Skip to main content

Setting up Firewall ports on Ubiquiti Unifi AP Controller @ Ubuntu 16.04

I am going to list TCP/UDP ports that need to be opened in setting up of Ubiquiti AP AC products on a locally based controller powered by Linux/GNU OS.

The information contained herein are gleaned from various sources including the friendly Ubiquiti community.

The tool used is UFW on a Ubuntu 16.04.3 device. The Ubiquiti reference page is here: https://help.ubnt.com/hc/en-us/articles/218506997-UniFi-Ports-Used

Let's begin:

sudo ufw limit 22/tcp   /* rate limit for openssh
sudo ufw allow 80,443/tcp   /* for http and https connection respectively
sudo ufw allow 8080,8443/tcp   /* for locally based unifi controller connection                                                      with the AP
sudo ufw allow 3478/udp    /* STUN
sudo ufw allow 10001/udp   /* ap discovery (optional)
sudo ufw allow 8880,8843/tcp   /* for guest portals (optional for home user
                                                        unless operating a homestay biz)

sudo ufw allow out 22/tcp   /* openssh
sudo ufw allow out 80,443/tcp   /* http and https respectively
sudo ufw allow out 8080,8443/tcp   /* HTTP adn HTTPS connection with                                                                          controller
sudo ufw allow out 3478/udp   /* STUN
sudo ufw allow out 10001/udp    /*ap discovery (optional)
sudo ufw allow out 8880,8843/tcp    /* guest portals (optional)

#sudo ufw allow 27117/tcp   /*inbound DB server connection

As the inbound DB port 27117 is limited to only localhost access, it need not be open.

Additional note for removal of ports if changing default ports (must be done locally and on AP device):

sudo ufw delete rule args
where rule = allow, allow out, limit
           args = ports number

           For example, to delete 8880 and 8843 ports, we apply:
           sudo ufw delete allow 8880,8843/tcp   /*inbound connection
           sudo ufw delete allow out 8880,8843/tcp   /*outbound connection

That's all for today.
            


 




Follow my blog with Bloglovin

Comments

Post a Comment

Popular posts from this blog

Repairing Fedora Grub using Fedora Live USB

First, Prepare the Fedora Workstation Live CD using Fedora Media Writer. Next, run the Workstation Live CD and run the console. Then, enter the following commands if you are running the separate boot and root partition: 1) sudo mount /dev/sdaX /mnt Note: sdaX is the root partition 2) sudo mount /dev/sdaW /mnt/boot Note: sdaW is the boot partition The following files are essential for running the essential processes for repairing grub and shall be mounted: 3) sudo mount --bind /dev /mnt/dev 4) sudo mount --bind /proc /mnt/proc 5) sudo mount --bind /sys /mnt/sys 6) sudo mount --bind /var/run /mnt/var/run Now, you are ready to go into the Fedora partitions to repair the grub files. The path should be changed to root user from liveuser> to root>: 7) sudo chroot /mnt If you are running dual boot Windows and Fedora system, the following command will replace the Metro Interface: 8) grub2-install /dev/sda With a dual-boot or multi-boot systems, the follow
Post a Comment
Read more

Installing SUSE Imagewriter on Linux Mint Debian Edition

The original title for this post is "Installing SUSE Imagewriter on Ubuntu LTS". Download Zip, save to preferred directory:~/Downloads However due to data loss of the blog, i decide to rewrite this article using Linux Mint Debian Editi on ( a similar distribution to Ubuntu ). First we have to download the source from Github (https://github.com/openSUSE/imagewriter) Download ZIP, save to preferred directory: ~/Downloads Extract imagewriter-master.zip in /home/username/Downloads and in terminal run the command: cd /home/username/Downloads/imagewriter-master Install the latest version of qt4-qmake and libqt4-dev by running: sudo apt-get update && sudo apt-get install qt4-qmake libqt4-dev Instructions for Linux Installation on github Follow the instructions in README.md by running the command: qmake DEFINES=USEHAL imagewriter.pro  Follow by the command: qmake DEFINES=USEUDISKS imagewriter.pro Next run the command: qmake DEFINE
Post a Comment
Read more

Fixing time on sysvinit and systemd

If you have a system that boot using different GNU/Linux init systems such as sysvinit (aka System 5) and systemd (aka System 500) in addition to proprietary Windows system, you may face incorrect time display on one of the aforementioned system. The difference in time display is dependent on the time difference of your location and the UTC time. Further complication may result from concept like Daylight Saving Time (DST). If the Bios is set to localtime, you may fix it in systemd boot system using 'timedatectl' command like: sudo timedatectl set-local-rtc 1 However, if you are using sysvinit and Bios is using localtime, you can set inform the system that local time is being used using 'hwclock' command like: sudo hwclock --localtime or to synchronize the hardware clock with system time and inform the system using: sudo hwclock --systohc --localtime If Bios is using UTC time, you may revert the change with 'timedatectl' like: sudo timedatectl set-lo
Post a Comment
Read more