Menu
What's new
By:
Filters Better Search

Failover to USB mobile modem with limited access

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

A

a8ree

New Around Here
I've got a few devices that I'd like to route over 3G in the event that the wired line is unavailable. I wouldn't want devices accessing streaming services, downloads etc. (Cost prohibitive) but, for VOIP and home automation systems, I'd like to keep these online.

Is there a way in which to do this?
 
a8ree said:
I've got a few devices that I'd like to route over 3G in the event that the wired line is unavailable. I wouldn't want devices accessing streaming services, downloads etc. (Cost prohibitive) but, for VOIP and home automation systems, I'd like to keep these online.

Is there a way in which to do this?
Click to expand...
Here is a possible Dual-WAN Failover (FO) hack; with minimal scripting...i.e. one-liner! ;)

If the Network Services Filter (NSF) GUI meets your needs to accommodate your desired 3G blacklists, you can quickly build the 3G blocking rules:

e.g. 192.168.1.99 has no internet access, 192.168.1.88 can't access xxx.xxx.xxx.xxx and 192.168.1.77 cannot access any remote WEB pages etc.

Code: 
iptables  --line -t filter -nvL NSFW

Chain NSFW (1 references)
num   pkts bytes target     prot opt in     out     source               destination       
1        0     0 logdrop    tcp  --  br0    eth0    192.168.1.99         0.0.0.0/0         
2        0     0 logdrop    tcp  --  br0    eth0    192.168.2.88         xxx.xxx.xxx.xxx          
3        0     0 logdrop    tcp  --  br0    eth0    192.168.1.77         0.0.0.0/0     tcp dpt:80
4       13   793 RETURN     all  --  br0    eth0    0.0.0.0/0            0.0.0.0/0
then whilst the primary WAN0 is ACTIVE, you would need to use firewall-start to insert a simple rule to disable the 3G-only NSFW rule table.
i.e.
Code: 
iptables -I NSFW -j RETURN

iptables  --line -t filter -nvL NSFW

Chain NSFW (1 references)
num   pkts bytes target     prot opt in     out     source               destination       
1       22   318 RETURN     all  --  *      *       0.0.0.0/0            0.0.0.0/0
2        0     0 logdrop    tcp  --  br0    eth0    192.168.1.99         0.0.0.0/0         
3        0     0 logdrop    tcp  --  br0    eth0    192.168.2.88         xxx.xxx.xxx.xxx           
4        0     0 logdrop    tcp  --  br0    eth0    192.168.1.77         0.0.0.0/0     tcp dpt:80
5       81  5432 RETURN     all  --  br0    eth0    0.0.0.0/0            0.0.0.0/0
so now the three '3G-blocking' rules are ignored.

However,, when the primary WAN0 (e.g. eth0/vlan2 etc.) goes DOWN, the firmware will automatically rebuild the 3G blacklist rules but will now explicitly reference the ACTIVE 3G USB interface e.g. ppp0:
Code: 
iptables  --line -t filter -nvL NSFW

Chain NSFW (1 references)
num   pkts bytes target     prot opt in     out     source               destination       
1        0     0 logdrop    tcp  --  br0    ppp0    192.168.1.99         0.0.0.0/0         
2        0     0 logdrop    tcp  --  br0    ppp0    192.168.2.88         xxx.xxx.xxx.xxx            
3        0     0 logdrop    tcp  --  br0    ppp0    192.168.1.77         0.0.0.0/0     tcp dpt:80
4        2   116 RETURN     all  --  br0    ppp0    0.0.0.0/0            0.0.0.0/0
so no futher firewall rule/action is required.

Here is the one-line script.....

/jffs/scripts/firewall-start
Code: 
!#/bin/sh

[ "$1" != "ppp0" ] && iptables -I NSFW -j RETURN # If WAN0 is UP, then disable the 3G blocking rules

NOTE: If NSFW is already used, then you will simply need to manually insert the appropriate 3G blocking rules preferably in your own filter chain e.g. 'Block3G' which is called from the FORWARD chain.
 
Last edited:
You must log in or register to reply here.

Similar threads

A
5G modem/router with VPN support?
Replies
5
Views
551
glens
G
SR-71
Thoughts/Suggestions on Network Upgrade?
Replies
14
Views
721
jerry6
jerry6
B
Dual WAN and mesh Wifi - what's the best way to increase internet bandwidth and wifi coverage?
2
Replies
25
Views
1K
Tech9
Tech9
M
help please - can I ????
Replies
7
Views
424
glens
G
D
I am coming from a netgear R7450, trying to figure out a current equivalent with similar range
Replies
2
Views
982
dyer4789
D
Similar threads
Thread starter Title Forum Replies Date
GShlomi Using Dual-WAN failover but using the passive with a rule Asuswrt-Merlin 0
C Dual Wan issue Failover on GT-AX11000 Asuswrt-Merlin 4
A ASUS Dual WAN Failover, Then Failback, Leaves Secondary LAN in "Hot Standby" Asuswrt-Merlin 4
N dual wan failover & vpn connection Asuswrt-Merlin 5
A Notification on wan failover? SNMP trap or other? Asuswrt-Merlin 0
C How to make dnsmasq startup wait for USB mount? Asuswrt-Merlin 4
garycnew Attached USB Flash Drive Storage Not Reporting Accurate Available Space Asuswrt-Merlin 38
A More detailed USB storage device hardware info? Asuswrt-Merlin 2
V IPv6 Passthrough failure on USB WAN Asuswrt-Merlin 4
D Entware Can we check how much life a USB flashdrive has left? Asuswrt-Merlin 4

Similar threads

Latest threads

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!

Members online

Total: 895 (members: 18, guests: 877)
Top