Well, I occasionally get complaints that the XBox network test shows ports closed and security cameras aren't viewable remotely. I'll try UPNP. Thanks!
On Fri, Nov 28, 2014 at 3:20 PM, Mike Hammett <wispaubntus...@ics-il.net> wrote: > If there hasn't been an issue yet, then there's probably not a problem. > > Turn on uPNP, call it a day. > > > > ----- > Mike Hammett > Intelligent Computing Solutions > http://www.ics-il.com > > <https://www.facebook.com/ICSIL> > <https://plus.google.com/+IntelligentComputingSolutionsDeKalb> > <https://www.linkedin.com/company/intelligent-computing-solutions> > <https://twitter.com/ICSIL> > > ------------------------------ > *From: *"RickG" <rgunder...@gmail.com> > *To: *"Ubiquiti Users Group" <ubnt_users@wispa.org> > *Sent: *Friday, November 28, 2014 2:10:39 PM > > *Subject: *Re: [Ubnt_users] Default open/closed ports - [WAS] DMZ > Management Ports, what are they? > > Mainly be sure I'm not causing issues for customers. Such as XBox or > security cameras not being able to function properly. > > On Fri, Nov 28, 2014 at 8:12 AM, Mike Hammett <wispaubntus...@ics-il.net> > wrote: > >> What problem are you having that you're trying to solve? >> >> >> >> ----- >> Mike Hammett >> Intelligent Computing Solutions >> http://www.ics-il.com >> >> <https://www.facebook.com/ICSIL> >> <https://plus.google.com/+IntelligentComputingSolutionsDeKalb> >> <https://www.linkedin.com/company/intelligent-computing-solutions> >> <https://twitter.com/ICSIL> >> >> ------------------------------ >> *From: *"RickG" <rgunder...@gmail.com> >> *To: *"Ubiquiti Users Group" <ubnt_users@wispa.org> >> *Sent: *Friday, November 28, 2014 2:19:56 AM >> >> *Subject: *Re: [Ubnt_users] Default open/closed ports - [WAS] DMZ >> Management Ports, what are they? >> >> True. Perhaps what I need to do on the CPE is set the DHCP range for 1 IP >> addy and put that addy in the DMZ? Then the radio wouldn't inadvertently >> block anything. >> >> On Thu, Nov 27, 2014 at 10:57 PM, Mike Hammett <wispaubntus...@ics-il.net >> > wrote: >> >>> There's nothing to open or close. >>> >>> You couldn't set port forwards ahead of time without knowing what they >>> want and where they want it. That's what uPNP is for. >>> >>> >>> >>> ----- >>> Mike Hammett >>> Intelligent Computing Solutions >>> http://www.ics-il.com >>> >>> <https://www.facebook.com/ICSIL> >>> <https://plus.google.com/+IntelligentComputingSolutionsDeKalb> >>> <https://www.linkedin.com/company/intelligent-computing-solutions> >>> <https://twitter.com/ICSIL> >>> >>> ------------------------------ >>> *From: *"RickG" <rgunder...@gmail.com> >>> *To: *"Ubiquiti Users Group" <ubnt_users@wispa.org> >>> *Sent: *Wednesday, November 26, 2014 10:19:45 PM >>> >>> *Subject: *Re: [Ubnt_users] Default open/closed ports - [WAS] DMZ >>> Management Ports, what are they? >>> >>> That helps a lot! I have my customers in router mode with NAT enabled >>> without opening any ports. I really dont get any complaints but I'm trying >>> to be sure I am not causing any undo issues for my customers, so, should I >>> open any ports or is default sufficient? >>> >>> On Wed, Nov 26, 2014 at 2:48 PM, Sam Tetherow <tethe...@shwisp.net> >>> wrote: >>> >>>> I think there is some confusion. >>>> >>>> In router mode with NAT enabled and DMZ disabled the only thing it will >>>> pass to the customer is stuff that is set in the port forwarding section. >>>> (iptables -t nat -L) >>>> >>>> In router mode with NAT enabled and DMZ enabled it will pass everything >>>> to the DMZ IP except management ports (unless DMZ management ports is >>>> checked) (iptables -t nat -L will show all ports not passed to the >>>> router). If DMZ management ports is checked then everything is sent to the >>>> DMZ IP. >>>> >>>> In router mode without NAT enabled it will route all traffic to the LAN >>>> address space, this means you need to have a subnet on the LAN side that is >>>> routed externally to the radio IP address. >>>> >>>> In bridge mode all traffic coming in WLAN will be passed to LAN. >>>> >>>> >>>> >>>> On 11/26/2014 11:04 AM, RickG wrote: >>>> >>>> Thanks Sam! With that, should I assume only those ports are being >>>> passed through the UBNT radio to the customer? >>>> >>>> On Wed, Nov 26, 2014 at 10:13 AM, Sam Tetherow <tethe...@shwisp.net> >>>> wrote: >>>> >>>>> Default should have ports 80, 443, 22 TCP for HTTP, HTTPS and SSH as >>>>> well as 10001 UDP for the discovery protocol. By open that means those >>>>> are >>>>> the only ports on the radio that have something listening on them. If you >>>>> turn those services off on the services tab then they will no longer be >>>>> listening on those ports. You can also turn on SNMP (UDP 161) and telnet >>>>> (TCP 23) >>>>> >>>>> To see what ports are being listened on use 'netstat -nl' from the >>>>> command line, to see what ports are being forwarded you can use 'iptables >>>>> -t nat -L' >>>>> >>>>> On 11/25/2014 08:27 PM, RickG wrote: >>>>> >>>>> I agree Mike, however my question is more basic than that. I realize >>>>> that a UBNT radio comes with the firewall turned off and in fact I've >>>>> never >>>>> turned it on. So, my question is: Default from the factory, which ports >>>>> are >>>>> open and/or closed? Obviously most common ports are open. Do I need to >>>>> open >>>>> any to prevent any issues? >>>>> >>>>> On Tue, Nov 25, 2014 at 10:02 AM, Mike Hammett < >>>>> wispaubntus...@ics-il.net> wrote: >>>>> >>>>>> I think people go a bit excessive with firewalling. If there's no >>>>>> service there to answer, there's no need to firewall it. >>>>>> >>>>>> >>>>>> >>>>>> ----- >>>>>> Mike Hammett >>>>>> Intelligent Computing Solutions >>>>>> http://www.ics-il.com >>>>>> >>>>>> <https://www.facebook.com/ICSIL> >>>>>> <https://plus.google.com/+IntelligentComputingSolutionsDeKalb> >>>>>> <https://www.linkedin.com/company/intelligent-computing-solutions> >>>>>> <https://twitter.com/ICSIL> >>>>>> >>>>>> ------------------------------ >>>>>> *From: *"RickG" <rgunder...@gmail.com> >>>>>> *To: *"Ubiquiti Users Group" <ubnt_users@wispa.org> >>>>>> *Sent: *Tuesday, November 25, 2014 9:00:45 AM >>>>>> *Subject: *Re: [Ubnt_users] Default open/closed ports - [WAS] DMZ >>>>>> Management Ports, what are they? >>>>>> >>>>>> Ya, thank goodness for upnp. I'm just trying to understand and be >>>>>> sure I'm not causing any issues for my customers as far as open & closed >>>>>> ports. Obviously certain ports are open but are they all? >>>>>> >>>>>> On Tue, Nov 25, 2014 at 7:32 AM, Josh Luthman < >>>>>> j...@imaginenetworksllc.com> wrote: >>>>>> >>>>>>> If you're behind Nat your Xbox will say closed because they need to >>>>>>> be dstnated. There's upnp on the later versions. >>>>>>> >>>>>>> Josh Luthman >>>>>>> Office: 937-552-2340 >>>>>>> Direct: 937-552-2343 >>>>>>> 1100 Wayne St >>>>>>> Suite 1337 >>>>>>> Troy, OH 45373 >>>>>>> On Nov 25, 2014 12:28 AM, "RickG" <rgunder...@gmail.com> wrote: >>>>>>> >>>>>>>> So I should expect all ports to be open? >>>>>>>> >>>>>>>> On Mon, Nov 24, 2014 at 5:55 PM, Josh Luthman < >>>>>>>> j...@imaginenetworksllc.com> wrote: >>>>>>>> >>>>>>>>> There are no firewall rules by default. Nothing is DMZ'ed nor >>>>>>>>> PAT'ed. >>>>>>>>> >>>>>>>>> >>>>>>>>> Josh Luthman >>>>>>>>> Office: 937-552-2340 >>>>>>>>> Direct: 937-552-2343 >>>>>>>>> 1100 Wayne St >>>>>>>>> Suite 1337 >>>>>>>>> Troy, OH 45373 >>>>>>>>> >>>>>>>>> On Mon, Nov 24, 2014 at 5:25 PM, RickG <rgunder...@gmail.com> >>>>>>>>> wrote: >>>>>>>>> >>>>>>>>>> This reminded me of a question: What ports are open or closed by >>>>>>>>>> default of a UBNT radio in router mode? >>>>>>>>>> >>>>>>>>>> On Wed, Nov 19, 2014 at 5:56 PM, Sam Tetherow < >>>>>>>>>> tethe...@shwisp.net> wrote: >>>>>>>>>> >>>>>>>>>>> Definitively list: >>>>>>>>>>> TCP telnet (23) >>>>>>>>>>> TCP http (80) >>>>>>>>>>> TCP https (443) >>>>>>>>>>> ICMP Echo-Request >>>>>>>>>>> TCP ssh (22) >>>>>>>>>>> TCP snmp (161) >>>>>>>>>>> TCP 18888 >>>>>>>>>>> UDP discard (9) >>>>>>>>>>> UDP 10001 - ubiquiti discovery protocol although it never seems >>>>>>>>>>> to reply >>>>>>>>>>> when in DMZ mode >>>>>>>>>>> >>>>>>>>>>> If any of the services are disabled on the radio then the ports >>>>>>>>>>> are >>>>>>>>>>> forwarded on to the DMZ radio, if the ports are changed on the >>>>>>>>>>> services >>>>>>>>>>> tab then they will be changed in the DMZ section. >>>>>>>>>>> >>>>>>>>>>> If in doubt, ssh into the radio and run iptables -t nat -L >>>>>>>>>>> >>>>>>>>>>> >>>>>>>>>>> >>>>>>>>>>> On 11/14/2014 06:36 PM, Matt Jenkins wrote: >>>>>>>>>>> > I assume 80, 22, 443. What others are there? I can't find it >>>>>>>>>>> in any of >>>>>>>>>>> > the manuals. >>>>>>>>>>> > _______________________________________________ >>>>>>>>>>> > Ubnt_users mailing list >>>>>>>>>>> > Ubnt_users@wispa.org >>>>>>>>>>> > http://lists.wispa.org/mailman/listinfo/ubnt_users >>>>>>>>>>> >>>>>>>>>>> _______________________________________________ >>>>>>>>>>> Ubnt_users mailing list >>>>>>>>>>> Ubnt_users@wispa.org >>>>>>>>>>> http://lists.wispa.org/mailman/listinfo/ubnt_users >>>>>>>>>>> >>>>>>>>>> >>>>>>>>>> >>>>>>>>>> >>>>>>>>>> -- >>>>>>>>>> -RickG KyWiFi >>>>>>>>>> >>>>>>>>>> _______________________________________________ >>>>>>>>>> Ubnt_users mailing list >>>>>>>>>> Ubnt_users@wispa.org >>>>>>>>>> http://lists.wispa.org/mailman/listinfo/ubnt_users >>>>>>>>>> >>>>>>>>>> >>>>>>>>> >>>>>>>>> _______________________________________________ >>>>>>>>> Ubnt_users mailing list >>>>>>>>> Ubnt_users@wispa.org >>>>>>>>> http://lists.wispa.org/mailman/listinfo/ubnt_users >>>>>>>>> >>>>>>>>> >>>>>>>> >>>>>>>> >>>>>>>> -- >>>>>>>> -RickG KyWiFi >>>>>>>> >>>>>>>> _______________________________________________ >>>>>>>> Ubnt_users mailing list >>>>>>>> Ubnt_users@wispa.org >>>>>>>> http://lists.wispa.org/mailman/listinfo/ubnt_users >>>>>>>> >>>>>>>> >>>>>>> _______________________________________________ >>>>>>> Ubnt_users mailing list >>>>>>> Ubnt_users@wispa.org >>>>>>> http://lists.wispa.org/mailman/listinfo/ubnt_users >>>>>>> >>>>>>> >>>>>> >>>>>> >>>>>> -- >>>>>> -RickG KyWiFi >>>>>> >>>>>> _______________________________________________ >>>>>> Ubnt_users mailing list >>>>>> Ubnt_users@wispa.org >>>>>> http://lists.wispa.org/mailman/listinfo/ubnt_users >>>>>> >>>>>> >>>>>> _______________________________________________ >>>>>> Ubnt_users mailing list >>>>>> Ubnt_users@wispa.org >>>>>> http://lists.wispa.org/mailman/listinfo/ubnt_users >>>>>> >>>>>> >>>>> >>>>> >>>>> -- >>>>> -RickG KyWiFi >>>>> >>>>> >>>>> _______________________________________________ >>>>> Ubnt_users mailing >>>>> listUbnt_users@wispa.orghttp://lists.wispa.org/mailman/listinfo/ubnt_users >>>>> >>>>> >>>>> >>>>> _______________________________________________ >>>>> Ubnt_users mailing list >>>>> Ubnt_users@wispa.org >>>>> http://lists.wispa.org/mailman/listinfo/ubnt_users >>>>> >>>>> >>>> >>>> >>>> -- >>>> -RickG KyWiFi >>>> >>>> >>>> _______________________________________________ >>>> Ubnt_users mailing >>>> listUbnt_users@wispa.orghttp://lists.wispa.org/mailman/listinfo/ubnt_users >>>> >>>> >>>> >>>> _______________________________________________ >>>> Ubnt_users mailing list >>>> Ubnt_users@wispa.org >>>> http://lists.wispa.org/mailman/listinfo/ubnt_users >>>> >>>> >>> >>> >>> -- >>> -RickG KyWiFi >>> >>> _______________________________________________ >>> Ubnt_users mailing list >>> Ubnt_users@wispa.org >>> http://lists.wispa.org/mailman/listinfo/ubnt_users >>> >>> >>> _______________________________________________ >>> Ubnt_users mailing list >>> Ubnt_users@wispa.org >>> http://lists.wispa.org/mailman/listinfo/ubnt_users >>> >>> >> >> >> -- >> -RickG KyWiFi >> >> _______________________________________________ >> Ubnt_users mailing list >> Ubnt_users@wispa.org >> http://lists.wispa.org/mailman/listinfo/ubnt_users >> >> >> _______________________________________________ >> Ubnt_users mailing list >> Ubnt_users@wispa.org >> http://lists.wispa.org/mailman/listinfo/ubnt_users >> >> > > > -- > -RickG KyWiFi > > _______________________________________________ > Ubnt_users mailing list > Ubnt_users@wispa.org > http://lists.wispa.org/mailman/listinfo/ubnt_users > > > _______________________________________________ > Ubnt_users mailing list > Ubnt_users@wispa.org > http://lists.wispa.org/mailman/listinfo/ubnt_users > > -- -RickG KyWiFi
_______________________________________________ Ubnt_users mailing list Ubnt_users@wispa.org http://lists.wispa.org/mailman/listinfo/ubnt_users
