My previous email defines how we are setup which has the CPE pull a public IP out of a /24. Powercode assigns a single IP based on the MAC of the CPE via DHCP. If you want more detail, let me know.
On Fri, Nov 28, 2014 at 3:11 PM, RickG <rgunder...@gmail.com> wrote: > What I'd really like to do is present a routable IP to their router. > Obviously that is easy in "bridge mode" but I haven't figured out how to do > it in "router mode". > > On Fri, Nov 28, 2014 at 4:01 PM, Mike Hammett <wispaubntus...@ics-il.net> > wrote: > >> uPNP fixes XBox. >> >> Security cameras... depends. May still need manual port forwards on >> those. >> >> >> >> ----- >> Mike Hammett >> Intelligent Computing Solutions >> http://www.ics-il.com >> >> <https://www.facebook.com/ICSIL> >> <https://plus.google.com/+IntelligentComputingSolutionsDeKalb> >> <https://www.linkedin.com/company/intelligent-computing-solutions> >> <https://twitter.com/ICSIL> >> >> ------------------------------ >> *From: *"RickG" <rgunder...@gmail.com> >> *To: *"Ubiquiti Users Group" <ubnt_users@wispa.org> >> *Sent: *Friday, November 28, 2014 2:58:16 PM >> >> *Subject: *Re: [Ubnt_users] Default open/closed ports - [WAS] DMZ >> Management Ports, what are they? >> >> Well, I occasionally get complaints that the XBox network test shows >> ports closed and security cameras aren't viewable remotely. I'll try UPNP. >> Thanks! >> >> On Fri, Nov 28, 2014 at 3:20 PM, Mike Hammett <wispaubntus...@ics-il.net> >> wrote: >> >>> If there hasn't been an issue yet, then there's probably not a problem. >>> >>> Turn on uPNP, call it a day. >>> >>> >>> >>> ----- >>> Mike Hammett >>> Intelligent Computing Solutions >>> http://www.ics-il.com >>> >>> <https://www.facebook.com/ICSIL> >>> <https://plus.google.com/+IntelligentComputingSolutionsDeKalb> >>> <https://www.linkedin.com/company/intelligent-computing-solutions> >>> <https://twitter.com/ICSIL> >>> >>> ------------------------------ >>> *From: *"RickG" <rgunder...@gmail.com> >>> *To: *"Ubiquiti Users Group" <ubnt_users@wispa.org> >>> *Sent: *Friday, November 28, 2014 2:10:39 PM >>> >>> *Subject: *Re: [Ubnt_users] Default open/closed ports - [WAS] DMZ >>> Management Ports, what are they? >>> >>> Mainly be sure I'm not causing issues for customers. Such as XBox or >>> security cameras not being able to function properly. >>> >>> On Fri, Nov 28, 2014 at 8:12 AM, Mike Hammett <wispaubntus...@ics-il.net >>> > wrote: >>> >>>> What problem are you having that you're trying to solve? >>>> >>>> >>>> >>>> ----- >>>> Mike Hammett >>>> Intelligent Computing Solutions >>>> http://www.ics-il.com >>>> >>>> <https://www.facebook.com/ICSIL> >>>> <https://plus.google.com/+IntelligentComputingSolutionsDeKalb> >>>> <https://www.linkedin.com/company/intelligent-computing-solutions> >>>> <https://twitter.com/ICSIL> >>>> >>>> ------------------------------ >>>> *From: *"RickG" <rgunder...@gmail.com> >>>> *To: *"Ubiquiti Users Group" <ubnt_users@wispa.org> >>>> *Sent: *Friday, November 28, 2014 2:19:56 AM >>>> >>>> *Subject: *Re: [Ubnt_users] Default open/closed ports - [WAS] DMZ >>>> Management Ports, what are they? >>>> >>>> True. Perhaps what I need to do on the CPE is set the DHCP range for 1 >>>> IP addy and put that addy in the DMZ? Then the radio wouldn't inadvertently >>>> block anything. >>>> >>>> On Thu, Nov 27, 2014 at 10:57 PM, Mike Hammett < >>>> wispaubntus...@ics-il.net> wrote: >>>> >>>>> There's nothing to open or close. >>>>> >>>>> You couldn't set port forwards ahead of time without knowing what they >>>>> want and where they want it. That's what uPNP is for. >>>>> >>>>> >>>>> >>>>> ----- >>>>> Mike Hammett >>>>> Intelligent Computing Solutions >>>>> http://www.ics-il.com >>>>> >>>>> <https://www.facebook.com/ICSIL> >>>>> <https://plus.google.com/+IntelligentComputingSolutionsDeKalb> >>>>> <https://www.linkedin.com/company/intelligent-computing-solutions> >>>>> <https://twitter.com/ICSIL> >>>>> >>>>> ------------------------------ >>>>> *From: *"RickG" <rgunder...@gmail.com> >>>>> *To: *"Ubiquiti Users Group" <ubnt_users@wispa.org> >>>>> *Sent: *Wednesday, November 26, 2014 10:19:45 PM >>>>> >>>>> *Subject: *Re: [Ubnt_users] Default open/closed ports - [WAS] DMZ >>>>> Management Ports, what are they? >>>>> >>>>> That helps a lot! I have my customers in router mode with NAT enabled >>>>> without opening any ports. I really dont get any complaints but I'm trying >>>>> to be sure I am not causing any undo issues for my customers, so, should I >>>>> open any ports or is default sufficient? >>>>> >>>>> On Wed, Nov 26, 2014 at 2:48 PM, Sam Tetherow <tethe...@shwisp.net> >>>>> wrote: >>>>> >>>>>> I think there is some confusion. >>>>>> >>>>>> In router mode with NAT enabled and DMZ disabled the only thing it >>>>>> will pass to the customer is stuff that is set in the port forwarding >>>>>> section. (iptables -t nat -L) >>>>>> >>>>>> In router mode with NAT enabled and DMZ enabled it will pass >>>>>> everything to the DMZ IP except management ports (unless DMZ management >>>>>> ports is checked) (iptables -t nat -L will show all ports not passed to >>>>>> the router). If DMZ management ports is checked then everything is sent >>>>>> to >>>>>> the DMZ IP. >>>>>> >>>>>> In router mode without NAT enabled it will route all traffic to the >>>>>> LAN address space, this means you need to have a subnet on the LAN side >>>>>> that is routed externally to the radio IP address. >>>>>> >>>>>> In bridge mode all traffic coming in WLAN will be passed to LAN. >>>>>> >>>>>> >>>>>> >>>>>> On 11/26/2014 11:04 AM, RickG wrote: >>>>>> >>>>>> Thanks Sam! With that, should I assume only those ports are being >>>>>> passed through the UBNT radio to the customer? >>>>>> >>>>>> On Wed, Nov 26, 2014 at 10:13 AM, Sam Tetherow <tethe...@shwisp.net> >>>>>> wrote: >>>>>> >>>>>>> Default should have ports 80, 443, 22 TCP for HTTP, HTTPS and SSH >>>>>>> as well as 10001 UDP for the discovery protocol. By open that means >>>>>>> those >>>>>>> are the only ports on the radio that have something listening on them. >>>>>>> If >>>>>>> you turn those services off on the services tab then they will no >>>>>>> longer be >>>>>>> listening on those ports. You can also turn on SNMP (UDP 161) and >>>>>>> telnet >>>>>>> (TCP 23) >>>>>>> >>>>>>> To see what ports are being listened on use 'netstat -nl' from the >>>>>>> command line, to see what ports are being forwarded you can use >>>>>>> 'iptables >>>>>>> -t nat -L' >>>>>>> >>>>>>> On 11/25/2014 08:27 PM, RickG wrote: >>>>>>> >>>>>>> I agree Mike, however my question is more basic than that. I realize >>>>>>> that a UBNT radio comes with the firewall turned off and in fact I've >>>>>>> never >>>>>>> turned it on. So, my question is: Default from the factory, which ports >>>>>>> are >>>>>>> open and/or closed? Obviously most common ports are open. Do I need to >>>>>>> open >>>>>>> any to prevent any issues? >>>>>>> >>>>>>> On Tue, Nov 25, 2014 at 10:02 AM, Mike Hammett < >>>>>>> wispaubntus...@ics-il.net> wrote: >>>>>>> >>>>>>>> I think people go a bit excessive with firewalling. If there's no >>>>>>>> service there to answer, there's no need to firewall it. >>>>>>>> >>>>>>>> >>>>>>>> >>>>>>>> ----- >>>>>>>> Mike Hammett >>>>>>>> Intelligent Computing Solutions >>>>>>>> http://www.ics-il.com >>>>>>>> >>>>>>>> <https://www.facebook.com/ICSIL> >>>>>>>> <https://plus.google.com/+IntelligentComputingSolutionsDeKalb> >>>>>>>> <https://www.linkedin.com/company/intelligent-computing-solutions> >>>>>>>> <https://twitter.com/ICSIL> >>>>>>>> >>>>>>>> ------------------------------ >>>>>>>> *From: *"RickG" <rgunder...@gmail.com> >>>>>>>> *To: *"Ubiquiti Users Group" <ubnt_users@wispa.org> >>>>>>>> *Sent: *Tuesday, November 25, 2014 9:00:45 AM >>>>>>>> *Subject: *Re: [Ubnt_users] Default open/closed ports - [WAS] DMZ >>>>>>>> Management Ports, what are they? >>>>>>>> >>>>>>>> Ya, thank goodness for upnp. I'm just trying to understand and be >>>>>>>> sure I'm not causing any issues for my customers as far as open & >>>>>>>> closed >>>>>>>> ports. Obviously certain ports are open but are they all? >>>>>>>> >>>>>>>> On Tue, Nov 25, 2014 at 7:32 AM, Josh Luthman < >>>>>>>> j...@imaginenetworksllc.com> wrote: >>>>>>>> >>>>>>>>> If you're behind Nat your Xbox will say closed because they need >>>>>>>>> to be dstnated. There's upnp on the later versions. >>>>>>>>> >>>>>>>>> Josh Luthman >>>>>>>>> Office: 937-552-2340 >>>>>>>>> Direct: 937-552-2343 >>>>>>>>> 1100 Wayne St >>>>>>>>> Suite 1337 >>>>>>>>> Troy, OH 45373 >>>>>>>>> On Nov 25, 2014 12:28 AM, "RickG" <rgunder...@gmail.com> wrote: >>>>>>>>> >>>>>>>>>> So I should expect all ports to be open? >>>>>>>>>> >>>>>>>>>> On Mon, Nov 24, 2014 at 5:55 PM, Josh Luthman < >>>>>>>>>> j...@imaginenetworksllc.com> wrote: >>>>>>>>>> >>>>>>>>>>> There are no firewall rules by default. Nothing is DMZ'ed nor >>>>>>>>>>> PAT'ed. >>>>>>>>>>> >>>>>>>>>>> >>>>>>>>>>> Josh Luthman >>>>>>>>>>> Office: 937-552-2340 >>>>>>>>>>> Direct: 937-552-2343 >>>>>>>>>>> 1100 Wayne St >>>>>>>>>>> Suite 1337 >>>>>>>>>>> Troy, OH 45373 >>>>>>>>>>> >>>>>>>>>>> On Mon, Nov 24, 2014 at 5:25 PM, RickG <rgunder...@gmail.com> >>>>>>>>>>> wrote: >>>>>>>>>>> >>>>>>>>>>>> This reminded me of a question: What ports are open or closed >>>>>>>>>>>> by default of a UBNT radio in router mode? >>>>>>>>>>>> >>>>>>>>>>>> On Wed, Nov 19, 2014 at 5:56 PM, Sam Tetherow < >>>>>>>>>>>> tethe...@shwisp.net> wrote: >>>>>>>>>>>> >>>>>>>>>>>>> Definitively list: >>>>>>>>>>>>> TCP telnet (23) >>>>>>>>>>>>> TCP http (80) >>>>>>>>>>>>> TCP https (443) >>>>>>>>>>>>> ICMP Echo-Request >>>>>>>>>>>>> TCP ssh (22) >>>>>>>>>>>>> TCP snmp (161) >>>>>>>>>>>>> TCP 18888 >>>>>>>>>>>>> UDP discard (9) >>>>>>>>>>>>> UDP 10001 - ubiquiti discovery protocol although it never >>>>>>>>>>>>> seems to reply >>>>>>>>>>>>> when in DMZ mode >>>>>>>>>>>>> >>>>>>>>>>>>> If any of the services are disabled on the radio then the >>>>>>>>>>>>> ports are >>>>>>>>>>>>> forwarded on to the DMZ radio, if the ports are changed on the >>>>>>>>>>>>> services >>>>>>>>>>>>> tab then they will be changed in the DMZ section. >>>>>>>>>>>>> >>>>>>>>>>>>> If in doubt, ssh into the radio and run iptables -t nat -L >>>>>>>>>>>>> >>>>>>>>>>>>> >>>>>>>>>>>>> >>>>>>>>>>>>> On 11/14/2014 06:36 PM, Matt Jenkins wrote: >>>>>>>>>>>>> > I assume 80, 22, 443. What others are there? I can't find it >>>>>>>>>>>>> in any of >>>>>>>>>>>>> > the manuals. >>>>>>>>>>>>> > _______________________________________________ >>>>>>>>>>>>> > Ubnt_users mailing list >>>>>>>>>>>>> > Ubnt_users@wispa.org >>>>>>>>>>>>> > http://lists.wispa.org/mailman/listinfo/ubnt_users >>>>>>>>>>>>> >>>>>>>>>>>>> _______________________________________________ >>>>>>>>>>>>> Ubnt_users mailing list >>>>>>>>>>>>> Ubnt_users@wispa.org >>>>>>>>>>>>> http://lists.wispa.org/mailman/listinfo/ubnt_users >>>>>>>>>>>>> >>>>>>>>>>>> >>>>>>>>>>>> >>>>>>>>>>>> >>>>>>>>>>>> -- >>>>>>>>>>>> -RickG KyWiFi >>>>>>>>>>>> >>>>>>>>>>>> _______________________________________________ >>>>>>>>>>>> Ubnt_users mailing list >>>>>>>>>>>> Ubnt_users@wispa.org >>>>>>>>>>>> http://lists.wispa.org/mailman/listinfo/ubnt_users >>>>>>>>>>>> >>>>>>>>>>>> >>>>>>>>>>> >>>>>>>>>>> _______________________________________________ >>>>>>>>>>> Ubnt_users mailing list >>>>>>>>>>> Ubnt_users@wispa.org >>>>>>>>>>> http://lists.wispa.org/mailman/listinfo/ubnt_users >>>>>>>>>>> >>>>>>>>>>> >>>>>>>>>> >>>>>>>>>> >>>>>>>>>> -- >>>>>>>>>> -RickG KyWiFi >>>>>>>>>> >>>>>>>>>> _______________________________________________ >>>>>>>>>> Ubnt_users mailing list >>>>>>>>>> Ubnt_users@wispa.org >>>>>>>>>> http://lists.wispa.org/mailman/listinfo/ubnt_users >>>>>>>>>> >>>>>>>>>> >>>>>>>>> _______________________________________________ >>>>>>>>> Ubnt_users mailing list >>>>>>>>> Ubnt_users@wispa.org >>>>>>>>> http://lists.wispa.org/mailman/listinfo/ubnt_users >>>>>>>>> >>>>>>>>> >>>>>>>> >>>>>>>> >>>>>>>> -- >>>>>>>> -RickG KyWiFi >>>>>>>> >>>>>>>> _______________________________________________ >>>>>>>> Ubnt_users mailing list >>>>>>>> Ubnt_users@wispa.org >>>>>>>> http://lists.wispa.org/mailman/listinfo/ubnt_users >>>>>>>> >>>>>>>> >>>>>>>> _______________________________________________ >>>>>>>> Ubnt_users mailing list >>>>>>>> Ubnt_users@wispa.org >>>>>>>> http://lists.wispa.org/mailman/listinfo/ubnt_users >>>>>>>> >>>>>>>> >>>>>>> >>>>>>> >>>>>>> -- >>>>>>> -RickG KyWiFi >>>>>>> >>>>>>> >>>>>>> _______________________________________________ >>>>>>> Ubnt_users mailing >>>>>>> listUbnt_users@wispa.orghttp://lists.wispa.org/mailman/listinfo/ubnt_users >>>>>>> >>>>>>> >>>>>>> >>>>>>> _______________________________________________ >>>>>>> Ubnt_users mailing list >>>>>>> Ubnt_users@wispa.org >>>>>>> http://lists.wispa.org/mailman/listinfo/ubnt_users >>>>>>> >>>>>>> >>>>>> >>>>>> >>>>>> -- >>>>>> -RickG KyWiFi >>>>>> >>>>>> >>>>>> _______________________________________________ >>>>>> Ubnt_users mailing >>>>>> listUbnt_users@wispa.orghttp://lists.wispa.org/mailman/listinfo/ubnt_users >>>>>> >>>>>> >>>>>> >>>>>> _______________________________________________ >>>>>> Ubnt_users mailing list >>>>>> Ubnt_users@wispa.org >>>>>> http://lists.wispa.org/mailman/listinfo/ubnt_users >>>>>> >>>>>> >>>>> >>>>> >>>>> -- >>>>> -RickG KyWiFi >>>>> >>>>> _______________________________________________ >>>>> Ubnt_users mailing list >>>>> Ubnt_users@wispa.org >>>>> http://lists.wispa.org/mailman/listinfo/ubnt_users >>>>> >>>>> >>>>> _______________________________________________ >>>>> Ubnt_users mailing list >>>>> Ubnt_users@wispa.org >>>>> http://lists.wispa.org/mailman/listinfo/ubnt_users >>>>> >>>>> >>>> >>>> >>>> -- >>>> -RickG KyWiFi >>>> >>>> _______________________________________________ >>>> Ubnt_users mailing list >>>> Ubnt_users@wispa.org >>>> http://lists.wispa.org/mailman/listinfo/ubnt_users >>>> >>>> >>>> _______________________________________________ >>>> Ubnt_users mailing list >>>> Ubnt_users@wispa.org >>>> http://lists.wispa.org/mailman/listinfo/ubnt_users >>>> >>>> >>> >>> >>> -- >>> -RickG KyWiFi >>> >>> _______________________________________________ >>> Ubnt_users mailing list >>> Ubnt_users@wispa.org >>> http://lists.wispa.org/mailman/listinfo/ubnt_users >>> >>> >>> _______________________________________________ >>> Ubnt_users mailing list >>> Ubnt_users@wispa.org >>> http://lists.wispa.org/mailman/listinfo/ubnt_users >>> >>> >> >> >> -- >> -RickG KyWiFi >> >> _______________________________________________ >> Ubnt_users mailing list >> Ubnt_users@wispa.org >> http://lists.wispa.org/mailman/listinfo/ubnt_users >> >> >> _______________________________________________ >> Ubnt_users mailing list >> Ubnt_users@wispa.org >> http://lists.wispa.org/mailman/listinfo/ubnt_users >> >> > > > -- > -RickG KyWiFi > > _______________________________________________ > Ubnt_users mailing list > Ubnt_users@wispa.org > http://lists.wispa.org/mailman/listinfo/ubnt_users > > -- Adair Winter VP, Network Operations / Owner Amarillo Wireless | 806.316.5071 C: 806.231.7180 http://www.amarillowireless.net
_______________________________________________ Ubnt_users mailing list Ubnt_users@wispa.org http://lists.wispa.org/mailman/listinfo/ubnt_users