subscribe to our Youtube


14455 questions

17168 answers


0 members

We are migrating to our new platform at Moving forward, you can continue discussions on this new platform. This current platform will be temporarily maintained for reference purposes.
0 votes
305 views 1 comments
by anonymous
I have a RUTX11 that is configured in what I would call a fairly standard way - providing regular (wired/low cost) broadband internet to a local network, with auto-failover to cellular when the wired broadband suffers an outage.

However, cellular data is a LOT more expensive than regular wired broadband and there are a number of particularly greedy clients on the local network that are not "essential" and therefore (to save costs) I would like to know if there's a way to configure the RUTX11 so that I can block internet access to these clients when the RUTX11 internet access has fallen over to the mobile/cellular internet link?

Blocking can be via IP address, IP range or MAC address - I don't mind which.

Is this possible? If so, how might I go about achieving this?

Many thanks in advance :-)

1 Answer

+2 votes
by anonymous


Two ways to do that, if you want to allow a small number of devices or you want to prevent a small set.

To allow a small number of devices and prevent all the others, go to Network->Firewall->Custom rules and add:

iptables -A FORWARD -s 192.168.1.x,192.168.1.y,... -o qmimux0 -j ACCEPT
iptables -A FORWARD -s -o qmimux0 -j DROP

Or if you prefer to write the reverse, explicitly forbid some devices to use the mobile interface:

iptables -A FORWARD -s 192.168.1.x,192.168.1.y,... -o qmimux0 -j DROP

Replace 192.168.1 by your local lan network of course.


Best answer
by anonymous
Thankyou - that sounds perfect!