OK. Great. We can put another IP on a management IP on the VLAN. How
does that block the SSH logins?
Can you specify that SSH only goes through the management VLAN?
bp
<part15sbs{at}gmail{dot}com>
On 1/20/2015 10:14 AM, Josh Reynolds wrote:
It creates another interface, a tagged one. You specify which
interface is the management interface. Don't route it out of your network.
On January 20, 2015 9:13:06 AM AKST, Bill Prince <part15...@gmail.com>
wrote:
My understanding of the UBNT VLAN is that it's all one VLAN? How
do you split management/sub traffic?
bp
<part15sbs{at}gmail{dot}com>
On 1/20/2015 10:05 AM, Josh Reynolds wrote:
Management. VLAN.
On January 20, 2015 8:51:22 AM AKST, Bill Prince
<part15...@gmail.com> wrote:
Not the AP side, but the client side. We have traditionally NATted all
residential subs on Canopy, and were trying to do the same with UBNT.
With Canopy it's easy, because the NATted TCP stack just passes through,
and if SSH ports are open, it goes to the sub's router (no impact on the
SM).
Not so with UBNT, as the public IP for NAT is also the IP for the CPE.
Just wondering if anyone else has tried the CPE firewall to prevent
brute-force SSH logins.
I suppose I could cobble together something on the POP router, but
looking for options.
bp
<part15sbs{at}gmail{dot}com>
On 1/20/2015 9:37 AM, Peter Kranz wrote:
Generally a bad idea to use that firewall (at least on
the access point side) as it supposedly cuts into your
PPS capacity on the radio. Peter Kranz Founder/CEO -
Unwired Ltd www.UnwiredLtd.com
<http://www.UnwiredLtd.com> Desk: 510-868-1614 x100
Mobile: 510-207-0000 pkr...@unwiredltd.com -----Original
Message----- From: Af [mailto:af-boun...@afmug.com] On
Behalf Of Bill Prince Sent: Monday, January 19, 2015 1:47
PM To: af@afmug.com Subject: Re: [AFMUG] UBNT firewall
Nobody actually using the UBNT firewall? bp
<part15sbs{at}gmail{dot}com> On 1/14/2015 11:25 AM, Bill
Prince wrote:
We notice that any time we use NAT on UBNT we get a
lot of login attempts via SSH. Are any of you using
the firewall built in? It's not clear from the GUI
interface whether this affects input or forwarding,
or both. What I'd like to do is block any SSH logins
that are not in one of our subnets, but I'm afraid if
I turn it on, it will affect forwarded traffic. Examples?
--
Sent from my Android device with K-9 Mail. Please excuse my brevity.
--
Sent from my Android device with K-9 Mail. Please excuse my brevity.