|
Red_Fred posted:Hi thread. I recently got an IP camera which I would like to block from going to the Internet except for getting to some Time servers. Can someone please sanity check my settings: KKKLIP ART posted:Or is there some way to make a local machine a time server so it doesn’t have to touch the web at all? edit: here have my ntp rule 
wolffenstein fucked around with this message at 09:34 on Feb 3, 2019 |
#
?
Feb 3, 2019 09:23
|
|
|
|
| # ? Apr 28, 2024 13:09 |
|
|
wolffenstein posted:Since Red's using an EdgeRouter, it has a built-in time server. So write a destination NAT rule to forward all non-router NTP requests to the router. Thought that might work. So the IP should be of the device I want to use the NTP and the interface the same right? So 192.168.1.59 and eth1 in my case.
|
|
#
?
Feb 4, 2019 10:02
|
|
|
No it should be the ip of your router, but yes the interface of your camera.
|
|
#
?
Feb 4, 2019 15:39
|
|
|
Alright Goons, have a fairly simple "I need to ask you guys because my network problems aren't listed here" question. what's the best Wireless bridge on the market currently? I need to get wired internet into my office for my desktop and homelab setup. This wouldn't be an issue if the builders of my apartment had properly terminated the connection into my office  . Signal strength should not be an issue my new apt is ~1,200 sqft and the router will be less than 50 feet from the bridge. I just need the best solution for getting internet into my office. I'm currently looking at scooping up a Linksys AC3000 as a bridge and hooking up a managed switch to distribute connectivity throughout my office. Should I go in another direction? -Tell us what you network setup is: Connection into the house is currently 400Mbps but I'm planning on moving to a gig connection later this year. Main router is a Linksys AC1900 flashed with OpenWRT + Motorola Surfboard modem + TPLink Managed Switches + VSSMonitoring taps for tapping connections as needed. [At some point I'd like to go full Ubiquity for routers and switches, not sure if that makes a difference]. -Tell us how you use the network. I'm in cybersecurity myself so I do a fair bit of home-labbing and enjoy dabbling with enterprise gear at home when possible. Besides the gaming and streaming my biggest upcoming project is standing up an outward facing Plex Server for myself and a few friends. I'm hoping to keep this achievable without running hardlines throughout the apt.
|
|
#
?
Feb 5, 2019 21:48
|
|
|
What do you mean 'properly terminated'? Where's your Internet come in at the moment, and how? I think you'd be best served by thin flexible Cat5e and a staple gun if any cabling that already installed can't be used. If it's a rental just fill any holes when you move out, nobody will notice.
|
|
#
?
Feb 5, 2019 21:54
|
|
|
Thanks Ants posted:What do you mean 'properly terminated'? Where's your Internet come in at the moment, and how? Nothing major. the cable company, or the builders (not sure who's responsible) just didn't finish put the male coax connection on two of the cables in our distribution box. I'm sure I could put the coax on myself but I'd rather let the correct party take care of it considering I don't own the building. I may very well go against the girlfriends will and run a cable across the ceiling. e: thank you, ants. Diametunim fucked around with this message at 23:38 on Feb 5, 2019 |
|
#
?
Feb 5, 2019 22:07
|
|
|
If you have cable there and it just needs plugs crimping on then have the person who comes out to install your internet put a couple plugs on for you, maybe give them some cash for their trouble, and shove the modem in your office. Don't gently caress around trying to pull 400Mbps+ over a wireless bridge. Thanks Ants fucked around with this message at 22:29 on Feb 5, 2019 |
|
#
?
Feb 5, 2019 22:26
|
|
|
The rule is, if you can do it with wired, do so. If it can't be wired Ethernet, see if it can be power line or MoCa. Wireless bridging is the last resort.
|
|
#
?
Feb 6, 2019 00:03
|
|
|
Can anyone recommend a good directional antenna so that I can connect my parents' barn to their house so we can put a few cameras in the barn and view the video feed from the house? The barn is about 100 yards from the house and the antennae have to be able to survive outdoors all year in Nebraska (~ -15F to ~ 110F), and it has to have enough bandwidth to send a live video feed (1080p would probably be perfectly adequate). Budget is uhhhh $300 max? Cheaper is better but they understand having to pay for something that works. A less important secondary project if it can be done cheaply would be to do the same thing but for a construction site that's 1/2 to 3/4 of a mile away. I don't really know the ranges for these things or how much they cost so I don't know if this is a reasonable goal or if it's going to be prohibitively expensive. Line of sight is completely open though. Also if anyone can recommend a good set of 3-4 outdoor rated 1080p or better cameras. They probably won't be directly in the elements though so they don't need to be super duper tough. Night vision would be a nice bonus but is not strictly necessary as the area being monitored has lighting. And they don't need any recording capability, just the ability to be viewed at will over the LAN. Wired is fine although wireless would be ok too if they're reliable. Basically my dad raises cattle and he doesn't want to have to go out in the cold every night at 2-3am and check to see if they're giving birth and need assistance. my kinda ape fucked around with this message at 00:48 on Feb 6, 2019 |
|
#
?
Feb 6, 2019 00:46
|
|
|
If you have line of sight then get a couple of Ubiquiti NanoBeams, then put a switch in the barn (e.g. the wireless link would act like a long cable). Same for your longer range issue. You could probably use AC NanoStations for the barn link to save a bit of cash.
|
|
#
?
Feb 6, 2019 01:00
|
|
|
Thanks Ants posted:If you have line of sight then get a couple of Ubiquiti NanoBeams, then put a switch in the barn (e.g. the wireless link would act like a long cable). Same for your longer range issue. Those nanostations look perfect, thanks! Just so I make sure I understand it right I'd be setting it up like: house router>POE injector>POE cable>NanoStation 1~~~~~~~~~NanoStation 2>POE cable>POE injector>barn switch>cameras or camera base station. Correct? And if the cameras all connected to a single base station I wouldn't need the barn switch? Or if I get POE cameras I can just connect everything to a POE capable switch and not have to deal with POE injectors for anything?
|
|
#
?
Feb 6, 2019 01:50
|
|
|
I think you've got it. If there's only one thing to connect at the barn end then you won't need a switch. You can't run the NanoStations off PoE switches though, they use a different power standard. I'm pretty sure you won't break them trying, they just won't work. For the short link you can use a pair of these https://www.balticnetworks.com/ubiquiti-airmax-nanostation-ac-loco-5ghz-802-11ac-us.html And one of these for each radio https://www.balticnetworks.com/ubiquiti-poe-24-12w-g-replacement-gigabit-poe-injector-for-airmax-and-unifi.html You'll also want something to mount the radios to, I think people like these but I've not used them personally, they should be fine with the NanoStations though https://www.balticnetworks.com/mimosa-fleximount.html Thanks Ants fucked around with this message at 02:49 on Feb 6, 2019 |
|
#
?
Feb 6, 2019 02:44
|
|
|
Thanks Ants posted:I think you've got it. If there's only one thing to connect at the barn end then you won't need a switch. You can't run the NanoStations off PoE switches though, they use a different power standard. I'm pretty sure you won't break them trying, they just won't work. Awesome, thanks for your help. Just ordered a couple of the Nanostation AC locos and POE injectors so hopefully I can try it out this weekend if everything gets there on time.
|
|
#
?
Feb 6, 2019 02:49
|
|
|
The only other thing I'd add would be to dial the power right down on the radios before you point them at each other - you don't really need any power at all for the distances you're going. The Ubiquiti forums are also pretty good at helping you tweak things.
|
|
#
?
Feb 6, 2019 02:53
|
|
|
Seriously, you'll be amazed at how strong of a signal the Nanostations can punch through on low power.
|
|
#
?
Feb 6, 2019 03:23
|
|
|
So for that Ubiquiti security breach, it seems if I have a basic USG and AP, I'm good for that remote management bug, but should I be blocking any ports or anything to stop access from it?
|
|
#
?
Feb 6, 2019 03:58
|
|
|
Thanks Ants posted:The only other thing I'd add would be to dial the power right down on the radios before you point them at each other - you don't really need any power at all for the distances you're going. The Ubiquiti forums are also pretty good at helping you tweak things. What happens if I don't reduce the power?
|
|
#
?
Feb 6, 2019 04:01
|
|
|
my kinda ape posted:What happens if I don't reduce the power? Ever turn your stereo up too loud and the sound gets distorted?
|
|
#
?
Feb 6, 2019 04:07
|
|
|
Is there anything Ubiquiti makes that could communicate with two of those NanoStations on opposite sides of it and is relatively cheap? The two different places they want to connect to the house internet are on pretty much exactly opposite each other on either side of the house, albeit one is much further away. So I could put a nanostation at the barn and the construction site and both could transmit to the single device on top of the house.
|
|
#
?
Feb 6, 2019 05:12
|
|
|
We just switched from a lovely local internet company to Xfinity and I'm having issues with my network card crashing and losing the internet connection. It's an Intel AC-7260 that is about a year old. We're now using their combined router/modem and since then, every 30 minutes or so my computer loses connection to the internet and freezes the computer for up to 10 seconds. It stays connected to the network but it has no internet connectivity and I can't access the router through a browser. I have to disable/re-enable the connection to make it work. It works fine on every other device on the network, it's just my computer. I tried updating the drivers and that didn't help. I had no problems before when we were using a TP-Link Archer C7. DiggityDoink fucked around with this message at 08:22 on Feb 6, 2019 |
|
#
?
Feb 6, 2019 08:17
|
|
|
A couple of questions, Unifi specific:
|
|
#
?
Feb 6, 2019 13:10
|
|
|
bolind posted:A couple of questions, Unifi specific: The second port can be aggregated on the higher end APs which are designed to carry hundreds of users. On lower end APs, it’s there to daisy chain to another AP or to one of their weird computer LED light panels. I think it can be bridged to anything but I’ve never used it on my AP-AC Pro. I run multiple WiFi networks by setting up VLANs on my router and switch, and having my UniFi AP tag the WiFi networks to the appropriate VLAN. For corporate networks you might want to set up a RADIUS server and do some kind of authentication, and you can set up a captive portal for a guest network in UniFi. It also has a setting for a guest network that segregates the guest net onto its own VLAN with some simple firewall rules preset on the AP which is a nice shortcut.
|
|
#
?
Feb 6, 2019 13:24
|
|
|
Awesome, thanks!
|
|
#
?
Feb 6, 2019 15:26
|
|
|
To expand on what Valen said - technically the 5G wifi can go to 1.3+Gbps, so they need more that 1 uplink port to support that (via aggregation).
|
|
#
?
Feb 6, 2019 16:08
|
|
|
my kinda ape posted:Is there anything Ubiquiti makes that could communicate with two of those NanoStations on opposite sides of it and is relatively cheap? The two different places they want to connect to the house internet are on pretty much exactly opposite each other on either side of the house, albeit one is much further away. So I could put a nanostation at the barn and the construction site and both could transmit to the single device on top of the house. The Nanostations are designed for Point to Point, or Point to Multipoint operation. You can have a common Nanostation on the house, and then one on your barn and another at the construction site both pointed back at the house Nanostation. This is exactly the type of usage they where designed for. The distance is short enough, you likely will not need to have them pointed directly at each other. These things are designed for a multi-mile link. 100 yards is short in comparison, which is why you may likely have to turn the power down a bit. The status screen on each unit will show the received signal strength. Ideally you want it around -55 to -50 at the highest -40 is a bit too hot. Too hot a signal can actually cause throughput to drop. The old generation Nanostation locos would deliver 100Mbps actual solid throughput. I've not used the newer generation AC models yet, but I have no doubt they will be just as good.
|
|
#
?
Feb 6, 2019 16:26
|
|
|
DiggityDoink posted:We just switched from a lovely local internet company to Xfinity and I'm having issues with my network card crashing and losing the internet connection. It's an Intel AC-7260 that is about a year old. We're now using their combined router/modem and since then, every 30 minutes or so my computer loses connection to the internet and freezes the computer for up to 10 seconds. It stays connected to the network but it has no internet connectivity and I can't access the router through a browser. I have to disable/re-enable the connection to make it work. It works fine on every other device on the network, it's just my computer. I tried updating the drivers and that didn't help. You should definitely get your own modem and router and return the comcast one. Those combo units are not good. 10 years or so ago I was renting theirs for $7 a month and it was not very good, so I bought a Motorola SB6120 for $70 and even though I primarily use verizon fios now I still have the SB6120 serving my secondary comcast connection with no rental fee. I forget what the main suggested modem is now, but it'll be an upgrade to replace the combo unit and pay for itself inside of a year most likely. That said, it seems like a lot of people have issues with the AC-7260 that are driver related. I don't own one so I haven't done it myself but I see Intel reps suggesting to reinstall the driver from their download page. Last post here: https://forums.intel.com/s/question/0D50P0000490WFcSAM/problem-with-the-ac7260-constantly-disconnecting-ac-speed-not-availble?language=en_US quote:- Please try a driver only installation instead: I don't know if it will help but it can't hurt.
|
|
#
?
Feb 6, 2019 16:42
|
|
|
KKKLIP ART posted:So for that Ubiquiti security breach, it seems if I have a basic USG and AP, I'm good for that remote management bug, but should I be blocking any ports or anything to stop access from it? If you're talking about the poo poo over port 10001 then yeah basically. Hopefully your fw is configured with implicit deny rules (which I think it is by default) for inbound traffic but the remote management bug doesn't apply to the unifi gear based on what I could find + thread consensus. If you're really worried feel free to create a drop rule for traffic over the port in question and give it a comment - that way when you come back in the future you know why you did it and don't blindly open it up again. For like 90% of users they won't notice any work flow impact for blocking that port.
|
|
#
?
Feb 6, 2019 17:42
|
|
|
I grabbed a passively-cooled switch, a LinkSys SE3016. Can someone point me in the right direction to set up a dedicated VLAN across a few of its ports? It looks like my DJ equipment might actually need that; loading tracks across the devices is suspiciously slow and I had the connection drop out entirely at one point. I suspect this might be due to interference from the other more typical devices sharing the switch. EDIT: I'd still like to set up static IPs or DHCP Reservation for all the devices connected to the switch as well, is this possible? Is it done the same way (configured through my modem's administrator setup) as if the devices were connected via WIFI? Thanks again. Mister Speaker fucked around with this message at 04:11 on Feb 7, 2019 |
|
#
?
Feb 7, 2019 03:00
|
|
|
unknown posted:To expand on what Valen said - technically the 5G wifi can go to 1.3+Gbps, so they need more that 1 uplink port to support that (via aggregation). Wireless is half duplex so you need to divide the speed in two, making a 1733 ac link effectively 866, so a 4x4 VHT80 wireless ap traffic can possibly fit onto a single wired gigabit link. The LACP feature on HD/SHD is not that useful as there is not enough bandwidth usage to justify it(at least without VHT160) and the controller seems to have visualization issues with trunks(my LACP linked SHD is shown somedays as one device, other as two). SlowBloke fucked around with this message at 08:46 on Feb 7, 2019 |
|
#
?
Feb 7, 2019 08:40
|
|
|
How directional are the Unifi access points? I have ceiling beams in my living room, and I would like to mount an AC-lite on one. Is there going to be a noticeable difference if they are mounted on the top (logo facing towards the ceiling) rather than the bottom of the beam?
Baronash fucked around with this message at 19:23 on Feb 7, 2019 |
|
#
?
Feb 7, 2019 19:21
|
|
|
Baronash posted:How directional are the Unifi access points? I have ceiling beams in my living room, and I would like to mount an AC-lite on one. Is there going to be a noticeable difference if they are mounted on the top (logo facing towards the ceiling) rather than the bottom of the beam? You should be fine. They’re not very directional, signal tends to be stronger out to the sides rather than up or down (donut shape). I’d say set it on top, if you have signal issues then try the bottom.
|
|
#
?
Feb 7, 2019 19:50
|
|
|
SlowBloke posted:Wireless is half duplex so you need to divide the speed in two, making a 1733 ac link effectively 866, so a 4x4 VHT80 wireless ap traffic can possibly fit onto a single wired gigabit link. The LACP feature on HD/SHD is not that useful as there is not enough bandwidth usage to justify it(at least without VHT160) and the controller seems to have visualization issues with trunks(my LACP linked SHD is shown somedays as one device, other as two). Not quite divide by two (it can be 60/40, 80/20, etc) - but that being said, that's lab level speeds, and in the real world no one would see it. But as was mentioned by a different vendor: "someone would sue us if we advertised/sold wifi that can [theoretically] do more than 1G, but can't because it's only got a 1G port." No mention on issues with lacp balancing hashes, but legal was happy. This is also why a few vendors are starting to push 2.5Gbps ethernet ports for APs.
|
|
#
?
Feb 7, 2019 19:59
|
|
|
Didn't realize how cheap those links are getting. Wow. Long ago I thought about someday setting up a link like that between my father and grandfathers house, which are next door. My grandfather would never pay for or use internet, but if it was there and I got him an ipad, he'd play internet checkers with me every once in a while. Will the nanostation at the far end also act as a local AP, or would I need to wire it to something like a normal ubiqit saucer?
|
|
#
?
Feb 7, 2019 21:15
|
|
|
bobua posted:Didn't realize how cheap those links are getting. Wow. The latter, you'll need a local AP at the far end.
|
|
#
?
Feb 7, 2019 21:29
|
|
|
Mister Speaker posted:I grabbed a passively-cooled switch, a LinkSys SE3016. Can someone point me in the right direction to set up a dedicated VLAN across a few of its ports? As far as I can tell this is an unmanaged switch and as such you can't configure VLANs on it. You'll need a managed switch for this.
|
|
#
?
Feb 7, 2019 21:30
|
|
|
bobua posted:Didn't realize how cheap those links are getting. Wow. How close is next door? Because that could be the next field over, or you could be 20m away. If you're next door separated by a patch of grass I'd be inclined to dig a fibre in.
|
|
#
?
Feb 7, 2019 22:02
|
|
|
Thanks Ants posted:
fly a steel cable between structures and lash an outdoor-rated fiber to it.
|
|
#
?
Feb 7, 2019 22:52
|
|
|
Anyone using Tenda MW3 mesh network devices? Had it running a month but devices drop off and the speed constantly drops to nothing Any tips before I return it and buy something/anything else. It was cheap, so I didn't have high expectations!
|
|
#
?
Feb 8, 2019 15:24
|
|
|
smax posted:Add Allow rules for the traffic you want above that block rule you already created, use the same format but set the destination as the addresses you want it to access. Hey I did this but it still seems to block everything:  If I change the bottom rule to accept my camera picks up the time properly otherwise it doesn't. When I do a packet capture with it set as above I just get broadcast packets and nothing else.
|
|
#
?
Feb 8, 2019 20:40
|
|
|
|
| # ? Apr 28, 2024 13:09 |
|
|
Do you have those IPs hardcoded into the camera or are you using the DNS names? Because if you're using DNS it's both (1) being blocked by the firewall rules and (2) not guaranteed to return those IPs as those records usually rotate through a big list of IPs.
|
|
#
?
Feb 10, 2019 00:28
|
|
