Management services only respond on the management vlan...
On January 20, 2015 9:17:24 AM AKST, Bill Prince <part15...@gmail.com> wrote:
>OK. Great. We can put another IP on a management IP on the VLAN. How
>
>does that block the SSH logins?
>
>Can you specify that SSH only goes through the management VLAN?
>
>bp
><part15sbs{at}gmail{dot}com>
>
>On 1/20/2015 10:14 AM, Josh Reynolds wrote:
>> It creates another interface, a tagged one. You specify which
>> interface is the management interface. Don't route it out of your
>network.
>>
>> On January 20, 2015 9:13:06 AM AKST, Bill Prince
><part15...@gmail.com>
>> wrote:
>>
>> My understanding of the UBNT VLAN is that it's all one VLAN? How
>> do you split management/sub traffic?
>>
>> bp
>> <part15sbs{at}gmail{dot}com>
>>
>> On 1/20/2015 10:05 AM, Josh Reynolds wrote:
>>> Management. VLAN.
>>>
>>> On January 20, 2015 8:51:22 AM AKST, Bill Prince
>>> <part15...@gmail.com> wrote:
>>>
>>> Not the AP side, but the client side. We have traditionally
>NATted all
>>> residential subs on Canopy, and were trying to do the same
>with UBNT.
>>>
>>> With Canopy it's easy, because the NATted TCP stack just
>passes through,
>>> and if SSH ports are open, it goes to the sub's router (no
>impact on the
>>> SM).
>>>
>>> Not so with UBNT, as the public IP for NAT is also the IP
>for the CPE.
>>>
>>> Just wondering if anyone else has tried the CPE firewall to
>prevent
>>> brute-force SSH logins.
>>>
>>> I suppose I could cobble together something on the POP
>router, but
>>> looking for options.
>>>
>>> bp
>>> <part15sbs{at}gmail{dot}com>
>>>
>>> On 1/20/2015 9:37 AM, Peter Kranz wrote:
>>>
>>> Generally a bad idea to use that firewall (at least on
>>> the access point side) as it supposedly cuts into your
>>> PPS capacity on the radio. Peter Kranz Founder/CEO -
>>> Unwired Ltd www.UnwiredLtd.com
>>> <http://www.UnwiredLtd.com> Desk: 510-868-1614 x100
>>> Mobile: 510-207-0000 pkr...@unwiredltd.com -----Original
>>> Message----- From: Af [mailto:af-boun...@afmug.com] On
>>> Behalf Of Bill Prince Sent: Monday, January 19, 2015
>1:47
>>> PM To: af@afmug.com Subject: Re: [AFMUG] UBNT firewall
>>> Nobody actually using the UBNT firewall? bp
>>> <part15sbs{at}gmail{dot}com> On 1/14/2015 11:25 AM, Bill
>>> Prince wrote:
>>>
>>> We notice that any time we use NAT on UBNT we get a
>>> lot of login attempts via SSH. Are any of you using
>>> the firewall built in? It's not clear from the GUI
>>> interface whether this affects input or forwarding,
>>> or both. What I'd like to do is block any SSH logins
>>> that are not in one of our subnets, but I'm afraid
>if
>>> I turn it on, it will affect forwarded traffic.
>Examples?
>>>
>>>
>>>
>>> --
>>> Sent from my Android device with K-9 Mail. Please excuse my
>brevity.
>>
>>
>> --
>> Sent from my Android device with K-9 Mail. Please excuse my brevity.
--
Sent from my Android device with K-9 Mail. Please excuse my brevity.
