FOR TIPS, gUIDES & TUTORIALS

subscribe to our Youtube

GO TO YOUTUBE

12681 questions

15064 answers

24132 comments

47091 members

0 votes
187 views 1 comments
by
I have a RUTX11 that is configured in what I would call a fairly standard way - providing regular (wired/low cost) broadband internet to a local network, with auto-failover to cellular when the wired broadband suffers an outage.

However, cellular data is a LOT more expensive than regular wired broadband and there are a number of particularly greedy clients on the local network that are not "essential" and therefore (to save costs) I would like to know if there's a way to configure the RUTX11 so that I can block internet access to these clients when the RUTX11 internet access has fallen over to the mobile/cellular internet link?

Blocking can be via IP address, IP range or MAC address - I don't mind which.

Is this possible? If so, how might I go about achieving this?

Many thanks in advance :-)

1 Answer

+2 votes
by

Hello,

Two ways to do that, if you want to allow a small number of devices or you want to prevent a small set.

To allow a small number of devices and prevent all the others, go to Network->Firewall->Custom rules and add:

iptables -A FORWARD -s 192.168.1.x,192.168.1.y,... -o qmimux0 -j ACCEPT
iptables -A FORWARD -s 192.168.1.0/24 -o qmimux0 -j DROP

Or if you prefer to write the reverse, explicitly forbid some devices to use the mobile interface:

iptables -A FORWARD -s 192.168.1.x,192.168.1.y,... -o qmimux0 -j DROP

Replace 192.168.1 by your local lan network of course.

Regards,

Best answer
by
Thankyou - that sounds perfect!