Not the AP side, but the client side. We have traditionally NATted all residential subs on Canopy, and were trying to do the same with UBNT.

With Canopy it's easy, because the NATted TCP stack just passes through, and if SSH ports are open, it goes to the sub's router (no impact on the SM).

Not so with UBNT, as the public IP for NAT is also the IP for the CPE.

Just wondering if anyone else has tried the CPE firewall to prevent brute-force SSH logins.

I suppose I could cobble together something on the POP router, but looking for options.

bp
<part15sbs{at}gmail{dot}com>

On 1/20/2015 9:37 AM, Peter Kranz wrote:
Generally a bad idea to use that firewall (at least on the access point side) 
as it supposedly cuts into your PPS capacity on the radio.

Peter Kranz
Founder/CEO - Unwired Ltd
www.UnwiredLtd.com
Desk: 510-868-1614 x100
Mobile: 510-207-0000
pkr...@unwiredltd.com

-----Original Message-----
From: Af [mailto:af-boun...@afmug.com] On Behalf Of Bill Prince
Sent: Monday, January 19, 2015 1:47 PM
To: af@afmug.com
Subject: Re: [AFMUG] UBNT firewall

Nobody actually using the UBNT firewall?

bp
<part15sbs{at}gmail{dot}com>

On 1/14/2015 11:25 AM, Bill Prince wrote:
We notice that any time we use NAT on UBNT we get a lot of login
attempts via SSH.  Are any of you using the firewall built in? It's
not clear from the GUI interface whether this affects input or
forwarding, or both.

What I'd like to do is block any SSH logins that are not in one of our
subnets, but I'm afraid if I turn it on, it will affect forwarded
traffic.

Examples?




Reply via email to