Re: Changing ttl of incoming packets

From: Niki Denev (nike_d_at_cytexbg.com)
Date: 04/22/04

  • Next message: Christian S.J. Peron: "Re: [patch] Raw sockets in jails" 
    To: Ruslan Ermilov <ru@freebsd.org>
Date: Thu, 22 Apr 2004 17:30:35 +0300

    Ruslan Ermilov writes:

    > On Thu, Apr 22, 2004 at 11:54:15AM +0200, GiZmen wrote:
    >> Hello,
    >>
    >> Is there any way to change ttl of incoming packet to a lower value ?
    >> I had tried min-ttl option in pf packet filter but this option only increase
    >> ttl to a given value when ttl is lower than this value.
    >>
    >> I have searched on google and mailing lists but i do not find any answer.
    >> I am running Freebsd 5.2.1 and i am using pf as my packet filter.
    >>
    > You mean, make the IP forwarding decrement the IP TTL more than by one?
    >
    >
    > Cheers,
    > --
    > Ruslan Ermilov
    > ru@FreeBSD.org
    > FreeBSD committer

    i've seen some cable/dsl ips's to do this, they set the IP TTL to 1 on the
    downlink to the client. (as a lame attempt to stop people sharing their
    connection)
     So if one put some sort of gateway on the dsl/cable modem, all
    the packets it receives are with IP TTL 1, and the gateway will not able to
    forward them to the internal network....... which is in my opinion
    1-st ugly, and 2-nd, easily avoidable with min-ttl for example :)
    but if pf has min-ttl it seems that max-ttl can be easily added.
    also i think i've seen somewhere on the net a netgraph module that can
    modify ttl's and some other things. i think it's name was ng_mangle

    --niki

  • Next message: Christian S.J. Peron: "Re: [patch] Raw sockets in jails"

    Relevant Pages