Fltro Bridge UBNT

Passar so Trafego Pppoe na brid ubnt

Depois de muita pesquisa e varias tentativas consegui fazer com que so passe trafego pppoe.
-Primeiramente Configure o burlet,naano ou roquet como ap bridge.
-Faça o download do backup da configuraçao do ap ubnt.
-Abra o arquivo do backup com wordpad e acrescente essas linhas:

ebtables.4.cmd=-A FORWARD -p 0x8863 -j ACCEPT 
ebtables.4
.status=enabled 
ebtables.5
.cmd=-A FORWARD -p 0x8864 -j ACCEPT 
ebtables.5
.status=enabled 
ebtables.6
.cmd=-P FORWARD DROP 
ebtables.6
.status=enabled 
ebtables.7
.cmd=-A INPUT -p 0x0800 --in-interface ath0 -j DROP 
ebtables.7
.status=enabled  
OBS:Lenbrando que perdera o acesso do ap pela interface wirelles so sendo possivel acessar pela eternet.
Com isso diminuira Drasticamente o trafego desnecessario.
O arquivo fica assim:
aaa.1.status=disabled 
aaa
.status=disabled 
bridge.1
.devname=br0 
bridge.1
.fd=
bridge.1
.port.1.devname=eth0 
bridge.1
.port.1.status=enabled 
bridge.1
.port.2.devname=ath0 
bridge.1
.port.2.status=enabled 
bridge.1
.port.3.devname=eth1 
bridge.1
.port.3.status=enabled 
bridge.1
.stp.status=disabled 
bridge
.status=enabled 
dhcpc.1
.devname=br0 
dhcpc.1
.status=disabled 
dhcpc
.status=disabled 
dhcpd.1
.status=disabled 
dhcpd
.status=disabled 
dnsmasq.1
.devname=eth0 
dnsmasq.1
.status=enabled 
dnsmasq
.status=disabled 
ebtables.1
.cmd=-t nat -A PREROUTING --in-interface ath0 -j arpnat --arpnat-target ACCEPT 
ebtables.1
.status=disabled 
ebtables.2
.cmd=-t nat -A POSTROUTING --out-interface ath0 -j arpnat --arpnat-target ACCEPT 
ebtables.2
.status=disabled 
ebtables.3
.cmd=-t broute -A BROUTING --protocol 0x888e --in-interface ath0 -j DROP 
ebtables.3
.status=disabled 
ebtables.4
.cmd=-A FORWARD -p 0x8863 -j ACCEPT 
ebtables.4
.status=enabled 
ebtables.5
.cmd=-A FORWARD -p 0x8864 -j ACCEPT 
ebtables.5
.status=enabled 
ebtables.6
.cmd=-P FORWARD DROP 
ebtables.6
.status=enabled 
ebtables.7
.cmd=-A INPUT -p 0x0800 --in-interface ath0 -j DROP 
ebtables.7
.status=enabled 
ebtables.50
.status=disabled 
ebtables.51
.status=disabled 
ebtables.52
.status=disabled 
ebtables
.status=enabled 
gui
.language=pt_PT 
httpd
.https.status=disabled 
httpd
.port.http=80 
httpd
.port=80 
httpd
.status=enabled 
igmpproxy
.status=disabled 
iptables.3
.status=disabled 
iptables
.status=disabled 
netconf.1
.alias.1.status=disabled 
netconf.1
.alias.2.status=disabled 
netconf.1
.alias.3.status=disabled 
netconf.1
.alias.4.status=disabled 
netconf.1
.alias.5.status=disabled 
netconf.1
.alias.6.status=disabled 
netconf.1
.alias.7.status=disabled 
netconf.1
.alias.8.status=disabled 
netconf.1
.devname=eth0 
netconf.1
.ip=0.0.0.0 
netconf.1
.netmask=255.255.255.0 
netconf.1
.promisc=enabled 
netconf.1
.status=enabled 
netconf.1
.up=enabled 
netconf.2
.alias.1.status=disabled 
netconf.2
.alias.2.status=disabled 
netconf.2
.alias.3.status=disabled 
netconf.2
.alias.4.status=disabled 
netconf.2
.alias.5.status=disabled 
netconf.2
.alias.6.status=disabled 
netconf.2
.alias.7.status=disabled 
netconf.2
.alias.8.status=disabled 
netconf.2
.allmulti=enabled 
netconf.2
.devname=ath0 
netconf.2
.ip=0.0.0.0 
netconf.2
.netmask=255.255.255.0 
netconf.2
.promisc=enabled 
netconf.2
.status=enabled 
netconf.2
.up=enabled 
netconf.3
.autoip.status=disabled 
netconf.3
.devname=br0 
netconf.3
.ip=192.168.1.20 
netconf.3
.netmask=255.255.255.0 
netconf.3
.status=enabled 
netconf.3
.up=enabled 
netconf
.status=enabled 
netmode
=bridge 
ntpclient
.status=disabled 
ppp.1
.password
ppp.1.status=disabled 
ppp
.status=disabled 
pwdog
.status=disabled 
radio.1
.ack.auto=enabled 
radio.1
.ackdistance=600 
radio.1
.acktimeout=25 
radio.1
.ampdu.bytes=50000 
radio.1
.ampdu.frames=32 
radio.1
.ampdu.status=enabled 
radio.1
.chanshift=
radio.1
.clksel=
radio.1
.countrycode=840 
radio.1
.cwm.enable=
radio.1
.cwm.mode=
radio.1
.devname=ath0 
radio.1
.dfs.status
radio.1.forbiasauto=
radio.1
.frag=off 
radio.1
.freq=2412 
radio.1
.ieee_mode=11nght40plus 
radio.1
.mcastrate
radio.1.mode=master 
radio.1
.polling=disabled 
radio.1
.rate.auto=enabled 
radio.1
.rate.mcs=auto 
radio.1
.rts=off 
radio.1
.status=enabled 
radio.1
.subsystemid=0xe202 
radio.1
.thresh62a
radio.1.thresh62b
radio.1.thresh62g
radio.1.txpower=10 
radio
.countrycode=840 
radio
.status=enabled 
resolv
.host.1.name=UBNT 
resolv
.host.1.status=enabled 
resolv
.nameserver.1.ip=0.0.0.0 
resolv
.nameserver.1.status=enabled 
resolv
.nameserver.2.status=disabled 
resolv
.status=enabled 
route.1
.devname=br0 
route.1
.gateway=192.168.1.20 
route.1
.ip=0.0.0.0 
route.1
.netmask=
route.1
.status=enabled 
route
.status=enabled 
snmp
.status=disabled 
sshd
.port=22 
sshd
.status=disabled 
syslog
.remote.status
syslog.status=disabled 
telnetd
.status=disabled 
tshaper
.status=disabled 
users.1
.name=ubnt 
users.1
.password=VvpvCwhccFv6Q 
users.1
.status=enabled 
users.2
.status=disabled 
users
.status=enabled 
wireless.1
.addmtikie=disabled 
wireless.1
.ap
wireless.1.authmode=
wireless.1
.compression=
wireless.1
.devname=ath0 
wireless.1
.fastframes=
wireless.1
.frameburst=
wireless.1
.hide_ssid=disabled 
wireless.1
.l2_isolation=enabled 
wireless.1
.mac_acl.1.mac
wireless.1.mac_acl.1.status=disabled 
wireless.1
.mac_acl.10.mac
wireless.1.mac_acl.10.status=disabled 
wireless.1
.mac_acl.11.mac
wireless.1.mac_acl.11.status=disabled 
wireless.1
.mac_acl.12.mac
wireless.1.mac_acl.12.status=disabled 
wireless.1
.mac_acl.13.mac
wireless.1.mac_acl.13.status=disabled 
wireless.1
.mac_acl.14.mac
wireless.1.mac_acl.14.status=disabled 
wireless.1
.mac_acl.15.mac
wireless.1.mac_acl.15.status=disabled 
wireless.1
.mac_acl.16.mac
wireless.1.mac_acl.16.status=disabled 
wireless.1
.mac_acl.2.mac
wireless.1.mac_acl.2.status=disabled 
wireless.1
.mac_acl.3.mac
wireless.1.mac_acl.3.status=disabled 
wireless.1
.mac_acl.4.mac
wireless.1.mac_acl.4.status=disabled 
wireless.1
.mac_acl.5.mac
wireless.1.mac_acl.5.status=disabled 
wireless.1
.mac_acl.6.mac
wireless.1.mac_acl.6.status=disabled 
wireless.1
.mac_acl.7.mac
wireless.1.mac_acl.7.status=disabled 
wireless.1
.mac_acl.8.mac
wireless.1.mac_acl.8.status=disabled 
wireless.1
.mac_acl.9.mac
wireless.1.mac_acl.9.status=disabled 
wireless.1
.mac_acl.policy=allow 
wireless.1
.mac_acl.status=disabled 
wireless.1
.macclone=disabled 
wireless.1
.security=none 
wireless.1
.signal_led1=94 
wireless.1
.signal_led2=80 
wireless.1
.signal_led3=73 
wireless.1
.signal_led4=65 
wireless.1
.ssid=ubnt 
wireless.1
.status=enabled 
wireless.1
.wds=disabled 
wireless.1
.wmm=enabled 
wireless.1
.wmmlevel
wireless.status=enabled 
wpasupplicant
.device.1.status=disabled 
wpasupplicant
.status=disabled  

Depois salve e upa devolta para o ap ubnt.
FAçan o teste e vejan que melhora e muito 
Para versoes 5.5.x
ebtables.5.comment=Drop IPV6
ebtables.5.cmd=-A FIREWALL -i eth0 -p 0x86DD -j DROP
ebtables.5.status=enabled
ebtables.4.comment=Drop IPV4
ebtables.4.cmd=-A FIREWALL -i eth0 -p 0x0800 -j DROP
ebtables.4.status=enabled
ebtables.3.comment=
ebtables.3.cmd=-P FORWARD DROP 
ebtables.3.status=enabled
ebtables.2.comment=PPPoE Discovery Stage
ebtables.2.cmd=-A FORWARD -p 0x8864 -j ACCEPT 
ebtables.2.status=enabled
ebtables.1.comment=PPPoE Session Stage
ebtables.1.cmd=-A FORWARD -p 0x8863 -j ACCEPT 
ebtables.1.status=enabled
Lenbrando que esse ultimo tem> que abilitar o firewall
creditos Leonardo Silva

Para adicionar comentários, você deve ser membro de MK-AUTH.

Join MK-AUTH

Enviar-me um email quando as pessoas responderem –

Respostas

  • e em Hotspot, como seria, qual a ultilidade amigo ? se possivel esclarecer.

  • Não serve pra hotspot não, so so passar trafego tunelado por pppoe, pra evitar trafego que não seja pppoe...

  • muito bom...

    vc ja ta rodando o seu ap brid a quanto tempo com essa configuração.

  • Rogerio vc sabe amigo como bloquear um cliente conectar um servidor pppoe no radio ubiquiti e ficar atrapalhando...

    Rogerio Alves disse:

    Não serve pra hotspot não, so so passar trafego tunelado por pppoe, pra evitar trafego que não seja pppoe...

  • vc ja ta rodando o seu ap brid a quanto tempo com essa configuração.

  • uso a 1ano sem trafego indesejado Aki me resolveu um montao de problemas 

  • mais isso server para toda linha ubnt

  • Todas so nao sei  se vai funcionar com os dois ultimos firmeware.

  • na 5.5.2 fica eu coloquei e fiquei tendo acesso ao radio..de uma olhada

    aaa.1.br.devname=br0
    aaa.1.devname=ath0
    aaa.1.driver=madwifi
    aaa.1.radius.acct.1.status=disabled
    aaa.1.radius.auth.1.status=disabled
    aaa.1.radius.macacl.status=disabled
    aaa.1.ssid= tecnetsolardasgaivotas
    aaa.1.status=disabled
    aaa.1.wpa.1.pairwise=TKIP
    aaa.1.wpa.key.1.mgmt=WPA-PSK
    aaa.1.wpa.mode=2
    aaa.1.wpa.psk= kwqrt67843loanh3251O
    aaa.status=disabled
    bridge.1.devname=br0
    bridge.1.fd=1
    bridge.1.port.1.devname=eth0
    bridge.1.port.1.prio=10
    bridge.1.port.1.status=enabled
    bridge.1.port.2.devname=ath0
    bridge.1.port.2.prio=30
    bridge.1.port.2.status=enabled
    bridge.1.status=enabled
    bridge.1.stp.status=disabled
    bridge.status=enabled
    dhcpc.1.devname=br0
    dhcpc.1.status=disabled
    dhcpc.status=disabled
    dhcpd.status=disabled
    discovery.status=enabled
    dnsmasq.1.devname=eth0
    dnsmasq.1.status=enabled
    dnsmasq.status=disabled
    dyndns.status=disabled
    ebtables.status=enabled
    ebtables.sys.arpnat.1.devname=ath0
    ebtables.sys.arpnat.1.status=enabled
    ebtables.sys.arpnat.status=disabled
    ebtables.sys.eap.status=disabled
    ebtables.sys.status=enabled
    ebtables.sys.vlan.status=disabled
    ebtables.4.cmd=-A FORWARD -p 0x8863 -j ACCEPT
    ebtables.4.status=enabled
    ebtables.5.cmd=-A FORWARD -p 0x8864 -j ACCEPT
    ebtables.5.status=enabled
    ebtables.6.cmd=-P FORWARD DROP
    ebtables.6.status=enabled
    ebtables.7.cmd=-A INPUT -p 0x0800 --in-interface ath0 -j DROP
    ebtables.7.status=enabled
    gui.language=pt_PT
    httpd.https.status=disabled
    httpd.port=6622
    httpd.session.timeout=900
    httpd.status=enabled
    igmpproxy.status=disabled
    iptables.status=disabled
    netconf.1.autoip.status=disabled
    netconf.1.autoneg=enabled
    netconf.1.devname=eth0
    netconf.1.duplex=enabled
    netconf.1.hwaddr.mac=
    netconf.1.hwaddr.status=disabled
    netconf.1.ip=0.0.0.0
    netconf.1.mtu=1500
    netconf.1.netmask=255.255.255.0
    netconf.1.promisc=enabled
    netconf.1.role=bridge_port
    netconf.1.speed=100
    netconf.1.status=enabled
    netconf.1.up=enabled
    netconf.2.allmulti=disabled
    netconf.2.autoip.status=disabled
    netconf.2.devname=ath0
    netconf.2.hwaddr.mac=
    netconf.2.hwaddr.status=disabled
    netconf.2.ip=0.0.0.0
    netconf.2.mtu=1500
    netconf.2.netmask=255.255.255.0
    netconf.2.promisc=enabled
    netconf.2.role=bridge_port
    netconf.2.status=enabled
    netconf.2.up=enabled
    netconf.3.autoip.status=enabled
    netconf.3.devname=br0
    netconf.3.hwaddr.mac=
    netconf.3.hwaddr.status=disabled
    netconf.3.ip=192.168.60.44
    netconf.3.mtu=1500
    netconf.3.netmask=255.255.255.0
    netconf.3.role=mlan
    netconf.3.status=enabled
    netconf.3.up=enabled
    netconf.status=enabled
    netmode=bridge
    ntpclient.status=disabled
    ppp.status=disabled
    pwdog.status=disabled
    radio.1.ack.auto=enabled
    radio.1.ackdistance=1500
    radio.1.acktimeout=31
    radio.1.ampdu.bytes=50000
    radio.1.ampdu.frames=32
    radio.1.ampdu.status=enabled
    radio.1.antenna.gain=17
    radio.1.antenna.id=
    radio.1.cable.loss=0
    radio.1.chanbw=0
    radio.1.chanshift=5
    radio.1.clksel=1
    radio.1.countrycode=511
    radio.1.cwm.enable=0
    radio.1.cwm.mode=0
    radio.1.devname=ath0
    radio.1.dfs.status=disabled
    radio.1.forbiasauto=0
    radio.1.freq=5405
    radio.1.ieee_mode=11naht20
    radio.1.low_txpower_mode=disabled
    radio.1.mcastrate=15
    radio.1.mode=master
    radio.1.obey=disabled
    radio.1.polling=enabled
    radio.1.pollingnoack=0
    radio.1.pollingpri=
    radio.1.rate.auto=disabled
    radio.1.rate.mcs=4
    radio.1.reg_obey=disabled
    radio.1.rts=off
    radio.1.status=enabled
    radio.1.subsystemid=0xe1b5
    radio.1.thresh62a=
    radio.1.thresh62b=
    radio.1.thresh62g=
    radio.1.txpower=24
    radio.countrycode=511
    radio.status=enabled
    resolv.host.1.name=transmisor charles1
    resolv.host.1.status=enabled
    resolv.nameserver.1.ip=
    resolv.nameserver.1.status=disabled
    resolv.nameserver.2.ip=
    resolv.nameserver.2.status=disabled
    resolv.nameserver.status=enabled
    resolv.status=enabled
    route.1.comment=
    route.1.devname=br0
    route.1.gateway=192.168.1.1
    route.1.ip=0.0.0.0
    route.1.netmask=0
    route.1.status=enabled
    route.status=enabled
    snmp.status=disabled
    sshd.auth.passwd=enabled
    sshd.port=8888
    sshd.status=enabled
    syslog.remote.status=
    syslog.status=disabled
    system.button.reset=enabled
    system.cfg.version=65540
    system.date.status=disabled
    system.date.timestamp=
    system.eirp.status=enabled
    system.latitude=
    system.longitude=
    system.timezone=GMT
    telnetd.status=disabled
    tshaper.1.devname=ath0
    tshaper.1.input.burst=0
    tshaper.1.input.cburst=0
    tshaper.1.input.rate=512
    tshaper.1.input.status=enabled
    tshaper.1.output.burst=0
    tshaper.1.output.cburst=0
    tshaper.1.output.rate=512
    tshaper.1.output.status=enabled
    tshaper.1.status=enabled
    tshaper.2.devname=eth0
    tshaper.2.input.burst=0
    tshaper.2.input.cburst=0
    tshaper.2.input.rate=512
    tshaper.2.input.status=enabled
    tshaper.2.output.burst=0
    tshaper.2.output.cburst=0
    tshaper.2.output.rate=512
    tshaper.2.output.status=enabled
    tshaper.2.status=enabled
    tshaper.status=disabled
    update.check.status=disabled
    users.1.name=xcharlesx
    users.1.password=DdNOEtKJhg69g
    users.1.status=enabled
    users.2.status=disabled
    users.status=enabled
    vlan.status=disabled
    wireless.1.addmtikie=disabled
    wireless.1.ap=
    wireless.1.authmode=1
    wireless.1.autowds=disabled
    wireless.1.compression=0
    wireless.1.devname=ath0
    wireless.1.fastframes=0
    wireless.1.frameburst=0
    wireless.1.hide_ssid=enabled
    wireless.1.l2_isolation=disabled
    wireless.1.mac_acl.1.comment=
    wireless.1.mac_acl.1.mac=00:27:22:B6:7E:1A
    wireless.1.mac_acl.1.status=enabled
    wireless.1.mac_acl.2.comment=
    wireless.1.mac_acl.2.mac=00:27:22:B6:75:18
    wireless.1.mac_acl.2.status=enabled
    wireless.1.mac_acl.policy=allow
    wireless.1.mac_acl.status=disabled
    wireless.1.macclone=disabled
    wireless.1.mcast.enhance=0
    wireless.1.scan_list.channels=5405
    wireless.1.scan_list.status=enabled
    wireless.1.security.type=none
    wireless.1.sens=0
    wireless.1.signal_led1=94
    wireless.1.signal_led2=80
    wireless.1.signal_led3=73
    wireless.1.signal_led4=65
    wireless.1.signal_led_status=enabled
    wireless.1.ssid=  tecnet 1O charles1  
    wireless.1.status=enabled
    wireless.1.wds.1.peer=
    wireless.1.wds.2.peer=
    wireless.1.wds.3.peer=
    wireless.1.wds.4.peer=
    wireless.1.wds.5.peer=
    wireless.1.wds.6.peer=
    wireless.1.wds.status=enabled
    wireless.1.wmm=enabled
    wireless.1.wmmlevel=
    wireless.status=enabled
    wpasupplicant.device.1.status=disabled
    wpasupplicant.profile.1.network.1.psk= kwqrt67843loanh3251O
    wpasupplicant.status=disabled

  • amigo sei que não tem anda aver com o seu post mais vc sabe como reseta a nanobrideg m5 pois vejo o botão de resetar e no poe tbm não tem e eu não sei a senha

This reply was deleted.