Date: Tue, 24 Jul 2007 12:04:19 -0700 From: Freddie Cash <fjwcash+freebsd@gmail.com> To: freebsd-isp@freebsd.org Subject: Re: changing ttl size of forwarding packet Message-ID: <200707241204.20453.fjwcash%2Bfreebsd@gmail.com> In-Reply-To: <B3283DBE-EB4C-4281-8658-8F81E5C94775@mac.com> References: <46A63AF2.40405@wlink.com.np> <B3283DBE-EB4C-4281-8658-8F81E5C94775@mac.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On July 24, 2007 11:28 am Chuck Swiger wrote: > On Jul 24, 2007, at 10:46 AM, Samit wrote: > > iptables can easily do it via mangle table. Is there any way using > > ipfw2 > > to change the ttl size of the forwarding packets? > > The size of the TTL field is fixed by the IP protocol to 1 byte; > perhaps you are looking for the IPFW transparent firewall option, > which prevents it from decrementing the TTL in order to make a > "hidden" firewall...? Taken from http://www.linuxtopia.org/Linux_Firewall_iptables/x1196.html: The TTL target is used to change the TTL (Time To Live) field of the packet. We could tell packets to only have a specific TTL and so on. One good reason for this could be that we don't want to give ourself away to nosy Internet Service Providers. Some Internet Service Providers do not like users running multiple computers on one single connection, and there are some Internet Service Providers known to look for a single host generating different TTL values, and take this as one of many signs of multiple computers connected to a single connection. What you are looking for is the IPSTEALTH kernel option, which gives you an ipstealth sysctl that you can toggle. This will change the network stack to either decrement the TTL as per normal (ipstealth=0) or not decrement the TTL (ipstealth=1). -- Freddie Cash, LPIC-2 CCNT CCLP Network Support Technician School District 73 (250) 377-HELP [377-4357] fjwcash+freebsd@gmail.com
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200707241204.20453.fjwcash%2Bfreebsd>