Re: [AFMUG] UBNT firewall

Tue, 20 Jan 2015 10:16:17 -0800 

It creates another interface, a tagged one. You specify which interface is the 
management interface. Don't route it out of your network.

On January 20, 2015 9:13:06 AM AKST, Bill Prince <part15...@gmail.com> wrote:
>My understanding of the UBNT VLAN is that it's all one VLAN? How do you
>
>split management/sub traffic?
>
>bp
><part15sbs{at}gmail{dot}com>
>
>On 1/20/2015 10:05 AM, Josh Reynolds wrote:
>> Management. VLAN.
>>
>> On January 20, 2015 8:51:22 AM AKST, Bill Prince
><part15...@gmail.com> 
>> wrote:
>>
>>     Not the AP side, but the client side. We have traditionally
>NATted all
>>     residential subs on Canopy, and were trying to do the same with
>UBNT.
>>
>>     With Canopy it's easy, because the NATted TCP stack just passes
>through,
>>     and if SSH ports are open, it goes to the sub's router (no impact
>on the
>>     SM).
>>
>>     Not so with UBNT, as the public IP for NAT is also the IP for the
>CPE.
>>
>>     Just wondering if anyone else has tried the CPE firewall to
>prevent
>>     brute-force SSH logins.
>>
>>     I suppose I could cobble together something on the POP router,
>but
>>     looking for options.
>>
>>     bp
>>     <part15sbs{at}gmail{dot}com>
>>
>>     On 1/20/2015 9:37 AM, Peter Kranz wrote:
>>
>>         Generally a bad idea to use that firewall (at least on the
>>         access point side) as it supposedly cuts into your PPS
>>         capacity on the radio. Peter Kranz Founder/CEO - Unwired Ltd
>>         www.UnwiredLtd.com <http://www.UnwiredLtd.com> Desk:
>>         510-868-1614 x100 Mobile: 510-207-0000 pkr...@unwiredltd.com
>>         -----Original Message----- From: Af
>>         [mailto:af-boun...@afmug.com] On Behalf Of Bill Prince Sent:
>>         Monday, January 19, 2015 1:47 PM To: af@afmug.com Subject:
>Re:
>>         [AFMUG] UBNT firewall Nobody actually using the UBNT
>firewall?
>>         bp <part15sbs{at}gmail{dot}com> On 1/14/2015 11:25 AM, Bill
>>         Prince wrote:
>>
>>             We notice that any time we use NAT on UBNT we get a lot
>of
>>             login attempts via SSH. Are any of you using the firewall
>>             built in? It's not clear from the GUI interface whether
>>             this affects input or forwarding, or both. What I'd like
>>             to do is block any SSH logins that are not in one of our
>>             subnets, but I'm afraid if I turn it on, it will affect
>>             forwarded traffic. Examples?
>>
>>
>>
>> -- 
>> Sent from my Android device with K-9 Mail. Please excuse my brevity. 

-- 
Sent from my Android device with K-9 Mail. Please excuse my brevity.

Reply via email to