BigMac79 wrote: ↑Tue Sep 15, 2020 7:45 pm
OK. So here's the update so that maybe it can help someone else. I did not have to reflash. What I did have to do was some trial and error with my custom rules thanks to some posts on this site and the FB site. These custom rules below now have me pinging ttl 117 with no errors in my iptables/ip6tables when I run <root@WiFiX:~# /etc/init.d/firewall restart> like I was getting before.
Most importantly I've also completely stopped leaking hotspot data since I inserted the new custom rules and had no impact to performance. Thanks for all the help and guidance and others on the sites who have unknowingly contributed. Here's the custom rules:
#start TTL rules
iptables -t mangle -I POSTROUTING -j TTL --ttl-set 117
iptables -t mangle -I PREROUTING -j TTL --ttl-set 117
ip6tables -t mangle -A POSTROUTING -o wwan0 -j HL --hl-set 117
ip6tables -t mangle -I PREROUTING -i wwan0 -j HL --hl-set 117
#end TTL rules
Note: Running WG3526P, EM12G modem on Verizon.--end of quote--
----------------------------------------------------------------
sorry I posted in 2 different places, hotspot, and routers
I am having kinda the same problem, it has been a thorn in my side for sometime, and NOT being real savvy, but really trying, and reading until my eyes bleed.
I have a WE826 T2, running a Verizon sim, with a unlimited tablet plan. I had changed the TTL to 117 a good while ago, and thought all was good-not.
I have been following this thread above, and many others, to try and figure out why I was using hotspot data, I did NOT even know how to ping my router, I do now, and it returned a value of 64.
When I go to my (custom rules) tab, this what I see. Do I need to paste in the last TTL settings in your post, and get rid of all the other (stuff) in mine? I have not learned the AT commands, so bear with me, I wanted to just paste in what you posted, but did not know if I needed any of that other stuff.
All help greatly appreciated, Rocky
ps: disclaimer, I did not build, or flash this router, not crying in my root beer, but have bad eyes, glaucoma
# This file is interpreted as shell script.
# Put your custom iptables rules here, they will
# be executed with each firewall (re-)start.
# Internal uci firewall chains are flushed and recreated on reload, so
# put custom rules into the root chains e.g. INPUT or FORWARD or into the
# special user chains, e.g. input_wan_rule or postrouting_lan_rule.
iptables -t mangle -I POSTROUTING -o wwan0 -j TTL --ttl-set 117
iptables -t mangle -I PREROUTING -i wwan0 -j TTL --ttl-set 117#startTTL
iptables -t mangle -I POSTROUTING -o wwan0 -j TTL --ttl-set 65
iptables -t mangle -I PREROUTING -i wwan0 -j TTL --ttl-set 65
#endTTL
Need TTL custom rules help
Forum rules
Please assure there is not an existing forum and topic related to your post
Please assure there is not an existing forum and topic related to your post
- terryjett
- Posts: 404
- Joined: Tue Sep 24, 2019 10:42 pm
- Location: Far Side
- Has thanked: 104 times
- Been thanked: 91 times
- Contact:
Re: Need TTL custom rules help
Hey, those rules look really familiar, seen those somewhere around here...When I go to my (custom rules) tab, this what I see. Do I need to paste in the last TTL settings in your post, and get rid of all the other (stuff) in mine? I have not learned the AT commands, so bear with me, I wanted to just paste in what you posted, but did not know if I needed any of that other stuff.
Make sure the only rules you have active are the ones you have shown above.
If there are any others, place a # in front of each existing line. That way you can see the mods and those lines with the # will not be executed.#start TTL rules
iptables -t mangle -I POSTROUTING -j TTL --ttl-set 117
iptables -t mangle -I PREROUTING -j TTL --ttl-set 117
ip6tables -t mangle -A POSTROUTING -o wwan0 -j HL --hl-set 117
ip6tables -t mangle -I PREROUTING -i wwan0 -j HL --hl-set 117
#end TTL rules
Keep in mind the value 117 is for Verizon. You can also try 116 or 118 for them. Others to try are 65/64 if on other carriers.
-
- Posts: 102
- Joined: Thu Mar 07, 2019 8:35 am
- Location: MO
- Has thanked: 43 times
- Been thanked: 25 times
Re: Need TTL custom rules help
NO disrespect to anyone on this board, I'm trying to glean a fix for my long ongoing problem of using hotspot data. So in trying to figure it out. I did not intentionally chose this TTL settings without giving proper credit to who ever originally posted it.
I just need to know if I should use the rules like this--and not all that other stuff.
#start TTL rules
iptables -t mangle -I POSTROUTING -j TTL --ttl-set 117
iptables -t mangle -I PREROUTING -j TTL --ttl-set 117
ip6tables -t mangle -A POSTROUTING -o wwan0 -j HL --hl-set 117
ip6tables -t mangle -I PREROUTING -i wwan0 -j HL --hl-set 117
#end TTL rules
or all that other stuff that is in my TTL rules---
also, I would really appreciate if someone would line me out on the correct procedure.
All help is greatly appreciated, Rocky
I just need to know if I should use the rules like this--and not all that other stuff.
#start TTL rules
iptables -t mangle -I POSTROUTING -j TTL --ttl-set 117
iptables -t mangle -I PREROUTING -j TTL --ttl-set 117
ip6tables -t mangle -A POSTROUTING -o wwan0 -j HL --hl-set 117
ip6tables -t mangle -I PREROUTING -i wwan0 -j HL --hl-set 117
#end TTL rules
or all that other stuff that is in my TTL rules---
also, I would really appreciate if someone would line me out on the correct procedure.
All help is greatly appreciated, Rocky
- terryjett
- Posts: 404
- Joined: Tue Sep 24, 2019 10:42 pm
- Location: Far Side
- Has thanked: 104 times
- Been thanked: 91 times
- Contact:
Re: Need TTL custom rules help
Wow, sorry. Did not mean anything, just a simple joke and trying to help.NO disrespect to anyone on this board, I'm trying to glean a fix for my long ongoing problem of using hotspot data. So in trying to figure it out. I did not intentionally chose this TTL settings without giving proper credit to who ever originally posted it.
Looks like I cannot help, will stand down and allow you to get the help you need.
Sorry.
-
- Posts: 102
- Joined: Thu Mar 07, 2019 8:35 am
- Location: MO
- Has thanked: 43 times
- Been thanked: 25 times
Re: Need TTL custom rules help
The internet is a great learning tool, but sometimes a word or gesture is misunderstood, as we do not see, or hear how it was meant. I do need help.terryjett wrote: Wed Sep 16, 2020 9:08 pm Wow, sorry. Did not mean anything, just a simple joke and trying to help.
Looks like I cannot help, will stand down and allow you to get the help you need.
Sorry.
I'm not asking to be spoon feed--but do need help in how to do my TTL--custom rules--I'm lost. This what I have right now, it did return a ping of (117)--but will NOT let me do a restart firewall, it is grayed out, I know there has to be something wrong.
many thanks , Rocky
# This file is interpreted as shell script.
# Put your custom iptables rules here, they will
# be executed with each firewall (re-)start.
# Internal uci firewall chains are flushed and recreated on reload, so
# put custom rules into the root chains e.g. INPUT or FORWARD or into the
# special user chains, e.g. input_wan_rule or postrouting_lan_rule.
#start TTL rules
iptables -t mangle -I POSTROUTING -j TTL --ttl-set 117
iptables -t mangle -I PREROUTING -j TTL --ttl-set 117
ip6tables -t mangle -A POSTROUTING -o wwan0 -j HL --hl-set 117
ip6tables -t mangle -I PREROUTING -i wwan0 -j HL --hl-set 117
#end TTL rules
-
- Posts: 1
- Joined: Mon Jan 11, 2021 3:32 pm
- Has thanked: 0
- Been thanked: 0
Re: Need TTL custom rules help
Hey there RockyinNM!
Thanks for posting the custom TTL rules. I've added them to my setup but have a few more questions for you, if you're open to it?
Looking to find out what the custom DNS and APN settings might be for Verizon's standalone iPad plan?
Here's what I have so far, which hasn't really worked for me yet.
CUSTOM DNS SETTINGS: 8.8.8.8 / 8.8.4.4
APN: VZWINTERNET
CUSTOM TTL SETTINGS: 117
CUSTOM RULES:
#start TTL rules
iptables -t mangle -I POSTROUTING -j TTL --ttl-set 117
iptables -t mangle -I PREROUTING -j TTL --ttl-set 117
ip6tables -t mangle -A POSTROUTING -o wwan0 -j HL --hl-set 117
ip6tables -t mangle -I PREROUTING -i wwan0 -j HL --hl-set 117
#end TTL rules
Even though I've got most of the settings correct, from what I can see, I'm still not able to get online. Any ideas or modifications I should make?
Not sure this helps, but here's the hardware I currently have.
Router: WG1608D-M 5G Ready Cellular Gigabit Router with Dual Band (2.4GHz-5.8GHz) WiFi
Modem: Quectel EM160R-GL CAT16 M.2 Modem
Antenna: 700-3800MHz Cellular 8dBi Directional 4x4 MIMO Antenna (± 45°) N Female Connectors
Thanks for posting the custom TTL rules. I've added them to my setup but have a few more questions for you, if you're open to it?
Looking to find out what the custom DNS and APN settings might be for Verizon's standalone iPad plan?
Here's what I have so far, which hasn't really worked for me yet.
CUSTOM DNS SETTINGS: 8.8.8.8 / 8.8.4.4
APN: VZWINTERNET
CUSTOM TTL SETTINGS: 117
CUSTOM RULES:
#start TTL rules
iptables -t mangle -I POSTROUTING -j TTL --ttl-set 117
iptables -t mangle -I PREROUTING -j TTL --ttl-set 117
ip6tables -t mangle -A POSTROUTING -o wwan0 -j HL --hl-set 117
ip6tables -t mangle -I PREROUTING -i wwan0 -j HL --hl-set 117
#end TTL rules
Even though I've got most of the settings correct, from what I can see, I'm still not able to get online. Any ideas or modifications I should make?
Not sure this helps, but here's the hardware I currently have.
Router: WG1608D-M 5G Ready Cellular Gigabit Router with Dual Band (2.4GHz-5.8GHz) WiFi
Modem: Quectel EM160R-GL CAT16 M.2 Modem
Antenna: 700-3800MHz Cellular 8dBi Directional 4x4 MIMO Antenna (± 45°) N Female Connectors
- Didneywhorl
- Posts: 3646
- Joined: Fri Mar 23, 2018 5:37 pm
- Location: USA
- Has thanked: 1370 times
- Been thanked: 764 times
- Contact:
Re: Need TTL custom rules help
Honestly, unless your EM160 is registered as the device on the plan, or the EM160 is disguised as the ipad on your plan, Verizon will likely be actively blocking the connection on their end. You may want to test the SIM in the ipad to make sure it still gets connected.
-
- Posts: 4
- Joined: Tue Dec 22, 2020 12:51 pm
- Has thanked: 4 times
- Been thanked: 1 time
Re: Need TTL custom rules help
Here is what has worked for me...and it is from advice received from other posts on this forum.
I have a Verizon iPad plan, a WE826 router flashed to current GoldenOrb firmware, and a EM06-A modem.
I start up the router without any setting changes, other than the Verizon SIM is inserted.
I can see the Verizon SIM has registered.
I then change the APN to VZWINTERNET, save that change.
Next I add the following custom rules in the firewall section of the config, then apply them.
#ipv6ttlfix
ip6tables -t mangle -I POSTROUTING -o wwan0 -j HL --hl-set 117
ip6tables -t mangle -I PREROUTING -i wwan0 -j HL --hl-set 117
#startTTL
iptables -t mangle -I POSTROUTING -o wwan0 -j TTL --ttl-set 117
iptables -t mangle -I PREROUTING -i wwan0 -j TTL --ttl-set 117
#endTTL
After that, my router is connected correctly, traffic is flowing, and in all of the testing I have done, the traffic does NOT show up as hotspot data.
A little more manual than I would like...and open to suggestions on how to improve...but, it does work.
Thanks...David
I have a Verizon iPad plan, a WE826 router flashed to current GoldenOrb firmware, and a EM06-A modem.
I start up the router without any setting changes, other than the Verizon SIM is inserted.
I can see the Verizon SIM has registered.
I then change the APN to VZWINTERNET, save that change.
Next I add the following custom rules in the firewall section of the config, then apply them.
#ipv6ttlfix
ip6tables -t mangle -I POSTROUTING -o wwan0 -j HL --hl-set 117
ip6tables -t mangle -I PREROUTING -i wwan0 -j HL --hl-set 117
#startTTL
iptables -t mangle -I POSTROUTING -o wwan0 -j TTL --ttl-set 117
iptables -t mangle -I PREROUTING -i wwan0 -j TTL --ttl-set 117
#endTTL
After that, my router is connected correctly, traffic is flowing, and in all of the testing I have done, the traffic does NOT show up as hotspot data.
A little more manual than I would like...and open to suggestions on how to improve...but, it does work.
Thanks...David