Skip site navigation (1)Skip section navigation (2) 
Date:      Thu, 22 Apr 2004 17:30:35 +0300
From:      Niki Denev <nike_d@cytexbg.com>
To:        Ruslan Ermilov <ru@freebsd.org>
Cc:        GiZmen <gizmen@blurp.one.pl>
Subject:   Re: Changing ttl of incoming packets
Message-ID:  <cone.1082644235.488773.739.1001@phobos.totalterror.net>
References:  <20040422095415.GA31126@blurp.one.pl> <20040422131040.GB9359@ip.net.ua>
next in thread | previous in thread | raw e-mail | index | archive | help 
This is a MIME GnuPG-signed message.  If you see this text, it means that
your E-mail or Usenet software does not support MIME signed messages.

--=_mimegpg-phobos.totalterror.net-739-1082644235-0001
Content-Type: text/plain; format=flowed; charset="US-ASCII"
Content-Disposition: inline
Content-Transfer-Encoding: 7bit

Ruslan Ermilov writes:

> On Thu, Apr 22, 2004 at 11:54:15AM +0200, GiZmen wrote:
>> Hello,
>>  
>> Is there any way to change ttl of incoming packet to a lower value ?
>> I had tried min-ttl option in pf packet filter but this option only increase
>> ttl to a given value when ttl is lower than this value.
>>  
>> I have searched on google and mailing lists but i do not find any answer.
>> I am running Freebsd 5.2.1 and i am using pf as my packet filter.
>>  
> You mean, make the IP forwarding decrement the IP TTL more than by one?
> 
> 
> Cheers,
> -- 
> Ruslan Ermilov
> ru@FreeBSD.org
> FreeBSD committer

i've seen some cable/dsl ips's to do this, they set the IP TTL to 1 on the 
downlink to the client. (as a lame attempt to stop people sharing their 
connection)
 So if one put some sort of gateway on the dsl/cable modem, all 
the packets it receives are with IP TTL 1, and the gateway will not able to 
forward them to the internal network....... which is in my opinion 
1-st ugly, and 2-nd, easily avoidable with min-ttl for example :)
but if pf has min-ttl it seems that max-ttl can be easily added.
also i think i've seen somewhere on the net a netgraph module that can 
modify ttl's and some other things. i think it's name was ng_mangle

--niki

--=_mimegpg-phobos.totalterror.net-739-1082644235-0001
Content-Type: application/pgp-signature
Content-Transfer-Encoding: 7bit

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (FreeBSD)

iD8DBQBAh9cLHNAJ/fLbfrkRAkWXAKC0ZI5aGRoN1eLKjpOq8935IpSqCwCeIT2S
1xLP0e2LZUkCGlY2pW787to=
=klBq
-----END PGP SIGNATURE-----

--=_mimegpg-phobos.totalterror.net-739-1082644235-0001--

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?cone.1082644235.488773.739.1001>