I am going to list TCP/UDP ports that need to be opened in setting up of Ubiquiti AP AC products on a locally based controller powered by Linux/GNU OS.
The information contained herein are gleaned from various sources including the friendly Ubiquiti community.
The tool used is UFW on a Ubuntu 16.04.3 device. The Ubiquiti reference page is here: https://help.ubnt.com/hc/en-us/articles/218506997-UniFi-Ports-Used
Let's begin:
sudo ufw limit 22/tcp /* rate limit for openssh
sudo ufw allow 80,443/tcp /* for http and https connection respectively
sudo ufw allow 8080,8443/tcp /* for locally based unifi controller connection with the AP
sudo ufw allow 3478/udp /* STUN
sudo ufw allow 10001/udp /* ap discovery (optional)
sudo ufw allow 8880,8843/tcp /* for guest portals (optional for home user
unless operating a homestay biz)
sudo ufw allow out 22/tcp /* openssh
sudo ufw allow out 80,443/tcp /* http and https respectively
sudo ufw allow out 8080,8443/tcp /* HTTP adn HTTPS connection with controller
sudo ufw allow out 3478/udp /* STUN
sudo ufw allow out 10001/udp /*ap discovery (optional)
sudo ufw allow out 8880,8843/tcp /* guest portals (optional)
#sudo ufw allow 27117/tcp /*inbound DB server connection
As the inbound DB port 27117 is limited to only localhost access, it need not be open.
Additional note for removal of ports if changing default ports (must be done locally and on AP device):
sudo ufw delete rule args
where rule = allow, allow out, limit
args = ports number
For example, to delete 8880 and 8843 ports, we apply:
sudo ufw delete allow 8880,8843/tcp /*inbound connection
sudo ufw delete allow out 8880,8843/tcp /*outbound connection
That's all for today.
Follow my blog with Bloglovin
The information contained herein are gleaned from various sources including the friendly Ubiquiti community.
The tool used is UFW on a Ubuntu 16.04.3 device. The Ubiquiti reference page is here: https://help.ubnt.com/hc/en-us/articles/218506997-UniFi-Ports-Used
Let's begin:
sudo ufw limit 22/tcp /* rate limit for openssh
sudo ufw allow 80,443/tcp /* for http and https connection respectively
sudo ufw allow 8080,8443/tcp /* for locally based unifi controller connection with the AP
sudo ufw allow 3478/udp /* STUN
sudo ufw allow 10001/udp /* ap discovery (optional)
sudo ufw allow 8880,8843/tcp /* for guest portals (optional for home user
unless operating a homestay biz)
sudo ufw allow out 22/tcp /* openssh
sudo ufw allow out 80,443/tcp /* http and https respectively
sudo ufw allow out 8080,8443/tcp /* HTTP adn HTTPS connection with controller
sudo ufw allow out 3478/udp /* STUN
sudo ufw allow out 10001/udp /*ap discovery (optional)
sudo ufw allow out 8880,8843/tcp /* guest portals (optional)
#sudo ufw allow 27117/tcp /*inbound DB server connection
As the inbound DB port 27117 is limited to only localhost access, it need not be open.
Additional note for removal of ports if changing default ports (must be done locally and on AP device):
sudo ufw delete rule args
where rule = allow, allow out, limit
args = ports number
For example, to delete 8880 and 8843 ports, we apply:
sudo ufw delete allow 8880,8843/tcp /*inbound connection
sudo ufw delete allow out 8880,8843/tcp /*outbound connection
That's all for today.
Follow my blog with Bloglovin
No comments:
Post a Comment