I have a GL.iNet AR-300M running the latest OpenWRT 18.06.2 stable release. I'm using it basically as a USB-ethernet bridge between my USB-tethered Android phone and my primary router (a pfSense box) sitting upstream. In order to minimize unnecessary layers of NAT I've set up a bridge in OpenWRT (br-lan) that consists of one of the ethernet ports (eth0) and the USB tether interface, usb0.
Because my cell carrier imposes tethering restrictions (enforced by checking the outgoing TTL of packets from the phone) I've configured iptables to modify the TTL as follows:
iptables -t mangle -I POSTROUTING -m physdev --physdev-out usb0 -j TTL --ttl-set 65
However, this doesn't seem to work. The firewall rule shows up in Status -> Firewall but the packet counters remain at 0, indicating that this mangle rule isn't been applied (confirmed with packet sniffing on the phone).
If I tweak OpenWRT to use a standard routed NAT setup, the mangling works with the following iptables rule:
iptables -t mangle -I POSTROUTING -o usb0 -j TTL --ttl-set 65
However, this isn't ideal as this creates three layers of NAT before traffic leaves the phone (pfSense router, OpenWRT router, Android tether).
Anyone have any ideas as to why mangling doesn't seem to work with a bridged interface? I've already checked that the appropriate packages are installed (iptables-mod-physdev, iptables-mod-ipopt).