From owner-freebsd-hackers@FreeBSD.ORG Thu Apr 22 17:34:26 2004 Return-Path: Delivered-To: freebsd-hackers@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id DEC1116A4CE for ; Thu, 22 Apr 2004 17:34:26 -0700 (PDT) Received: from blurp.one.pl (blurp.t4.ds.pwr.wroc.pl [156.17.226.21]) by mx1.FreeBSD.org (Postfix) with ESMTP id 6963943D41 for ; Thu, 22 Apr 2004 17:34:26 -0700 (PDT) (envelope-from gizmen@blurp.one.pl) Received: by blurp.one.pl (Postfix, from userid 1001) id 10CEEA5B; Fri, 23 Apr 2004 02:34:22 +0200 (CEST) Date: Fri, 23 Apr 2004 02:34:21 +0200 From: GiZmen To: freebsd-hackers@freebsd.org Message-ID: <20040423003421.GB39351@blurp.one.pl> References: <20040422095415.GA31126@blurp.one.pl> <20040422131040.GB9359@ip.net.ua> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: User-Agent: Mutt/1.5.6i Subject: Re: Changing ttl of incoming packets X-BeenThere: freebsd-hackers@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Technical Discussions relating to FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 23 Apr 2004 00:34:27 -0000 > >> > >>Is there any way to change ttl of incoming packet to a lower value ? > >>I had tried min-ttl option in pf packet filter but this option only > >>increase > >>ttl to a given value when ttl is lower than this value. > >> > >>I have searched on google and mailing lists but i do not find any answer. > >>I am running Freebsd 5.2.1 and i am using pf as my packet filter. > >> > >You mean, make the IP forwarding decrement the IP TTL more than by one? > i've seen some cable/dsl ips's to do this, they set the IP TTL to 1 on the > downlink to the client. (as a lame attempt to stop people sharing their > connection) > So if one put some sort of gateway on the dsl/cable modem, all > the packets it receives are with IP TTL 1, and the gateway will not able to > forward them to the internal network....... which is in my opinion > 1-st ugly, and 2-nd, easily avoidable with min-ttl for example :) > but if pf has min-ttl it seems that max-ttl can be easily added. > also i think i've seen somewhere on the net a netgraph module that can > modify ttl's and some other things. i think it's name was ng_mangle ---end quoted text--- Yes true i saw some gateways that use this trick too and that was my inspiration to look around how it can be done. But i didnt found any option to do that. max-ttl option would be a good idea to add to pf :) So there is no posibility to change ttl with kernel or some other tool. So how this dsl/cable modem gateways change theirs ttl to 1? thx -- Best Regards: GiZmen UNIX is user-friendly; it's just picky about its friends UNIX is simple; it just takes a genius to understand its simplicity