Need TTL custom rules help
Posted: Wed Sep 16, 2020 3:42 pm
BigMac79 wrote: ↑Tue Sep 15, 2020 7:45 pm
OK. So here's the update so that maybe it can help someone else. I did not have to reflash. What I did have to do was some trial and error with my custom rules thanks to some posts on this site and the FB site. These custom rules below now have me pinging ttl 117 with no errors in my iptables/ip6tables when I run <root@WiFiX:~# /etc/init.d/firewall restart> like I was getting before.
Most importantly I've also completely stopped leaking hotspot data since I inserted the new custom rules and had no impact to performance. Thanks for all the help and guidance and others on the sites who have unknowingly contributed. Here's the custom rules:
#start TTL rules
iptables -t mangle -I POSTROUTING -j TTL --ttl-set 117
iptables -t mangle -I PREROUTING -j TTL --ttl-set 117
ip6tables -t mangle -A POSTROUTING -o wwan0 -j HL --hl-set 117
ip6tables -t mangle -I PREROUTING -i wwan0 -j HL --hl-set 117
#end TTL rules
Note: Running WG3526P, EM12G modem on Verizon.--end of quote--
----------------------------------------------------------------
sorry I posted in 2 different places, hotspot, and routers
I am having kinda the same problem, it has been a thorn in my side for sometime, and NOT being real savvy, but really trying, and reading until my eyes bleed.
I have a WE826 T2, running a Verizon sim, with a unlimited tablet plan. I had changed the TTL to 117 a good while ago, and thought all was good-not.
I have been following this thread above, and many others, to try and figure out why I was using hotspot data, I did NOT even know how to ping my router, I do now, and it returned a value of 64.
When I go to my (custom rules) tab, this what I see. Do I need to paste in the last TTL settings in your post, and get rid of all the other (stuff) in mine? I have not learned the AT commands, so bear with me, I wanted to just paste in what you posted, but did not know if I needed any of that other stuff.
All help greatly appreciated, Rocky
ps: disclaimer, I did not build, or flash this router, not crying in my root beer, but have bad eyes, glaucoma
# This file is interpreted as shell script.
# Put your custom iptables rules here, they will
# be executed with each firewall (re-)start.
# Internal uci firewall chains are flushed and recreated on reload, so
# put custom rules into the root chains e.g. INPUT or FORWARD or into the
# special user chains, e.g. input_wan_rule or postrouting_lan_rule.
iptables -t mangle -I POSTROUTING -o wwan0 -j TTL --ttl-set 117
iptables -t mangle -I PREROUTING -i wwan0 -j TTL --ttl-set 117#startTTL
iptables -t mangle -I POSTROUTING -o wwan0 -j TTL --ttl-set 65
iptables -t mangle -I PREROUTING -i wwan0 -j TTL --ttl-set 65
#endTTL
OK. So here's the update so that maybe it can help someone else. I did not have to reflash. What I did have to do was some trial and error with my custom rules thanks to some posts on this site and the FB site. These custom rules below now have me pinging ttl 117 with no errors in my iptables/ip6tables when I run <root@WiFiX:~# /etc/init.d/firewall restart> like I was getting before.
Most importantly I've also completely stopped leaking hotspot data since I inserted the new custom rules and had no impact to performance. Thanks for all the help and guidance and others on the sites who have unknowingly contributed. Here's the custom rules:
#start TTL rules
iptables -t mangle -I POSTROUTING -j TTL --ttl-set 117
iptables -t mangle -I PREROUTING -j TTL --ttl-set 117
ip6tables -t mangle -A POSTROUTING -o wwan0 -j HL --hl-set 117
ip6tables -t mangle -I PREROUTING -i wwan0 -j HL --hl-set 117
#end TTL rules
Note: Running WG3526P, EM12G modem on Verizon.--end of quote--
----------------------------------------------------------------
sorry I posted in 2 different places, hotspot, and routers
I am having kinda the same problem, it has been a thorn in my side for sometime, and NOT being real savvy, but really trying, and reading until my eyes bleed.
I have a WE826 T2, running a Verizon sim, with a unlimited tablet plan. I had changed the TTL to 117 a good while ago, and thought all was good-not.
I have been following this thread above, and many others, to try and figure out why I was using hotspot data, I did NOT even know how to ping my router, I do now, and it returned a value of 64.
When I go to my (custom rules) tab, this what I see. Do I need to paste in the last TTL settings in your post, and get rid of all the other (stuff) in mine? I have not learned the AT commands, so bear with me, I wanted to just paste in what you posted, but did not know if I needed any of that other stuff.
All help greatly appreciated, Rocky
ps: disclaimer, I did not build, or flash this router, not crying in my root beer, but have bad eyes, glaucoma
# This file is interpreted as shell script.
# Put your custom iptables rules here, they will
# be executed with each firewall (re-)start.
# Internal uci firewall chains are flushed and recreated on reload, so
# put custom rules into the root chains e.g. INPUT or FORWARD or into the
# special user chains, e.g. input_wan_rule or postrouting_lan_rule.
iptables -t mangle -I POSTROUTING -o wwan0 -j TTL --ttl-set 117
iptables -t mangle -I PREROUTING -i wwan0 -j TTL --ttl-set 117#startTTL
iptables -t mangle -I POSTROUTING -o wwan0 -j TTL --ttl-set 65
iptables -t mangle -I PREROUTING -i wwan0 -j TTL --ttl-set 65
#endTTL