Sunday, January 14, 2018

Ubiquiti Unifi Controller on Ubuntu LTS

Plenty of stuff you can find on the internet.
But for my own references:

Basic Ubuntu LTS installation.
If you’re on a public ip, first get your firewall in order. Then install Unifi.

Make sure you’re root (sudo -s), then:

apt-get install netfilter-persistent
service netfilter-persistent start
invoke-rc.d netfilter-persistent save
mkdir /etc/iptables/

In this example: = trusted machine that is allowed to connect to the Unifi controller. Probably your own pc = site 1 with AP’s and other ubiquiti stuff = site 2 with AP’s and other ubiquiti stuff

Ports tcp/8080 and udp/3478 are all you need between your ubiquiti equipment and your controller (see link)

Save the following to and execute (replace ip’s with real ip’s):


# Resetting ...
iptables -P INPUT ACCEPT
iptables -F

# Setting default policy on incoming traffic
iptables -P INPUT DROP                                                  # DENY INCOMING CONNECTIONS
iptables -P FORWARD DROP                                                # THIS IS NOT A ROUTER

# Exceptions to default policy
iptables -A INPUT -i lo -j ACCEPT                                       # MUSTHAVE (e.g. for MongoDB bind to localhost)
iptables -A INPUT -p tcp --dport 22 -j ACCEPT                           # SSH
iptables -A INPUT -p icmp --icmp-type 8 -j ACCEPT                       # PING

# unify test
iptables -A INPUT -p tcp --dport 8443 -s -j ACCEPT       # Connections from management host

iptables -A INPUT -p tcp --dport 8080 -s -j ACCEPT       # UNIFI - INFORM - site1
iptables -A INPUT -p udp --dport 3478 -s -j ACCEPT       # UNIFI - STUN   - site1
iptables -A INPUT -p tcp --dport 8080 -s -j ACCEPT        # UNIFI - INFORM - site2
iptables -A INPUT -p udp --dport 3478 -s -j ACCEPT        # UNIFI - STUN   - site2

# Make persistent
iptables-save >/etc/iptables/rules.v4

Install Unifi
Make sure you’re root (sudo -s), then:

echo 'deb stable ubiquiti' | sudo tee /etc/apt/sources.list.d/100-ubnt-unifi.list
apt-key adv --keyserver --recv 06E85760C0A52C50
apt-get update
apt-get install unifi

.. last but not least, go to: https://ipaddress:8443/