From owner-freebsd-net@FreeBSD.ORG Fri Apr 29 09:08:14 2005 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id E714816A4CE for ; Fri, 29 Apr 2005 09:08:14 +0000 (GMT) Received: from postfix4-2.free.fr (postfix4-2.free.fr [213.228.0.176]) by mx1.FreeBSD.org (Postfix) with ESMTP id 3CCA743D39 for ; Fri, 29 Apr 2005 09:08:14 +0000 (GMT) (envelope-from tataz@tataz.chchile.org) Received: from tatooine.tataz.chchile.org (vol75-8-82-233-239-98.fbx.proxad.net [82.233.239.98]) by postfix4-2.free.fr (Postfix) with ESMTP id 241DC3192D9; Fri, 29 Apr 2005 11:08:12 +0200 (CEST) Received: by tatooine.tataz.chchile.org (Postfix, from userid 1000) id 86A5B4080; Fri, 29 Apr 2005 11:07:22 +0200 (CEST) Date: Fri, 29 Apr 2005 11:07:22 +0200 From: Jeremie Le Hen To: GiZmen Message-ID: <20050429090721.GT91329@obiwan.tataz.chchile.org> References: <20050426225230.GA61019@procent.t2.ds.pwr.wroc.pl> <20050427085629.S3686@Neo-Vortex.net> <20050428193931.GA78277@swordfish.vsip.net> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20050428193931.GA78277@swordfish.vsip.net> User-Agent: Mutt/1.5.9i cc: freebsd-net@freebsd.org Subject: Re: Changing packets ttl's X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 29 Apr 2005 09:08:15 -0000 Hi, > No this sysctl is not what i want. > I need to change ttl of outgoing packets to my internal network. > For example. There is connection from host on internet. > it has for example 10 hops to my gateway. And when packet comes > to my box it has for example 55 ttl in ip header. > And then it is routed to host in my network so my box change ttl > to 54. But what i need is change ttl to '1'. In Linux terms, you want to ``mangle'' the packet, we-writing its TTL. AFAIK, this is not possible with FreeBSD since this is really not a common action for a firewall (some conservative folks would even argue this is not its job). The pf firewall seems to have a ``min-ttl'' statement in traffic normalization, but there is no ``max-ttl'' one. The simplest way to achieve this is to write a userland daemon which will retrieve the packet from the firewall from a divert socket, using ipfw(8). But this would have very poor performances in case you need high-bandwidth traffic as each packet would require at least two context switches, but for a DSL connexion, I guess this would be ok. There other solution is to make a patch for one of the firewall avaiable in FreeBSD. Best regards, -- Jeremie Le Hen < jeremie at le-hen dot org >< ttz at chchile dot org >