[arm-allstar] Using an Apple AirPort Extreme router

Wed Jan 12 07:00:03 EST 2022

Agreed 100% here.
DMZ should be used only in extremely specialized cases, and where
security is of no concern.
Why it is still a feature in consumer routers, or not locked down by
expert-class superlogin and red flashing warnings and agreements, I
don't know.
I strongly suggest that you disable DMZ immediately, and only forward
the ports that you wish to be exposed to the world wide Internet.
The security conscious would ultimately set up a secure tunnel via VPN
or reverse SSH, and only expose the tunnel with strong authentication
to the Internet.
Alternatively, a firewall can be configured for port knocking, in
which you can make a pre-configured number of connections to a
pre-configured port or ports, and once completed the sequence, the
firewall opens the port or ports defined.

But SSH with a very secure password is ok enough, if nothing else.

Also, keep in mind that by registering with Allstar, your IP is
extremely easily locatable by your node number on a couple of domains
via DNS lookup.

The Internet is evil, and one should take a lockdown approach.

Adam

On 1/12/22, "Patrick Perdue via ARM-allstar" <arm-allstar at hamvoip.org> wrote:
> Why are you using a DMZ?
>
> It's always better to only open the ports you need forward-facing.
>
> Your SSH port ends in 21 and starts with the year I was born. Also
> exposed are ports 53, 68, 80, 4569, 5198 and 5199.
>
>
> On 1/10/2022 10:54 PM, "Glenn via ARM-allstar" wrote:
>> I just finished successfully setting up an Apple AirPort Extreme router to
>> use with my Asterisk Allstar Raspi.
>>
>> Here is what I learned after spending hours trying to get ssh into the
>> Raspi to work. There is an equivalent DMZ on the AirPort Extreme called
>> Default host. I logged into the AirPort Extreme and typed in the IP
>> address from checking with ifconfig wlan0 from the Raspi. I was using an
>> old Mac Book Pro laptop with High Sierra OS. Every time I typed the IP
>> address in as the Default Host on the AirPort Exteme and did an update. I
>> would get an update error message and the Default host IP address would
>> not change. I did some reading online and found a post stating to try
>> using an iPad to make changes and update an AirPort Extreme. I tried using
>> my iPhone and The Default Host IP address I typed in changed after a
>> successful update using my iPhone. I have no idea why my Macbook Pro
>> laptop did not work? I hope this may help someone else trying to use an
>> AirPort Extreme router. I can now ssh into my Raspi inside and outside my
>> local network!
>>
>> Glenn WA7SPY
>> _______________________________________________
>>
>> ARM-allstar mailing list
>> ARM-allstar at hamvoip.org
>> http://lists.hamvoip.org/cgi-bin/mailman/listinfo/arm-allstar
>>
>> Visit the BBB and RPi2/3/4 web page - http://hamvoip.org
> _______________________________________________
>
> ARM-allstar mailing list
> ARM-allstar at hamvoip.org
> http://lists.hamvoip.org/cgi-bin/mailman/listinfo/arm-allstar
>
> Visit the BBB and RPi2/3/4 web page - http://hamvoip.org
>

-- 

Best Regards,
Adam MacLeod