Ya, that seems to be my experience as well. On Sat, Nov 29, 2014 at 1:31 PM, Adair Winter <ada...@amarillowireless.net> wrote:
> Upnp is worthless if there is another Nat router behind your cpe. > On Nov 29, 2014 12:30 PM, "RickG" <rgunder...@gmail.com> wrote: > >> Adair, That's really interesting, I'll have to try that. So you don't use >> UPNP? >> >> On Fri, Nov 28, 2014 at 4:13 PM, Adair Winter < >> ada...@amarillowireless.net> wrote: >> >>> This is how we set our route mode CPE's and IF anyone has trouble we >>> tell them to manually set their router to the DMZ IP (and give them >>> gateway, netmask and dns info). If they don't know how to do that. We log >>> in to the radio and set the DMZ IP to whatever their router pulled from our >>> radio. >>> This setup works perfectly and we never have any problems with any >>> services and generally only need to have people set their router in the DMZ >>> IF they need port forwarding. >>> With this setup the WAN port of the radio (WAN.1201 in the image) is not >>> pingable and can not be managed from the internet. >>> The only way we can manage CPE's is from the internal network. IF you >>> want to access from the internet you'd have to uncheck the "Block >>> Management Access" alternatively you may also need to uncheck the DMZ >>> management ports. I can't remember. I do NOT want my CPE's to be accessed >>> from the outside world in anyway shape or form. With our setup IF they need >>> access to something inside this allows that to happen without having to >>> bridge the radio. SIP, VPN, Games all work fine. >>> >>> [image: Inline image 1] >>> >>> [image: Inline image 2] >>> >>> On Fri, Nov 28, 2014 at 2:58 PM, RickG <rgunder...@gmail.com> wrote: >>> >>>> Well, I occasionally get complaints that the XBox network test shows >>>> ports closed and security cameras aren't viewable remotely. I'll try UPNP. >>>> Thanks! >>>> >>>> On Fri, Nov 28, 2014 at 3:20 PM, Mike Hammett < >>>> wispaubntus...@ics-il.net> wrote: >>>> >>>>> If there hasn't been an issue yet, then there's probably not a problem. >>>>> >>>>> Turn on uPNP, call it a day. >>>>> >>>>> >>>>> >>>>> ----- >>>>> Mike Hammett >>>>> Intelligent Computing Solutions >>>>> http://www.ics-il.com >>>>> >>>>> <https://www.facebook.com/ICSIL> >>>>> <https://plus.google.com/+IntelligentComputingSolutionsDeKalb> >>>>> <https://www.linkedin.com/company/intelligent-computing-solutions> >>>>> <https://twitter.com/ICSIL> >>>>> >>>>> ------------------------------ >>>>> *From: *"RickG" <rgunder...@gmail.com> >>>>> *To: *"Ubiquiti Users Group" <ubnt_users@wispa.org> >>>>> *Sent: *Friday, November 28, 2014 2:10:39 PM >>>>> >>>>> *Subject: *Re: [Ubnt_users] Default open/closed ports - [WAS] DMZ >>>>> Management Ports, what are they? >>>>> >>>>> Mainly be sure I'm not causing issues for customers. Such as XBox or >>>>> security cameras not being able to function properly. >>>>> >>>>> On Fri, Nov 28, 2014 at 8:12 AM, Mike Hammett < >>>>> wispaubntus...@ics-il.net> wrote: >>>>> >>>>>> What problem are you having that you're trying to solve? >>>>>> >>>>>> >>>>>> >>>>>> ----- >>>>>> Mike Hammett >>>>>> Intelligent Computing Solutions >>>>>> http://www.ics-il.com >>>>>> >>>>>> <https://www.facebook.com/ICSIL> >>>>>> <https://plus.google.com/+IntelligentComputingSolutionsDeKalb> >>>>>> <https://www.linkedin.com/company/intelligent-computing-solutions> >>>>>> <https://twitter.com/ICSIL> >>>>>> >>>>>> ------------------------------ >>>>>> *From: *"RickG" <rgunder...@gmail.com> >>>>>> *To: *"Ubiquiti Users Group" <ubnt_users@wispa.org> >>>>>> *Sent: *Friday, November 28, 2014 2:19:56 AM >>>>>> >>>>>> *Subject: *Re: [Ubnt_users] Default open/closed ports - [WAS] DMZ >>>>>> Management Ports, what are they? >>>>>> >>>>>> True. Perhaps what I need to do on the CPE is set the DHCP range for >>>>>> 1 IP addy and put that addy in the DMZ? Then the radio wouldn't >>>>>> inadvertently block anything. >>>>>> >>>>>> On Thu, Nov 27, 2014 at 10:57 PM, Mike Hammett < >>>>>> wispaubntus...@ics-il.net> wrote: >>>>>> >>>>>>> There's nothing to open or close. >>>>>>> >>>>>>> You couldn't set port forwards ahead of time without knowing what >>>>>>> they want and where they want it. That's what uPNP is for. >>>>>>> >>>>>>> >>>>>>> >>>>>>> ----- >>>>>>> Mike Hammett >>>>>>> Intelligent Computing Solutions >>>>>>> http://www.ics-il.com >>>>>>> >>>>>>> <https://www.facebook.com/ICSIL> >>>>>>> <https://plus.google.com/+IntelligentComputingSolutionsDeKalb> >>>>>>> <https://www.linkedin.com/company/intelligent-computing-solutions> >>>>>>> <https://twitter.com/ICSIL> >>>>>>> >>>>>>> ------------------------------ >>>>>>> *From: *"RickG" <rgunder...@gmail.com> >>>>>>> *To: *"Ubiquiti Users Group" <ubnt_users@wispa.org> >>>>>>> *Sent: *Wednesday, November 26, 2014 10:19:45 PM >>>>>>> >>>>>>> *Subject: *Re: [Ubnt_users] Default open/closed ports - [WAS] DMZ >>>>>>> Management Ports, what are they? >>>>>>> >>>>>>> That helps a lot! I have my customers in router mode with NAT >>>>>>> enabled without opening any ports. I really dont get any complaints but >>>>>>> I'm >>>>>>> trying to be sure I am not causing any undo issues for my customers, so, >>>>>>> should I open any ports or is default sufficient? >>>>>>> >>>>>>> On Wed, Nov 26, 2014 at 2:48 PM, Sam Tetherow <tethe...@shwisp.net> >>>>>>> wrote: >>>>>>> >>>>>>>> I think there is some confusion. >>>>>>>> >>>>>>>> In router mode with NAT enabled and DMZ disabled the only thing it >>>>>>>> will pass to the customer is stuff that is set in the port forwarding >>>>>>>> section. (iptables -t nat -L) >>>>>>>> >>>>>>>> In router mode with NAT enabled and DMZ enabled it will pass >>>>>>>> everything to the DMZ IP except management ports (unless DMZ management >>>>>>>> ports is checked) (iptables -t nat -L will show all ports not passed >>>>>>>> to >>>>>>>> the router). If DMZ management ports is checked then everything is >>>>>>>> sent to >>>>>>>> the DMZ IP. >>>>>>>> >>>>>>>> In router mode without NAT enabled it will route all traffic to the >>>>>>>> LAN address space, this means you need to have a subnet on the LAN side >>>>>>>> that is routed externally to the radio IP address. >>>>>>>> >>>>>>>> In bridge mode all traffic coming in WLAN will be passed to LAN. >>>>>>>> >>>>>>>> >>>>>>>> >>>>>>>> On 11/26/2014 11:04 AM, RickG wrote: >>>>>>>> >>>>>>>> Thanks Sam! With that, should I assume only those ports are being >>>>>>>> passed through the UBNT radio to the customer? >>>>>>>> >>>>>>>> On Wed, Nov 26, 2014 at 10:13 AM, Sam Tetherow <tethe...@shwisp.net >>>>>>>> > wrote: >>>>>>>> >>>>>>>>> Default should have ports 80, 443, 22 TCP for HTTP, HTTPS and SSH >>>>>>>>> as well as 10001 UDP for the discovery protocol. By open that means >>>>>>>>> those >>>>>>>>> are the only ports on the radio that have something listening on >>>>>>>>> them. If >>>>>>>>> you turn those services off on the services tab then they will no >>>>>>>>> longer be >>>>>>>>> listening on those ports. You can also turn on SNMP (UDP 161) and >>>>>>>>> telnet >>>>>>>>> (TCP 23) >>>>>>>>> >>>>>>>>> To see what ports are being listened on use 'netstat -nl' from the >>>>>>>>> command line, to see what ports are being forwarded you can use >>>>>>>>> 'iptables >>>>>>>>> -t nat -L' >>>>>>>>> >>>>>>>>> On 11/25/2014 08:27 PM, RickG wrote: >>>>>>>>> >>>>>>>>> I agree Mike, however my question is more basic than that. I >>>>>>>>> realize that a UBNT radio comes with the firewall turned off and in >>>>>>>>> fact >>>>>>>>> I've never turned it on. So, my question is: Default from the factory, >>>>>>>>> which ports are open and/or closed? Obviously most common ports are >>>>>>>>> open. >>>>>>>>> Do I need to open any to prevent any issues? >>>>>>>>> >>>>>>>>> On Tue, Nov 25, 2014 at 10:02 AM, Mike Hammett < >>>>>>>>> wispaubntus...@ics-il.net> wrote: >>>>>>>>> >>>>>>>>>> I think people go a bit excessive with firewalling. If there's >>>>>>>>>> no service there to answer, there's no need to firewall it. >>>>>>>>>> >>>>>>>>>> >>>>>>>>>> >>>>>>>>>> ----- >>>>>>>>>> Mike Hammett >>>>>>>>>> Intelligent Computing Solutions >>>>>>>>>> http://www.ics-il.com >>>>>>>>>> >>>>>>>>>> <https://www.facebook.com/ICSIL> >>>>>>>>>> <https://plus.google.com/+IntelligentComputingSolutionsDeKalb> >>>>>>>>>> <https://www.linkedin.com/company/intelligent-computing-solutions> >>>>>>>>>> <https://twitter.com/ICSIL> >>>>>>>>>> >>>>>>>>>> ------------------------------ >>>>>>>>>> *From: *"RickG" <rgunder...@gmail.com> >>>>>>>>>> *To: *"Ubiquiti Users Group" <ubnt_users@wispa.org> >>>>>>>>>> *Sent: *Tuesday, November 25, 2014 9:00:45 AM >>>>>>>>>> *Subject: *Re: [Ubnt_users] Default open/closed ports - [WAS] >>>>>>>>>> DMZ Management Ports, what are they? >>>>>>>>>> >>>>>>>>>> Ya, thank goodness for upnp. I'm just trying to understand and be >>>>>>>>>> sure I'm not causing any issues for my customers as far as open & >>>>>>>>>> closed >>>>>>>>>> ports. Obviously certain ports are open but are they all? >>>>>>>>>> >>>>>>>>>> On Tue, Nov 25, 2014 at 7:32 AM, Josh Luthman < >>>>>>>>>> j...@imaginenetworksllc.com> wrote: >>>>>>>>>> >>>>>>>>>>> If you're behind Nat your Xbox will say closed because they need >>>>>>>>>>> to be dstnated. There's upnp on the later versions. >>>>>>>>>>> >>>>>>>>>>> Josh Luthman >>>>>>>>>>> Office: 937-552-2340 >>>>>>>>>>> Direct: 937-552-2343 >>>>>>>>>>> 1100 Wayne St >>>>>>>>>>> Suite 1337 >>>>>>>>>>> Troy, OH 45373 >>>>>>>>>>> On Nov 25, 2014 12:28 AM, "RickG" <rgunder...@gmail.com> wrote: >>>>>>>>>>> >>>>>>>>>>>> So I should expect all ports to be open? >>>>>>>>>>>> >>>>>>>>>>>> On Mon, Nov 24, 2014 at 5:55 PM, Josh Luthman < >>>>>>>>>>>> j...@imaginenetworksllc.com> wrote: >>>>>>>>>>>> >>>>>>>>>>>>> There are no firewall rules by default. Nothing is DMZ'ed nor >>>>>>>>>>>>> PAT'ed. >>>>>>>>>>>>> >>>>>>>>>>>>> >>>>>>>>>>>>> Josh Luthman >>>>>>>>>>>>> Office: 937-552-2340 >>>>>>>>>>>>> Direct: 937-552-2343 >>>>>>>>>>>>> 1100 Wayne St >>>>>>>>>>>>> Suite 1337 >>>>>>>>>>>>> Troy, OH 45373 >>>>>>>>>>>>> >>>>>>>>>>>>> On Mon, Nov 24, 2014 at 5:25 PM, RickG <rgunder...@gmail.com> >>>>>>>>>>>>> wrote: >>>>>>>>>>>>> >>>>>>>>>>>>>> This reminded me of a question: What ports are open or closed >>>>>>>>>>>>>> by default of a UBNT radio in router mode? >>>>>>>>>>>>>> >>>>>>>>>>>>>> On Wed, Nov 19, 2014 at 5:56 PM, Sam Tetherow < >>>>>>>>>>>>>> tethe...@shwisp.net> wrote: >>>>>>>>>>>>>> >>>>>>>>>>>>>>> Definitively list: >>>>>>>>>>>>>>> TCP telnet (23) >>>>>>>>>>>>>>> TCP http (80) >>>>>>>>>>>>>>> TCP https (443) >>>>>>>>>>>>>>> ICMP Echo-Request >>>>>>>>>>>>>>> TCP ssh (22) >>>>>>>>>>>>>>> TCP snmp (161) >>>>>>>>>>>>>>> TCP 18888 >>>>>>>>>>>>>>> UDP discard (9) >>>>>>>>>>>>>>> UDP 10001 - ubiquiti discovery protocol although it never >>>>>>>>>>>>>>> seems to reply >>>>>>>>>>>>>>> when in DMZ mode >>>>>>>>>>>>>>> >>>>>>>>>>>>>>> If any of the services are disabled on the radio then the >>>>>>>>>>>>>>> ports are >>>>>>>>>>>>>>> forwarded on to the DMZ radio, if the ports are changed on >>>>>>>>>>>>>>> the services >>>>>>>>>>>>>>> tab then they will be changed in the DMZ section. >>>>>>>>>>>>>>> >>>>>>>>>>>>>>> If in doubt, ssh into the radio and run iptables -t nat -L >>>>>>>>>>>>>>> >>>>>>>>>>>>>>> >>>>>>>>>>>>>>> >>>>>>>>>>>>>>> On 11/14/2014 06:36 PM, Matt Jenkins wrote: >>>>>>>>>>>>>>> > I assume 80, 22, 443. What others are there? I can't find >>>>>>>>>>>>>>> it in any of >>>>>>>>>>>>>>> > the manuals. >>>>>>>>>>>>>>> > _______________________________________________ >>>>>>>>>>>>>>> > Ubnt_users mailing list >>>>>>>>>>>>>>> > Ubnt_users@wispa.org >>>>>>>>>>>>>>> > http://lists.wispa.org/mailman/listinfo/ubnt_users >>>>>>>>>>>>>>> >>>>>>>>>>>>>>> _______________________________________________ >>>>>>>>>>>>>>> Ubnt_users mailing list >>>>>>>>>>>>>>> Ubnt_users@wispa.org >>>>>>>>>>>>>>> http://lists.wispa.org/mailman/listinfo/ubnt_users >>>>>>>>>>>>>>> >>>>>>>>>>>>>> >>>>>>>>>>>>>> >>>>>>>>>>>>>> >>>>>>>>>>>>>> -- >>>>>>>>>>>>>> -RickG KyWiFi >>>>>>>>>>>>>> >>>>>>>>>>>>>> _______________________________________________ >>>>>>>>>>>>>> Ubnt_users mailing list >>>>>>>>>>>>>> Ubnt_users@wispa.org >>>>>>>>>>>>>> http://lists.wispa.org/mailman/listinfo/ubnt_users >>>>>>>>>>>>>> >>>>>>>>>>>>>> >>>>>>>>>>>>> >>>>>>>>>>>>> _______________________________________________ >>>>>>>>>>>>> Ubnt_users mailing list >>>>>>>>>>>>> Ubnt_users@wispa.org >>>>>>>>>>>>> http://lists.wispa.org/mailman/listinfo/ubnt_users >>>>>>>>>>>>> >>>>>>>>>>>>> >>>>>>>>>>>> >>>>>>>>>>>> >>>>>>>>>>>> -- >>>>>>>>>>>> -RickG KyWiFi >>>>>>>>>>>> >>>>>>>>>>>> _______________________________________________ >>>>>>>>>>>> Ubnt_users mailing list >>>>>>>>>>>> Ubnt_users@wispa.org >>>>>>>>>>>> http://lists.wispa.org/mailman/listinfo/ubnt_users >>>>>>>>>>>> >>>>>>>>>>>> >>>>>>>>>>> _______________________________________________ >>>>>>>>>>> Ubnt_users mailing list >>>>>>>>>>> Ubnt_users@wispa.org >>>>>>>>>>> http://lists.wispa.org/mailman/listinfo/ubnt_users >>>>>>>>>>> >>>>>>>>>>> >>>>>>>>>> >>>>>>>>>> >>>>>>>>>> -- >>>>>>>>>> -RickG KyWiFi >>>>>>>>>> >>>>>>>>>> _______________________________________________ >>>>>>>>>> Ubnt_users mailing list >>>>>>>>>> Ubnt_users@wispa.org >>>>>>>>>> http://lists.wispa.org/mailman/listinfo/ubnt_users >>>>>>>>>> >>>>>>>>>> >>>>>>>>>> _______________________________________________ >>>>>>>>>> Ubnt_users mailing list >>>>>>>>>> Ubnt_users@wispa.org >>>>>>>>>> http://lists.wispa.org/mailman/listinfo/ubnt_users >>>>>>>>>> >>>>>>>>>> >>>>>>>>> >>>>>>>>> >>>>>>>>> -- >>>>>>>>> -RickG KyWiFi >>>>>>>>> >>>>>>>>> >>>>>>>>> _______________________________________________ >>>>>>>>> Ubnt_users mailing >>>>>>>>> listUbnt_users@wispa.orghttp://lists.wispa.org/mailman/listinfo/ubnt_users >>>>>>>>> >>>>>>>>> >>>>>>>>> >>>>>>>>> _______________________________________________ >>>>>>>>> Ubnt_users mailing list >>>>>>>>> Ubnt_users@wispa.org >>>>>>>>> http://lists.wispa.org/mailman/listinfo/ubnt_users >>>>>>>>> >>>>>>>>> >>>>>>>> >>>>>>>> >>>>>>>> -- >>>>>>>> -RickG KyWiFi >>>>>>>> >>>>>>>> >>>>>>>> _______________________________________________ >>>>>>>> Ubnt_users mailing >>>>>>>> listUbnt_users@wispa.orghttp://lists.wispa.org/mailman/listinfo/ubnt_users >>>>>>>> >>>>>>>> >>>>>>>> >>>>>>>> _______________________________________________ >>>>>>>> Ubnt_users mailing list >>>>>>>> Ubnt_users@wispa.org >>>>>>>> http://lists.wispa.org/mailman/listinfo/ubnt_users >>>>>>>> >>>>>>>> >>>>>>> >>>>>>> >>>>>>> -- >>>>>>> -RickG KyWiFi >>>>>>> >>>>>>> _______________________________________________ >>>>>>> Ubnt_users mailing list >>>>>>> Ubnt_users@wispa.org >>>>>>> http://lists.wispa.org/mailman/listinfo/ubnt_users >>>>>>> >>>>>>> >>>>>>> _______________________________________________ >>>>>>> Ubnt_users mailing list >>>>>>> Ubnt_users@wispa.org >>>>>>> http://lists.wispa.org/mailman/listinfo/ubnt_users >>>>>>> >>>>>>> >>>>>> >>>>>> >>>>>> -- >>>>>> -RickG KyWiFi >>>>>> >>>>>> _______________________________________________ >>>>>> Ubnt_users mailing list >>>>>> Ubnt_users@wispa.org >>>>>> http://lists.wispa.org/mailman/listinfo/ubnt_users >>>>>> >>>>>> >>>>>> _______________________________________________ >>>>>> Ubnt_users mailing list >>>>>> Ubnt_users@wispa.org >>>>>> http://lists.wispa.org/mailman/listinfo/ubnt_users >>>>>> >>>>>> >>>>> >>>>> >>>>> -- >>>>> -RickG KyWiFi >>>>> >>>>> _______________________________________________ >>>>> Ubnt_users mailing list >>>>> Ubnt_users@wispa.org >>>>> http://lists.wispa.org/mailman/listinfo/ubnt_users >>>>> >>>>> >>>>> _______________________________________________ >>>>> Ubnt_users mailing list >>>>> Ubnt_users@wispa.org >>>>> http://lists.wispa.org/mailman/listinfo/ubnt_users >>>>> >>>>> >>>> >>>> >>>> -- >>>> -RickG KyWiFi >>>> >>>> _______________________________________________ >>>> Ubnt_users mailing list >>>> Ubnt_users@wispa.org >>>> http://lists.wispa.org/mailman/listinfo/ubnt_users >>>> >>>> >>> >>> >>> -- >>> >>> Adair Winter >>> VP, Network Operations / Owner >>> Amarillo Wireless | 806.316.5071 >>> C: 806.231.7180 >>> http://www.amarillowireless.net >>> >>> >>> _______________________________________________ >>> Ubnt_users mailing list >>> Ubnt_users@wispa.org >>> http://lists.wispa.org/mailman/listinfo/ubnt_users >>> >>> >> >> >> -- >> -RickG KyWiFi >> >> _______________________________________________ >> Ubnt_users mailing list >> Ubnt_users@wispa.org >> http://lists.wispa.org/mailman/listinfo/ubnt_users >> >> > _______________________________________________ > Ubnt_users mailing list > Ubnt_users@wispa.org > http://lists.wispa.org/mailman/listinfo/ubnt_users > > -- -RickG KyWiFi
_______________________________________________ Ubnt_users mailing list Ubnt_users@wispa.org http://lists.wispa.org/mailman/listinfo/ubnt_users