mailing list >>> [email protected] >>> http://lists.wispa.org/mailman/listinfo/ubnt_users >>> >>> >>> _______________________________________________ >>> Ubnt_users mailing list >>> [email protected] >>> http://lists.wispa.org/mailman/listinfo/ubnt_users >>> >>> >> >> >> -- >> -RickG KyWiFi >> >> >> _______________________________________________ >> Ubnt_users mailing >> [email protected]http://lists.wispa.org/mailman/listinfo/ubnt_users >> >> >> >> _______________________________________________ >> Ubnt_users mailing list >> [email protected] >> http://lists.wispa.org/mailman/listinfo/ubnt_users >> >> > > > -- > -RickG KyWiFi > > > _______________________________________________ > Ubnt_users mailing > [email protected]http://lists.wispa.org/mailman/listinfo/ubnt_users > > > > _______________________________________________ > Ubnt_users mailing list > [email protected] > http://lists.wispa.org/mailman/listinfo/ubnt_users > > -- -RickG KyWiFi
_______________________________________________ Ubnt_users mailing list [email protected] http://lists.wispa.org/mailman/listinfo/ubnt_users
