Install and configure a Debian based UniFi controller



Similar documents
1:1 NAT in ZeroShell. Requirements. Overview. Network Setup

Lab Objectives & Turn In

Linux Terminal Server Project

+ iptables. packet filtering && firewall

How to Secure RHEL 6.2 Part 2

IP Address: the per-network unique identifier used to find you on a network

Linux Routers and Community Networks

Linux Networking: IP Packet Filter Firewalling

Create a virtual machine at your assigned virtual server. Use the following specs

Firewalls. Chien-Chung Shen

Linux: 20 Iptables Examples For New SysAdmins

Firewalls with IPTables. Jason Healy, Director of Networks and Systems

How To Set Up A Network Map In Linux On A Ubuntu 2.5 (Amd64) On A Raspberry Mobi) On An Ubuntu (Amd66) On Ubuntu 4.5 On A Windows Box

Comodo MyDLP Software Version 2.0. Installation Guide Guide Version Comodo Security Solutions 1255 Broad Street Clifton, NJ 07013

Setting up a Raspberry Pi as a WiFi access point

Linux Firewall Wizardry. By Nemus

How to Create, Setup, and Configure an Ubuntu Router with a Transparent Proxy.

CS Computer and Network Security: Firewalls

SI455 Advanced Computer Networking. Lab2: Adding DNS and Servers (v1.0) Due 6 Feb by start of class

Firewalls (IPTABLES)

CIT 480: Securing Computer Systems. Firewalls

Packet filtering with Linux

CSC574 - Computer and Network Security Module: Firewalls

Pexip Reverse Proxy and TURN Server Deployment Guide

CS Computer and Network Security: Firewalls

Free Dynamic DNS account you can use one of your choosing I like DynDNS but there's also No-IP and probably others.

CIT 480: Securing Computer Systems. Firewalls

Assignment 3 Firewalls

INUVIKA OVD VIRTUAL DESKTOP ENTERPRISE

Configuring Ubuntu Server as a Firewall and Reverse Proxy for OWA 2007 Configuration Guide

Firewall implementation and testing

INUVIKA TECHNICAL GUIDE

THE HONG KONG POLYTECHNIC UNIVERSITY Department of Electronic and Information Engineering

Firewall. IPTables and its use in a realistic scenario. José Bateira ei10133 Pedro Cunha ei05064 Pedro Grilo ei09137 FEUP MIEIC SSIN

Citrix XenServer 5.6 OpenSource Xen 2.6 on RHEL 5 OpenSource Xen 3.2 on Debian 5.0(Lenny)

Firewall Firewall August, 2003

Special Note Ethernet Connection Problems and Handling Methods (CS203 / CS468 / CS469)

IPv6.marceln.org.

Syncplicity On-Premise Storage Connector

How to install PowerChute Network Shutdown on VMware ESXi 3.5, 4.0 and 4.1

Red Hat Linux Networking

Linux firewall. Need of firewall Single connection between network Allows restricted traffic between networks Denies un authorized users

Guardian Digital WebTool Firewall HOWTO. by Pete O Hara

Dell Proximity Printing Solution. Installation Guide

A technical whitepaper describing steps to setup a Private Cloud using the Eucalyptus Private Cloud Software and Xen hypervisor.

Rstudio Server on Amazon EC2

How To Set Up An Ip Firewall On Linux With Iptables (For Ubuntu) And Iptable (For Windows)

CSE543 - Computer and Network Security Module: Firewalls

Skywire TCP Socket Examples

Corso di Configurazione e Gestione di Reti Locali

Linux Home Networking II Websites At Home

Using pcduino's WiFi Dongle With the Pi a

Change Log. 2 per vices corporation

Linux as an IPv6 dual stack Firewall

Linux Administrator (Advance)

Manuale Turtle Firewall

Connections and wiring Diagram

Building a Penetration Testing Virtual Computer Laboratory

Track 2 Workshop PacNOG 7 American Samoa. Firewalling and NAT

1 Basic Configuration of Cisco 2600 Router. Basic Configuration Cisco 2600 Router

Focus on Security. Keeping the bad guys out

Firewalls. Firewall types. Packet filter. Proxy server. linux, iptables-based Windows XP s built-in router device built-ins single TCP conversation

Load Balancing Trend Micro InterScan Web Gateway

How to protect your home/office network?

Host Configuration (Linux)

Main functions of Linux Netfilter

Linux Firewalls (Ubuntu IPTables) II

Table des matières 1 Cœur Routeur Configuration Fichiers de configuration... 1

Project 2: Firewall Design (Phase I)

Avast for linux technical documentation

Firewall Defaults and Some Basic Rules

IPv6 Network Security.

Information Security Training. Assignment 1 Networking

PasserellesNumeriquesCambodia (PNC)

TCP/IP Network Essentials. Linux System Administration and IP Services

Railo Installation on CentOS Linux 6 Best Practices

Chapter 7. Firewalls

CIS 433/533 - Computer and Network Security Firewalls

avast! for linux technical documentation

Linux MDS Firewall Supplement

Internet Firewall CSIS Packet Filtering. Internet Firewall. Examples. Spring 2011 CSIS net15 1. Routers can implement packet filtering

Linux Networking Basics

Building a Home Gateway/Firewall with Linux (aka Firewalling and NAT with iptables )

IP Address and Pre-configuration Information

Private Cloud in Educational Institutions: An Implementation using UEC

OS Installation: CentOS 5.8

Firewalls. Pehr Söderman KTH-CSC

Setting up VNC, SAMBA and SSH on Ubuntu Linux PCs Getting More Benefit out of Your Local Area Network

Adafruit's Raspberry Pi Lesson 3. Network Setup

Network Security. Routing and Firewalls. Radboud University Nijmegen, The Netherlands. Autumn 2014

Introduction. Created by Richard Bell 10/29/2014

Load Balancing McAfee Web Gateway. Deployment Guide

10.4. Multiple Connections to the Internet

DSL-G604T Install Guides

Firewalls. October 23, 2015

Workshop on Scientific Applications for the Internet of Things (IoT) March

Transcription:

Install and configure a Debian based UniFi controller 1. Configuring Debian First you will need to download the correct Debian image for your architecture. There are generally two images used, a smaller installation image or a larger complete installation image. The smaller image is a bare bones Debian that requires an internet connection during the installation. The larger installation image contains most of the popular packages and does not require an internet connection during installation. Since this installation will be used only as a UniFi controller we will be going with the small installation image. Both images can be downloaded here: http://www.debian.org/distrib We will not be covering the installation of Debian in this guide since it is well documented elsewhere. http://www.debian.org/releases/stable/installmanual Once Debian is up and running, the first thing we will do is assign it a static IP address. We do this by editing the /etc/network/interfaces file using the Nano editor. Type the following command to open up the interfaces file in Nano: # nano /etc/network/interfaces Now we will edit the eth0 interface (or whichever interface you are using) with the static IP information (obviously substitute this info with your IP and subnet information): auto eth0 iface eth0 inet static address 192.168.1.15 netmask 255.255.255.0 gateway 192.168.1.1 network 192.168.1.0 broadcast 192.168.1.255 dns-nameservers 192.168.1.1 8.8.8.8 Next we will install SSH for remote access to the controller. Prior to installing the OpenSSH server we will want to update the packages database. You do this by running the following command as the root user: # apt-get update Now we can install the OpenSSH server with the following command: # apt-get install openssh-server

That's it. SSH should now be running and accepting connections. You can test this by SSH'ing locally with the following command: # ssh root@localhost 2. Installing the UniFi controller software Now on to installing the UniFi software. First we will need to add the Ubiquiti source to our sources list. This will tell Debian to look for packages available from Ubiquiti for installation. To edit the sources list, open the sources.list file in Nano with the following command (as root user): # nano /etc/apt/sources.list Now add the following lines below the existing sources and save the changes: # Ubiquiti UniFi updates deb http://www.ubnt.com/downloads/unifi/distros/deb/debian debian ubiquiti Next we will need to add the Ubiquiti GPG keys. Type the following commands as root user: # apt-key adv --keyserver keyserver.ubuntu.com --recv C0A52C50 and # apt-key adv --keyserver keyserver.ubuntu.com --recv 7F0CEB10 And finally we need to install the UniFi controller software. First we need to update our package database again, which will now include the UniFi package information from Ubiquiti. # apt-get update And last but not least, installation of the actual UniFi package. You can choose to install the stable version or the latest beta version: # apt-get install unifi or # apt-get install unifi-beta The UniFi controller software should now be accessible by visiting the following URL (replacing the IP address with whatever you used): https://192.168.1.15:8443

3. Configuring the firewall The final step is to configure the controller's firewall to only allow SSH and the UniFi ports. This step is optional, but recommended, especially if you chose to do a full install of Debian since it will have a much larger attack surface. First we will create the file to store the firewall rules in. Run the following command as root user: # nano /etc/network/firewall-rules Now paste the following set of rules into the file and save it (make sure and change eth0 to whatever interface you are using): *filter # Flush any existing rules -F # Default policy: drop all inbound and allow all outbound -P FORWARD DROP -P INPUT DROP -P OUTPUT ACCEPT # Accepts all established inbound connections -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT # Allow local programs that use loopback (Unix sockets) -A INPUT -s 127.0.0.0/8 -d 127.0.0.0/8 -i lo -j ACCEPT # Allow ICMP pings -A INPUT -i eth0 -p icmp --icmp-type echo-request -j ACCEPT # Allow SSH from anywhere -A INPUT -i eth0 -p tcp --dport 22 -j ACCEPT # Allow all the UniFi ports from anywhere -A INPUT -i eth0 -p tcp --dport 8080 -j ACCEPT -A INPUT -i eth0 -p tcp --dport 8081 -j ACCEPT -A INPUT -i eth0 -p tcp --dport 8443 -j ACCEPT -A INPUT -i eth0 -p tcp --dport 8880 -j ACCEPT -A INPUT -i eth0 -p tcp --dport 8843 -j ACCEPT -A INPUT -i eth0 -p udp --dport 3478 -j ACCEPT -A INPUT -i eth0 -p udp --dport 10001 -j ACCEPT COMMIT

Next we need to set Debian to run these rules when the machine starts up. We will do that by calling firewall-rules from the /etc/network/interfaces file. We will need to add the following line to the bottom of the interface's config: post-up iptables-restore < /etc/network/firewall-rules It should look like this: auto eth0 iface eth0 inet static address 172.24.32.20 netmask 255.255.255.0 gateway 172.24.32.1 network 172.24.32.0 broadcast 172.24.32.255 dns-nameservers 172.24.32.1 8.8.8.8 post-up iptables-restore < /etc/network/firewall-rules Now you can either reboot the machine or restart the interface to activate the firewall rules. You can restart the interface with the following command: # ifdown eth0 && ifup eth0 Verify that the firewall rules are loaded with the following command: # iptables -L It should look like this: Chain INPUT (policy DROP) ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED ACCEPT all -- loopback/8 loopback/8 ACCEPT icmp -- anywhere anywhere icmp echo-request ACCEPT tcp -- anywhere anywhere tcp dpt:ssh ACCEPT tcp -- anywhere anywhere tcp dpt:http-alt ACCEPT tcp -- anywhere anywhere tcp dpt:tproxy ACCEPT tcp -- anywhere anywhere tcp dpt:8443 ACCEPT tcp -- anywhere anywhere tcp dpt:8880 ACCEPT tcp -- anywhere anywhere tcp dpt:8843 ACCEPT udp -- anywhere anywhere udp dpt:3478 ACCEPT udp -- anywhere anywhere udp dpt:10001 Chain FORWARD (policy DROP) Chain OUTPUT (policy ACCEPT)

And that's it! You've got yourself a solid, secure, small footprint UniFi controller.

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information