I've put business customers in bridge mode because I give them a routable IP and I trust they wont screw around with their router and cause network issues. Residential tend to put cables in the wrong place and add DNS servers to the bridge and you know what happens then! I've kicked around using DHCP and passing out /30 to to each customer's router but not sure how to do that when CPE is in router mode. Obviously that would be simple in bridge mode.
On Fri, Nov 28, 2014 at 4:16 PM, Mike Hammett <[email protected]> wrote: > Are you having any problems with bridge mode? Why are you trying to have a > routable IP on the customer's router and have your CPE in router mode? > > The only way you could do that is if every CPE had it's own /30 that you > would use to DHCP that /30 to the customer's router. Up from that CPE you > could have whatever address block you'd like, assuming it was greater than > the number of CPE you had. > > > > ----- > Mike Hammett > Intelligent Computing Solutions > http://www.ics-il.com > > <https://www.facebook.com/ICSIL> > <https://plus.google.com/+IntelligentComputingSolutionsDeKalb> > <https://www.linkedin.com/company/intelligent-computing-solutions> > <https://twitter.com/ICSIL> > > ------------------------------ > *From: *"RickG" <[email protected]> > *To: *"Ubiquiti Users Group" <[email protected]> > *Sent: *Friday, November 28, 2014 3:11:19 PM > > *Subject: *Re: [Ubnt_users] Default open/closed ports - [WAS] DMZ > Management Ports, what are they? > > What I'd really like to do is present a routable IP to their router. > Obviously that is easy in "bridge mode" but I haven't figured out how to do > it in "router mode". > > On Fri, Nov 28, 2014 at 4:01 PM, Mike Hammett <[email protected]> > wrote: > >> uPNP fixes XBox. >> >> Security cameras... depends. May still need manual port forwards on >> those. >> >> >> >> ----- >> Mike Hammett >> Intelligent Computing Solutions >> http://www.ics-il.com >> >> <https://www.facebook.com/ICSIL> >> <https://plus.google.com/+IntelligentComputingSolutionsDeKalb> >> <https://www.linkedin.com/company/intelligent-computing-solutions> >> <https://twitter.com/ICSIL> >> >> ------------------------------ >> *From: *"RickG" <[email protected]> >> *To: *"Ubiquiti Users Group" <[email protected]> >> *Sent: *Friday, November 28, 2014 2:58:16 PM >> >> *Subject: *Re: [Ubnt_users] Default open/closed ports - [WAS] DMZ >> Management Ports, what are they? >> >> Well, I occasionally get complaints that the XBox network test shows >> ports closed and security cameras aren't viewable remotely. I'll try UPNP. >> Thanks! >> >> On Fri, Nov 28, 2014 at 3:20 PM, Mike Hammett <[email protected]> >> wrote: >> >>> If there hasn't been an issue yet, then there's probably not a problem. >>> >>> Turn on uPNP, call it a day. >>> >>> >>> >>> ----- >>> Mike Hammett >>> Intelligent Computing Solutions >>> http://www.ics-il.com >>> >>> <https://www.facebook.com/ICSIL> >>> <https://plus.google.com/+IntelligentComputingSolutionsDeKalb> >>> <https://www.linkedin.com/company/intelligent-computing-solutions> >>> <https://twitter.com/ICSIL> >>> >>> ------------------------------ >>> *From: *"RickG" <[email protected]> >>> *To: *"Ubiquiti Users Group" <[email protected]> >>> *Sent: *Friday, November 28, 2014 2:10:39 PM >>> >>> *Subject: *Re: [Ubnt_users] Default open/closed ports - [WAS] DMZ >>> Management Ports, what are they? >>> >>> Mainly be sure I'm not causing issues for customers. Such as XBox or >>> security cameras not being able to function properly. >>> >>> On Fri, Nov 28, 2014 at 8:12 AM, Mike Hammett <[email protected] >>> > wrote: >>> >>>> What problem are you having that you're trying to solve? >>>> >>>> >>>> >>>> ----- >>>> Mike Hammett >>>> Intelligent Computing Solutions >>>> http://www.ics-il.com >>>> >>>> <https://www.facebook.com/ICSIL> >>>> <https://plus.google.com/+IntelligentComputingSolutionsDeKalb> >>>> <https://www.linkedin.com/company/intelligent-computing-solutions> >>>> <https://twitter.com/ICSIL> >>>> >>>> ------------------------------ >>>> *From: *"RickG" <[email protected]> >>>> *To: *"Ubiquiti Users Group" <[email protected]> >>>> *Sent: *Friday, November 28, 2014 2:19:56 AM >>>> >>>> *Subject: *Re: [Ubnt_users] Default open/closed ports - [WAS] DMZ >>>> Management Ports, what are they? >>>> >>>> True. Perhaps what I need to do on the CPE is set the DHCP range for 1 >>>> IP addy and put that addy in the DMZ? Then the radio wouldn't inadvertently >>>> block anything. >>>> >>>> On Thu, Nov 27, 2014 at 10:57 PM, Mike Hammett < >>>> [email protected]> wrote: >>>> >>>>> There's nothing to open or close. >>>>> >>>>> You couldn't set port forwards ahead of time without knowing what they >>>>> want and where they want it. That's what uPNP is for. >>>>> >>>>> >>>>> >>>>> ----- >>>>> Mike Hammett >>>>> Intelligent Computing Solutions >>>>> http://www.ics-il.com >>>>> >>>>> <https://www.facebook.com/ICSIL> >>>>> <https://plus.google.com/+IntelligentComputingSolutionsDeKalb> >>>>> <https://www.linkedin.com/company/intelligent-computing-solutions> >>>>> <https://twitter.com/ICSIL> >>>>> >>>>> ------------------------------ >>>>> *From: *"RickG" <[email protected]> >>>>> *To: *"Ubiquiti Users Group" <[email protected]> >>>>> *Sent: *Wednesday, November 26, 2014 10:19:45 PM >>>>> >>>>> *Subject: *Re: [Ubnt_users] Default open/closed ports - [WAS] DMZ >>>>> Management Ports, what are they? >>>>> >>>>> That helps a lot! I have my customers in router mode with NAT enabled >>>>> without opening any ports. I really dont get any complaints but I'm trying >>>>> to be sure I am not causing any undo issues for my customers, so, should I >>>>> open any ports or is default sufficient? >>>>> >>>>> On Wed, Nov 26, 2014 at 2:48 PM, Sam Tetherow <[email protected]> >>>>> wrote: >>>>> >>>>>> I think there is some confusion. >>>>>> >>>>>> In router mode with NAT enabled and DMZ disabled the only thing it >>>>>> will pass to the customer is stuff that is set in the port forwarding >>>>>> section. (iptables -t nat -L) >>>>>> >>>>>> In router mode with NAT enabled and DMZ enabled it will pass >>>>>> everything to the DMZ IP except management ports (unless DMZ management >>>>>> ports is checked) (iptables -t nat -L will show all ports not passed to >>>>>> the router). If DMZ management ports is checked then everything is sent >>>>>> to >>>>>> the DMZ IP. >>>>>> >>>>>> In router mode without NAT enabled it will route all traffic to the >>>>>> LAN address space, this means you need to have a subnet on the LAN side >>>>>> that is routed externally to the radio IP address. >>>>>> >>>>>> In bridge mode all traffic coming in WLAN will be passed to LAN. >>>>>> >>>>>> >>>>>> >>>>>> On 11/26/2014 11:04 AM, RickG wrote: >>>>>> >>>>>> Thanks Sam! With that, should I assume only those ports are being >>>>>> passed through the UBNT radio to the customer? >>>>>> >>>>>> On Wed, Nov 26, 2014 at 10:13 AM, Sam Tetherow <[email protected]> >>>>>> wrote: >>>>>> >>>>>>> Default should have ports 80, 443, 22 TCP for HTTP, HTTPS and SSH >>>>>>> as well as 10001 UDP for the discovery protocol. By open that means >>>>>>> those >>>>>>> are the only ports on the radio that have something listening on them. >>>>>>> If >>>>>>> you turn those services off on the services tab then they will no >>>>>>> longer be >>>>>>> listening on those ports. You can also turn on SNMP (UDP 161) and >>>>>>> telnet >>>>>>> (TCP 23) >>>>>>> >>>>>>> To see what ports are being listened on use 'netstat -nl' from the >>>>>>> command line, to see what ports are being forwarded you can use >>>>>>> 'iptables >>>>>>> -t nat -L' >>>>>>> >>>>>>> On 11/25/2014 08:27 PM, RickG wrote: >>>>>>> >>>>>>> I agree Mike, however my question is more basic than that. I realize >>>>>>> that a UBNT radio comes with the firewall turned off and in fact I've >>>>>>> never >>>>>>> turned it on. So, my question is: Default from the factory, which ports >>>>>>> are >>>>>>> open and/or closed? Obviously most common ports are open. Do I need to >>>>>>> open >>>>>>> any to prevent any issues? >>>>>>> >>>>>>> On Tue, Nov 25, 2014 at 10:02 AM, Mike Hammett < >>>>>>> [email protected]> wrote: >>>>>>> >>>>>>>> I think people go a bit excessive with firewalling. If there's no >>>>>>>> service there to answer, there's no need to firewall it. >>>>>>>> >>>>>>>> >>>>>>>> >>>>>>>> ----- >>>>>>>> Mike Hammett >>>>>>>> Intelligent Computing Solutions >>>>>>>> http://www.ics-il.com >>>>>>>> >>>>>>>> <https://www.facebook.com/ICSIL> >>>>>>>> <https://plus.google.com/+IntelligentComputingSolutionsDeKalb> >>>>>>>> <https://www.linkedin.com/company/intelligent-computing-solutions> >>>>>>>> <https://twitter.com/ICSIL> >>>>>>>> >>>>>>>> ------------------------------ >>>>>>>> *From: *"RickG" <[email protected]> >>>>>>>> *To: *"Ubiquiti Users Group" <[email protected]> >>>>>>>> *Sent: *Tuesday, November 25, 2014 9:00:45 AM >>>>>>>> *Subject: *Re: [Ubnt_users] Default open/closed ports - [WAS] DMZ >>>>>>>> Management Ports, what are they? >>>>>>>> >>>>>>>> Ya, thank goodness for upnp. I'm just trying to understand and be >>>>>>>> sure I'm not causing any issues for my customers as far as open & >>>>>>>> closed >>>>>>>> ports. Obviously certain ports are open but are they all? >>>>>>>> >>>>>>>> On Tue, Nov 25, 2014 at 7:32 AM, Josh Luthman < >>>>>>>> [email protected]> wrote: >>>>>>>> >>>>>>>>> If you're behind Nat your Xbox will say closed because they need >>>>>>>>> to be dstnated. There's upnp on the later versions. >>>>>>>>> >>>>>>>>> Josh Luthman >>>>>>>>> Office: 937-552-2340 >>>>>>>>> Direct: 937-552-2343 >>>>>>>>> 1100 Wayne St >>>>>>>>> Suite 1337 >>>>>>>>> Troy, OH 45373 >>>>>>>>> On Nov 25, 2014 12:28 AM, "RickG" <[email protected]> wrote: >>>>>>>>> >>>>>>>>>> So I should expect all ports to be open? >>>>>>>>>> >>>>>>>>>> On Mon, Nov 24, 2014 at 5:55 PM, Josh Luthman < >>>>>>>>>> [email protected]> wrote: >>>>>>>>>> >>>>>>>>>>> There are no firewall rules by default. Nothing is DMZ'ed nor >>>>>>>>>>> PAT'ed. >>>>>>>>>>> >>>>>>>>>>> >>>>>>>>>>> Josh Luthman >>>>>>>>>>> Office: 937-552-2340 >>>>>>>>>>> Direct: 937-552-2343 >>>>>>>>>>> 1100 Wayne St >>>>>>>>>>> Suite 1337 >>>>>>>>>>> Troy, OH 45373 >>>>>>>>>>> >>>>>>>>>>> On Mon, Nov 24, 2014 at 5:25 PM, RickG <[email protected]> >>>>>>>>>>> wrote: >>>>>>>>>>> >>>>>>>>>>>> This reminded me of a question: What ports are open or closed >>>>>>>>>>>> by default of a UBNT radio in router mode? >>>>>>>>>>>> >>>>>>>>>>>> On Wed, Nov 19, 2014 at 5:56 PM, Sam Tetherow < >>>>>>>>>>>> [email protected]> wrote: >>>>>>>>>>>> >>>>>>>>>>>>> Definitively list: >>>>>>>>>>>>> TCP telnet (23) >>>>>>>>>>>>> TCP http (80) >>>>>>>>>>>>> TCP https (443) >>>>>>>>>>>>> ICMP Echo-Request >>>>>>>>>>>>> TCP ssh (22) >>>>>>>>>>>>> TCP snmp (161) >>>>>>>>>>>>> TCP 18888 >>>>>>>>>>>>> UDP discard (9) >>>>>>>>>>>>> UDP 10001 - ubiquiti discovery protocol although it never >>>>>>>>>>>>> seems to reply >>>>>>>>>>>>> when in DMZ mode >>>>>>>>>>>>> >>>>>>>>>>>>> If any of the services are disabled on the radio then the >>>>>>>>>>>>> ports are >>>>>>>>>>>>> forwarded on to the DMZ radio, if the ports are changed on the >>>>>>>>>>>>> services >>>>>>>>>>>>> tab then they will be changed in the DMZ section. >>>>>>>>>>>>> >>>>>>>>>>>>> If in doubt, ssh into the radio and run iptables -t nat -L >>>>>>>>>>>>> >>>>>>>>>>>>> >>>>>>>>>>>>> >>>>>>>>>>>>> On 11/14/2014 06:36 PM, Matt Jenkins wrote: >>>>>>>>>>>>> > I assume 80, 22, 443. What others are there? I can't find it >>>>>>>>>>>>> in any of >>>>>>>>>>>>> > the manuals. >>>>>>>>>>>>> > _______________________________________________ >>>>>>>>>>>>> > Ubnt_users mailing list >>>>>>>>>>>>> > [email protected] >>>>>>>>>>>>> > http://lists.wispa.org/mailman/listinfo/ubnt_users >>>>>>>>>>>>> >>>>>>>>>>>>> _______________________________________________ >>>>>>>>>>>>> Ubnt_users mailing list >>>>>>>>>>>>> [email protected] >>>>>>>>>>>>> http://lists.wispa.org/mailman/listinfo/ubnt_users >>>>>>>>>>>>> >>>>>>>>>>>> >>>>>>>>>>>> >>>>>>>>>>>> >>>>>>>>>>>> -- >>>>>>>>>>>> -RickG KyWiFi >>>>>>>>>>>> >>>>>>>>>>>> _______________________________________________ >>>>>>>>>>>> Ubnt_users mailing list >>>>>>>>>>>> [email protected] >>>>>>>>>>>> http://lists.wispa.org/mailman/listinfo/ubnt_users >>>>>>>>>>>> >>>>>>>>>>>> >>>>>>>>>>> >>>>>>>>>>> _______________________________________________ >>>>>>>>>>> Ubnt_users mailing list >>>>>>>>>>> [email protected] >>>>>>>>>>> http://lists.wispa.org/mailman/listinfo/ubnt_users >>>>>>>>>>> >>>>>>>>>>> >>>>>>>>>> >>>>>>>>>> >>>>>>>>>> -- >>>>>>>>>> -RickG KyWiFi >>>>>>>>>> >>>>>>>>>> _______________________________________________ >>>>>>>>>> Ubnt_users mailing list >>>>>>>>>> [email protected] >>>>>>>>>> http://lists.wispa.org/mailman/listinfo/ubnt_users >>>>>>>>>> >>>>>>>>>> >>>>>>>>> _______________________________________________ >>>>>>>>> Ubnt_users mailing list >>>>>>>>> [email protected] >>>>>>>>> http://lists.wispa.org/mailman/listinfo/ubnt_users >>>>>>>>> >>>>>>>>> >>>>>>>> >>>>>>>> >>>>>>>> -- >>>>>>>> -RickG KyWiFi >>>>>>>> >>>>>>>> _______________________________________________ >>>>>>>> Ubnt_users mailing list >>>>>>>> [email protected] >>>>>>>> http://lists.wispa.org/mailman/listinfo/ubnt_users >>>>>>>> >>>>>>>> >>>>>>>> _______________________________________________ >>>>>>>> Ubnt_users mailing list >>>>>>>> [email protected] >>>>>>>> http://lists.wispa.org/mailman/listinfo/ubnt_users >>>>>>>> >>>>>>>> >>>>>>> >>>>>>> >>>>>>> -- >>>>>>> -RickG KyWiFi >>>>>>> >>>>>>> >>>>>>> _______________________________________________ >>>>>>> Ubnt_users mailing >>>>>>> [email protected]http://lists.wispa.org/mailman/listinfo/ubnt_users >>>>>>> >>>>>>> >>>>>>> >>>>>>> _______________________________________________ >>>>>>> Ubnt_users mailing list >>>>>>> [email protected] >>>>>>> http://lists.wispa.org/mailman/listinfo/ubnt_users >>>>>>> >>>>>>> >>>>>> >>>>>> >>>>>> -- >>>>>> -RickG KyWiFi >>>>>> >>>>>> >>>>>> _______________________________________________ >>>>>> Ubnt_users mailing >>>>>> [email protected]http://lists.wispa.org/mailman/listinfo/ubnt_users >>>>>> >>>>>> >>>>>> >>>>>> _______________________________________________ >>>>>> Ubnt_users mailing list >>>>>> [email protected] >>>>>> http://lists.wispa.org/mailman/listinfo/ubnt_users >>>>>> >>>>>> >>>>> >>>>> >>>>> -- >>>>> -RickG KyWiFi >>>>> >>>>> _______________________________________________ >>>>> Ubnt_users mailing list >>>>> [email protected] >>>>> http://lists.wispa.org/mailman/listinfo/ubnt_users >>>>> >>>>> >>>>> _______________________________________________ >>>>> Ubnt_users mailing list >>>>> [email protected] >>>>> http://lists.wispa.org/mailman/listinfo/ubnt_users >>>>> >>>>> >>>> >>>> >>>> -- >>>> -RickG KyWiFi >>>> >>>> _______________________________________________ >>>> Ubnt_users mailing list >>>> [email protected] >>>> http://lists.wispa.org/mailman/listinfo/ubnt_users >>>> >>>> >>>> _______________________________________________ >>>> Ubnt_users mailing list >>>> [email protected] >>>> http://lists.wispa.org/mailman/listinfo/ubnt_users >>>> >>>> >>> >>> >>> -- >>> -RickG KyWiFi >>> >>> _______________________________________________ >>> Ubnt_users mailing list >>> [email protected] >>> http://lists.wispa.org/mailman/listinfo/ubnt_users >>> >>> >>> _______________________________________________ >>> Ubnt_users mailing list >>> [email protected] >>> http://lists.wispa.org/mailman/listinfo/ubnt_users >>> >>> >> >> >> -- >> -RickG KyWiFi >> >> _______________________________________________ >> Ubnt_users mailing list >> [email protected] >> http://lists.wispa.org/mailman/listinfo/ubnt_users >> >> >> _______________________________________________ >> Ubnt_users mailing list >> [email protected] >> http://lists.wispa.org/mailman/listinfo/ubnt_users >> >> > > > -- > -RickG KyWiFi > > _______________________________________________ > Ubnt_users mailing list > [email protected] > http://lists.wispa.org/mailman/listinfo/ubnt_users > > > _______________________________________________ > Ubnt_users mailing list > [email protected] > http://lists.wispa.org/mailman/listinfo/ubnt_users > > -- -RickG KyWiFi
_______________________________________________ Ubnt_users mailing list [email protected] http://lists.wispa.org/mailman/listinfo/ubnt_users
