FOR TIPS, gUIDES & TUTORIALS

subscribe to our Youtube

GO TO YOUTUBE

14455 questions

17168 answers

28195 comments

0 members

We are migrating to our new platform at https://community.teltonika.lt. Moving forward, you can continue discussions on this new platform. This current platform will be temporarily maintained for reference purposes.
0 votes
122 views 0 comments
by anonymous
We're using a RUT950 router remotely stream video over a primary network and want to use a SIM card as backup so we can still access the device when the primary network is down.
We managed to set the SIM up as the failover backup for the primary network in the RUT950. But as our device is streaming video, we recently had the issue that this stream then switched to the SIM card and quickly exhausted our data supply.
Ideally we would like to configure the router to block our video streaming device from accessing the network when the router switches to the SIM card backup network. I was reading through the documentation for the RUT950 and found some references to setting a traffic rule that's triggered on failover that might be possible to use in this situation. But I'm not so experienced in networking / was wondering if you might be able to advise us?
Thanks a lot!
Dominic

2 Answers

+1 vote
by anonymous

Hello,

This highly depends, whether, you know the destination host IP address from which you stream. An example, of how to block traffic for one of the failover interfaces can be found here. The difference is that in the aforementioned case, the traffic to be dropped is defined by its source IP, originating from the local network. In your case, you would need to list the destination IP, so that the traffic to the streaming server would not be forwarded, when currently used interface is mobile.

Best regards,

0 votes
by anonymous

Hello,

  

The easiest solution here would most likely be to separate SIM1 and SIM2 zones in the firewall rules and then deny internet access to LAN devices from SIM2. To achieve this:

  • Navigate to Network → Firewall → General settings.
  • Add a new firewall zone;
  • Name: SIM2;
  • Input, Output, and Forward: reject;
  • Masquerading and MSS Clamping: enabled;
  • Covered networks: mob1s2a1;
  • Leave Inter-zone forwarding empty;
  • Save & Apply
  • Open the wan zone settings and remove mob1s2a1 from the covered networks;
  • Open the lan zone settings and remove SIM2 zone from Inter-zone forwarding;
  • Navigate to Network → Firewall → Traffic Rules and create a rule:
    • Type: Add new forward rule;
    • Name: SIM2_WebUI_SSH;
    • Source zone: SIM2;
    • Destination zone: lan;
  • When the advanced configuration opens:
    • Change protocol to TCP;
    • Source zone to SIM2;
    • Destination zone: Device (input);
    • Destination port: 22, 80;
    • Save & Apply;
  • Create a second rule, to block the rest of SIM2 traffic (order is important):
    • Protocol: Any;
    • Source zone: lan;
    • Destination zone: SIM2;
    • Action: Reject;
Keep in mind, that with this configuration, the device itself will not be able to reach the internet, only you'll be able to access the device using it's public IP.
For a good measure, the router can be restarted, and the configuration can be tested.

  

Best regards,
DaumantasG