Can't you just firewall the management ports? ________________________________ From: Af [af-boun...@afmug.com] on behalf of Wireless Admin via Af [af@afmug.com] Sent: Friday, December 26, 2014 10:58 AM To: af@afmug.com Subject: Re: [AFMUG] ePMP management access from Internet
I don’t know that the radio is capable of distinguishing the difference between a forward packet and Input like Mikrotik. Steve B. ________________________________ From: Af [mailto:af-boun...@afmug.com] On Behalf Of Josh Luthman via Af Sent: Friday, December 26, 2014 11:56 AM To: af@afmug.com Subject: Re: [AFMUG] ePMP management access from Internet Firewall it? Josh Luthman Office: 937-552-2340 Direct: 937-552-2343 1100 Wayne St Suite 1337 Troy, OH 45373 On Dec 26, 2014 11:54 AM, "Wireless Admin via Af" <af@afmug.com<mailto:af@afmug.com>> wrote: They did but the radio still responds on the NAT public IP. In our case that’s a PPPoE connection. Steve B. ________________________________ From: Af [mailto:af-boun...@afmug.com<mailto:af-boun...@afmug.com>] On Behalf Of Josh Luthman via Af Sent: Friday, December 26, 2014 11:48 AM To: af@afmug.com<mailto:af@afmug.com> Subject: Re: [AFMUG] ePMP management access from Internet Two WAN like Canopy. I believe it was added in 2.3.3. Josh Luthman Office: 937-552-2340<tel:937-552-2340> Direct: 937-552-2343<tel:937-552-2343> 1100 Wayne St Suite 1337 Troy, OH 45373 On Dec 26, 2014 11:46 AM, "Wireless Admin via Af" <af@afmug.com<mailto:af@afmug.com>> wrote: Has anyone figured out how to lock down an ePMP radio so it can not be accessed from the Internet? In bridged mode this is not a problem since the Radio can be configured for a private IP. As soon as NAT is enabled and a public IP is used on the radio the management interface is exposed. We got Cambium to implement a secondary IP for management but the radio still responds on the Public side of the NAT. Could this just be an oversight on their part? Steve B