Trying to figure something out.
My understanding (please correct me if I'm wrong) is that I don't have to worry about TTL settings if all my data is going through a VPN.
If this is true, then I shouldn't need TTL rules in my setup.... but...
What about when my VPN is not connected?
How do apply TTL / Custom Firewall rules in OpenWRT that only apply if I'm not connecting via VPN?
Here are the TTL / HL settings I'm using in my 3x modem setup.
TTL / HL Custom Rules:
Code: Select all
# MODEM 0 (AT&T Tablet Plan):
INTERFACE1 = wwan0
TTL1 =
# MODEM 1 (Tmobile 5G Home Internet Plan):
INTERFACE2 = wwan1
TTL2 =
# MODEM 2 (Verizon 5G Phone Plan):
INTERFACE2 = wwan2
TTL3 = 65
#startTTL for ipv4
iptables -t mangle -I POSTROUTING -o INTERFACE1 -j TTL --ttl-set TTL1
iptables -t mangle -I PREROUTING -i INTERFACE1 -j TTL --ttl-set TTL1
iptables -t mangle -I POSTROUTING -o INTERFACE2 -j TTL --ttl-set TTL2
iptables -t mangle -I PREROUTING -i INTERFACE2 -j TTL --ttl-set TTL2
iptables -t mangle -I POSTROUTING -o INTERFACE2 -j TTL --ttl-set TTL3
iptables -t mangle -I PREROUTING -i INTERFACE2 -j TTL --ttl-set TTL3
#endTTL
#startTTL ipv6
ip6tables -t mangle -I POSTROUTING ! -p icmpv6 -o INTERFACE1 -j HL --hl-set TTL1
ip6tables -t mangle -I PREROUTING ! -p icmpv6 -i INTERFACE1 -j HL --hl-set TTL1
ip6tables -t mangle -I POSTROUTING ! -p icmpv6 -o INTERFACE2 -j HL --hl-set TTL2
ip6tables -t mangle -I PREROUTING ! -p icmpv6 -i INTERFACE2 -j HL --hl-set TTL2
ip6tables -t mangle -I POSTROUTING ! -p icmpv6 -o INTERFACE2 -j HL --hl-set TTL3
ip6tables -t mangle -I PREROUTING ! -p icmpv6 -i INTERFACE2 -j HL --hl-set TTL3
#endTTL