Management services only respond on the management vlan... On January 20, 2015 9:17:24 AM AKST, Bill Prince <part15...@gmail.com> wrote: >OK. Great. We can put another IP on a management IP on the VLAN. How > >does that block the SSH logins? > >Can you specify that SSH only goes through the management VLAN? > >bp ><part15sbs{at}gmail{dot}com> > >On 1/20/2015 10:14 AM, Josh Reynolds wrote: >> It creates another interface, a tagged one. You specify which >> interface is the management interface. Don't route it out of your >network. >> >> On January 20, 2015 9:13:06 AM AKST, Bill Prince ><part15...@gmail.com> >> wrote: >> >> My understanding of the UBNT VLAN is that it's all one VLAN? How >> do you split management/sub traffic? >> >> bp >> <part15sbs{at}gmail{dot}com> >> >> On 1/20/2015 10:05 AM, Josh Reynolds wrote: >>> Management. VLAN. >>> >>> On January 20, 2015 8:51:22 AM AKST, Bill Prince >>> <part15...@gmail.com> wrote: >>> >>> Not the AP side, but the client side. We have traditionally >NATted all >>> residential subs on Canopy, and were trying to do the same >with UBNT. >>> >>> With Canopy it's easy, because the NATted TCP stack just >passes through, >>> and if SSH ports are open, it goes to the sub's router (no >impact on the >>> SM). >>> >>> Not so with UBNT, as the public IP for NAT is also the IP >for the CPE. >>> >>> Just wondering if anyone else has tried the CPE firewall to >prevent >>> brute-force SSH logins. >>> >>> I suppose I could cobble together something on the POP >router, but >>> looking for options. >>> >>> bp >>> <part15sbs{at}gmail{dot}com> >>> >>> On 1/20/2015 9:37 AM, Peter Kranz wrote: >>> >>> Generally a bad idea to use that firewall (at least on >>> the access point side) as it supposedly cuts into your >>> PPS capacity on the radio. Peter Kranz Founder/CEO - >>> Unwired Ltd www.UnwiredLtd.com >>> <http://www.UnwiredLtd.com> Desk: 510-868-1614 x100 >>> Mobile: 510-207-0000 pkr...@unwiredltd.com -----Original >>> Message----- From: Af [mailto:af-boun...@afmug.com] On >>> Behalf Of Bill Prince Sent: Monday, January 19, 2015 >1:47 >>> PM To: af@afmug.com Subject: Re: [AFMUG] UBNT firewall >>> Nobody actually using the UBNT firewall? bp >>> <part15sbs{at}gmail{dot}com> On 1/14/2015 11:25 AM, Bill >>> Prince wrote: >>> >>> We notice that any time we use NAT on UBNT we get a >>> lot of login attempts via SSH. Are any of you using >>> the firewall built in? It's not clear from the GUI >>> interface whether this affects input or forwarding, >>> or both. What I'd like to do is block any SSH logins >>> that are not in one of our subnets, but I'm afraid >if >>> I turn it on, it will affect forwarded traffic. >Examples? >>> >>> >>> >>> -- >>> Sent from my Android device with K-9 Mail. Please excuse my >brevity. >> >> >> -- >> Sent from my Android device with K-9 Mail. Please excuse my brevity.
-- Sent from my Android device with K-9 Mail. Please excuse my brevity.