Blog.gowifi

Blog.gowifi

logos (other)

Logos

Go Wireless NZ

Tuesday, September 4, 2012

Using Ubiquiti AirVision through a Firewall



By default Ubiquiti AirVision requires the following ports to be opened through your firewall to access AirVision Remotely:

TCP: 7443 (HTTPS)
TCP: 7080 (HTTP)
TCP: 843 (Flash Policy)


 Note:
All configurations shown below assume the AirVision Server IP Address is 192.168.1.100.



Ubiquiti AirOS Firewall Configuration Example:

This example assumes your Ubiquiti Router is configured in SOHO Router Mode and that this router is also performing NAT. This can be achieved by starting with a Ubiquiti AirOS Router (i.e. AirRouter or PowerAPN) that is using the factory default settings.

Configure Port Forwarding:










MikroTik RouterOS Firewall Configuration Example:

 This example shows you the 3 basic firewall rules that are required to allow AirVision through the RouterOS firewall. This example uses "pppoe-out1-wan" as the external public (internet) interface:

 [admin@MikroTik] /ip firewall nat add chain=dstnat action=dst-nat to-addresses=192.168.1.100 to-ports=7443 protocol=tcp in-interface=pppoe-out1-wan dst-port=7443 comment="AirVision HTTPS" disabled=no

 [admin@MikroTik] /ip firewall nat add chain=dstnat action=dst-nat to-addresses=192.168.1.100 to-ports=7080 protocol=tcp in-interface=pppoe-out1-wan dst-port=7080 comment="AirVision HTTP" disabled=no

 [admin@MikroTik] /ip firewall nat add chain=dstnat action=dst-nat to-addresses=192.168.1.100 to-ports=843 protocol=tcp in-interface=pppoe-out1-wan dst-port=843 comment="AirVision Flash Policy" disabled=no
Posted by at
Labels:

3 comments:

  1. Thomas VysokosNovember 14, 2012 at 11:50 AM

    Hi,

    I've just set up a Power AP N with the same settings as on the screenshot (the only difference is that I'm trying to set up an FTP-server).

    NAT is enabled, but I still cannot access my FTP from outside (within LAN it works like a charm).

    What can be wrong woth my config?

    ReplyDelete
  2. gowifiNovember 14, 2012 at 1:40 PM

    This scenario is based on using a DrayTek ADSL Modem configured in bridge mode which passes the pppoe connection directly to the PowerAPN or MikroTik Router. If you are using a standard ADSL modem (Telecom/Vodafone/D-Link etc) you will need to configure your firewall rules on the Modem and again on the PowerAPN (i would change the PowerAPN to bridge mode instead of its current Router mode so the Modem is the only firewall that traffic traverses on your network as configuring port forwarding through multiple Firewalls (Double NATing) is difficult and messy.

    ReplyDelete
  3. 250x4xxxMarch 24, 2015 at 10:08 AM

    # app.http.port = 7080
    # app.https.port = 7443
    # ems.liveflv.port = 6666
    # ems.rtmp.port = 1935
    # ems.rtsp.port = 7447

    ReplyDelete

Subscribe to: Post Comments (Atom)