Page 1 of 1

Need TTL custom rules help

Posted: Wed Sep 16, 2020 3:42 pm
by RockyinNM
BigMac79 wrote: ↑Tue Sep 15, 2020 7:45 pm
OK. So here's the update so that maybe it can help someone else. I did not have to reflash. What I did have to do was some trial and error with my custom rules thanks to some posts on this site and the FB site. These custom rules below now have me pinging ttl 117 with no errors in my iptables/ip6tables when I run <root@WiFiX:~# /etc/init.d/firewall restart> like I was getting before.

Most importantly I've also completely stopped leaking hotspot data since I inserted the new custom rules and had no impact to performance. Thanks for all the help and guidance and others on the sites who have unknowingly contributed. Here's the custom rules:

#start TTL rules
iptables -t mangle -I POSTROUTING -j TTL --ttl-set 117
iptables -t mangle -I PREROUTING -j TTL --ttl-set 117
ip6tables -t mangle -A POSTROUTING -o wwan0 -j HL --hl-set 117
ip6tables -t mangle -I PREROUTING -i wwan0 -j HL --hl-set 117
#end TTL rules

Note: Running WG3526P, EM12G modem on Verizon.--end of quote--
----------------------------------------------------------------
sorry I posted in 2 different places, hotspot, and routers


I am having kinda the same problem, it has been a thorn in my side for sometime, and NOT being real savvy, but really trying, and reading until my eyes bleed.

I have a WE826 T2, running a Verizon sim, with a unlimited tablet plan. I had changed the TTL to 117 a good while ago, and thought all was good-not.

I have been following this thread above, and many others, to try and figure out why I was using hotspot data, I did NOT even know how to ping my router, I do now, and it returned a value of 64.

When I go to my (custom rules) tab, this what I see. Do I need to paste in the last TTL settings in your post, and get rid of all the other (stuff) in mine? I have not learned the AT commands, so bear with me, I wanted to just paste in what you posted, but did not know if I needed any of that other stuff.
All help greatly appreciated, Rocky

ps: disclaimer, I did not build, or flash this router, not crying in my root beer, but have bad eyes, glaucoma

# This file is interpreted as shell script.
# Put your custom iptables rules here, they will
# be executed with each firewall (re-)start.

# Internal uci firewall chains are flushed and recreated on reload, so
# put custom rules into the root chains e.g. INPUT or FORWARD or into the
# special user chains, e.g. input_wan_rule or postrouting_lan_rule.
iptables -t mangle -I POSTROUTING -o wwan0 -j TTL --ttl-set 117
iptables -t mangle -I PREROUTING -i wwan0 -j TTL --ttl-set 117#startTTL
iptables -t mangle -I POSTROUTING -o wwan0 -j TTL --ttl-set 65
iptables -t mangle -I PREROUTING -i wwan0 -j TTL --ttl-set 65
#endTTL

Re: Need TTL custom rules help

Posted: Wed Sep 16, 2020 8:33 pm
by terryjett
When I go to my (custom rules) tab, this what I see. Do I need to paste in the last TTL settings in your post, and get rid of all the other (stuff) in mine? I have not learned the AT commands, so bear with me, I wanted to just paste in what you posted, but did not know if I needed any of that other stuff.
Hey, those rules look really familiar, seen those somewhere around here...

Make sure the only rules you have active are the ones you have shown above.
#start TTL rules
iptables -t mangle -I POSTROUTING -j TTL --ttl-set 117
iptables -t mangle -I PREROUTING -j TTL --ttl-set 117
ip6tables -t mangle -A POSTROUTING -o wwan0 -j HL --hl-set 117
ip6tables -t mangle -I PREROUTING -i wwan0 -j HL --hl-set 117
#end TTL rules
If there are any others, place a # in front of each existing line. That way you can see the mods and those lines with the # will not be executed.

Keep in mind the value 117 is for Verizon. You can also try 116 or 118 for them. Others to try are 65/64 if on other carriers.

Re: Need TTL custom rules help

Posted: Wed Sep 16, 2020 8:56 pm
by RockyinNM
NO disrespect to anyone on this board, I'm trying to glean a fix for my long ongoing problem of using hotspot data. So in trying to figure it out. I did not intentionally chose this TTL settings without giving proper credit to who ever originally posted it.

I just need to know if I should use the rules like this--and not all that other stuff.

#start TTL rules
iptables -t mangle -I POSTROUTING -j TTL --ttl-set 117
iptables -t mangle -I PREROUTING -j TTL --ttl-set 117
ip6tables -t mangle -A POSTROUTING -o wwan0 -j HL --hl-set 117
ip6tables -t mangle -I PREROUTING -i wwan0 -j HL --hl-set 117
#end TTL rules

or all that other stuff that is in my TTL rules---
also, I would really appreciate if someone would line me out on the correct procedure.
All help is greatly appreciated, Rocky

Re: Need TTL custom rules help

Posted: Wed Sep 16, 2020 9:08 pm
by terryjett
NO disrespect to anyone on this board, I'm trying to glean a fix for my long ongoing problem of using hotspot data. So in trying to figure it out. I did not intentionally chose this TTL settings without giving proper credit to who ever originally posted it.
Wow, sorry. Did not mean anything, just a simple joke and trying to help.

Looks like I cannot help, will stand down and allow you to get the help you need.

Sorry.

Re: Need TTL custom rules help

Posted: Thu Sep 17, 2020 8:04 am
by RockyinNM
terryjett wrote: Wed Sep 16, 2020 9:08 pm Wow, sorry. Did not mean anything, just a simple joke and trying to help.

Looks like I cannot help, will stand down and allow you to get the help you need.

Sorry.
The internet is a great learning tool, but sometimes a word or gesture is misunderstood, as we do not see, or hear how it was meant. I do need help. :oops:
I'm not asking to be spoon feed--but do need help in how to do my TTL--custom rules--I'm lost. This what I have right now, it did return a ping of (117)--but will NOT let me do a restart firewall, it is grayed out, I know there has to be something wrong.
many thanks , Rocky

# This file is interpreted as shell script.
# Put your custom iptables rules here, they will
# be executed with each firewall (re-)start.

# Internal uci firewall chains are flushed and recreated on reload, so
# put custom rules into the root chains e.g. INPUT or FORWARD or into the
# special user chains, e.g. input_wan_rule or postrouting_lan_rule.
#start TTL rules
iptables -t mangle -I POSTROUTING -j TTL --ttl-set 117
iptables -t mangle -I PREROUTING -j TTL --ttl-set 117
ip6tables -t mangle -A POSTROUTING -o wwan0 -j HL --hl-set 117
ip6tables -t mangle -I PREROUTING -i wwan0 -j HL --hl-set 117
#end TTL rules

Re: Need TTL custom rules help

Posted: Mon Jan 11, 2021 3:42 pm
by FimmyJallon
Hey there RockyinNM!

Thanks for posting the custom TTL rules. I've added them to my setup but have a few more questions for you, if you're open to it?

Looking to find out what the custom DNS and APN settings might be for Verizon's standalone iPad plan?

Here's what I have so far, which hasn't really worked for me yet.

CUSTOM DNS SETTINGS: 8.8.8.8 / 8.8.4.4

APN: VZWINTERNET

CUSTOM TTL SETTINGS: 117

CUSTOM RULES:
#start TTL rules
iptables -t mangle -I POSTROUTING -j TTL --ttl-set 117
iptables -t mangle -I PREROUTING -j TTL --ttl-set 117
ip6tables -t mangle -A POSTROUTING -o wwan0 -j HL --hl-set 117
ip6tables -t mangle -I PREROUTING -i wwan0 -j HL --hl-set 117
#end TTL rules

Even though I've got most of the settings correct, from what I can see, I'm still not able to get online. Any ideas or modifications I should make?

Not sure this helps, but here's the hardware I currently have.

Router: WG1608D-M 5G Ready Cellular Gigabit Router with Dual Band (2.4GHz-5.8GHz) WiFi
Modem: Quectel EM160R-GL CAT16 M.2 Modem
Antenna: 700-3800MHz Cellular 8dBi Directional 4x4 MIMO Antenna (± 45°) N Female Connectors

Re: Need TTL custom rules help

Posted: Tue Jan 12, 2021 11:01 am
by Didneywhorl
Honestly, unless your EM160 is registered as the device on the plan, or the EM160 is disguised as the ipad on your plan, Verizon will likely be actively blocking the connection on their end. You may want to test the SIM in the ipad to make sure it still gets connected.

Re: Need TTL custom rules help

Posted: Tue Jan 12, 2021 1:26 pm
by HomeTownHockeyFan
Here is what has worked for me...and it is from advice received from other posts on this forum.

I have a Verizon iPad plan, a WE826 router flashed to current GoldenOrb firmware, and a EM06-A modem.

I start up the router without any setting changes, other than the Verizon SIM is inserted.

I can see the Verizon SIM has registered.

I then change the APN to VZWINTERNET, save that change.

Next I add the following custom rules in the firewall section of the config, then apply them.

#ipv6ttlfix
ip6tables -t mangle -I POSTROUTING -o wwan0 -j HL --hl-set 117
ip6tables -t mangle -I PREROUTING -i wwan0 -j HL --hl-set 117
#startTTL
iptables -t mangle -I POSTROUTING -o wwan0 -j TTL --ttl-set 117
iptables -t mangle -I PREROUTING -i wwan0 -j TTL --ttl-set 117
#endTTL

After that, my router is connected correctly, traffic is flowing, and in all of the testing I have done, the traffic does NOT show up as hotspot data.

A little more manual than I would like...and open to suggestions on how to improve...but, it does work.

Thanks...David