From owner-freebsd-hackers@FreeBSD.ORG Thu Apr 22 07:30:41 2004 Return-Path: Delivered-To: freebsd-hackers@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 5BE7716A4CE for ; Thu, 22 Apr 2004 07:30:41 -0700 (PDT) Received: from ns1.interbgc.com (mail.interbgc.com [217.9.224.3]) by mx1.FreeBSD.org (Postfix) with SMTP id E779943D3F for ; Thu, 22 Apr 2004 07:30:39 -0700 (PDT) (envelope-from nike_d@cytexbg.com) Received: (qmail 27647 invoked from network); 22 Apr 2004 14:30:37 -0000 Received: from nike_d@cytexbg.com by keeper.interbgc.com by uid 1002 with qmail-scanner-1.14 (uvscan: v4.1.60/v4335. spamassassin: 2.63. Clear:SA:0(-4.9/8.0):. Processed in 1.640775 secs); 22 Apr 2004 14:30:37 -0000 X-Spam-Status: No, hits=-4.9 required=8.0 Received: from 213-240-206-214.ddns.cablebg.net (HELO tormentor.totalterror.net) (213.240.206.214) by mail.interbgc.com with SMTP; 22 Apr 2004 14:30:35 -0000 Received: (qmail 9559 invoked by uid 1006); 22 Apr 2004 14:35:02 -0000 Received: from nike_d@cytexbg.com by tormentor.cytexbg.com by uid 1003 with qmail-scanner-1.15 (sweep: 2.14/3.62. Clear:. Processed in 2.848416 secs); 22 Apr 2004 14:35:02 -0000 Received: from unknown (HELO phobos.totalterror.net) (10.0.0.6) by tormentor.totalterror.net with SMTP; 22 Apr 2004 14:34:59 -0000 References: <20040422095415.GA31126@blurp.one.pl> <20040422131040.GB9359@ip.net.ua> Message-ID: X-Mailer: http://www.courier-mta.org/cone/ From: Niki Denev To: Ruslan Ermilov Date: Thu, 22 Apr 2004 17:30:35 +0300 Mime-Version: 1.0 Content-Type: multipart/signed; boundary="=_mimegpg-phobos.totalterror.net-739-1082644235-0001"; micalg=pgp-sha1; protocol="application/pgp-signature" cc: freebsd-hackers@freebsd.org cc: GiZmen Subject: Re: Changing ttl of incoming packets X-BeenThere: freebsd-hackers@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Technical Discussions relating to FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 22 Apr 2004 14:30:41 -0000 This is a MIME GnuPG-signed message. If you see this text, it means that your E-mail or Usenet software does not support MIME signed messages. --=_mimegpg-phobos.totalterror.net-739-1082644235-0001 Content-Type: text/plain; format=flowed; charset="US-ASCII" Content-Disposition: inline Content-Transfer-Encoding: 7bit Ruslan Ermilov writes: > On Thu, Apr 22, 2004 at 11:54:15AM +0200, GiZmen wrote: >> Hello, >> >> Is there any way to change ttl of incoming packet to a lower value ? >> I had tried min-ttl option in pf packet filter but this option only increase >> ttl to a given value when ttl is lower than this value. >> >> I have searched on google and mailing lists but i do not find any answer. >> I am running Freebsd 5.2.1 and i am using pf as my packet filter. >> > You mean, make the IP forwarding decrement the IP TTL more than by one? > > > Cheers, > -- > Ruslan Ermilov > ru@FreeBSD.org > FreeBSD committer i've seen some cable/dsl ips's to do this, they set the IP TTL to 1 on the downlink to the client. (as a lame attempt to stop people sharing their connection) So if one put some sort of gateway on the dsl/cable modem, all the packets it receives are with IP TTL 1, and the gateway will not able to forward them to the internal network....... which is in my opinion 1-st ugly, and 2-nd, easily avoidable with min-ttl for example :) but if pf has min-ttl it seems that max-ttl can be easily added. also i think i've seen somewhere on the net a netgraph module that can modify ttl's and some other things. i think it's name was ng_mangle --niki --=_mimegpg-phobos.totalterror.net-739-1082644235-0001 Content-Type: application/pgp-signature Content-Transfer-Encoding: 7bit -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.4 (FreeBSD) iD8DBQBAh9cLHNAJ/fLbfrkRAkWXAKC0ZI5aGRoN1eLKjpOq8935IpSqCwCeIT2S 1xLP0e2LZUkCGlY2pW787to= =klBq -----END PGP SIGNATURE----- --=_mimegpg-phobos.totalterror.net-739-1082644235-0001--