Date: Wed, 27 Apr 2005 10:33:04 +0300 From: Vlad GALU <vladgalu@gmail.com> To: freebsd-net@freebsd.org Subject: Re: Changing packets ttl's Message-ID: <79722fad05042700334e7c1a9b@mail.gmail.com> In-Reply-To: <20050426225230.GA61019@procent.t2.ds.pwr.wroc.pl> References: <20050426225230.GA61019@procent.t2.ds.pwr.wroc.pl>
next in thread | previous in thread | raw e-mail | index | archive | help
On 4/27/05, GiZmen <gizmen@zion.vsip.pl> wrote: > Hi, >=20 > I am searching how to change packet ttl. I am runing a freebsd 5.4 > gateway and i would like to change ttl of any packets that are > going out from my internal interface. My goal is to change ttl to 1 > so the last hop is the next host in my internal network. > I want to prevent people to do small NAT in my network. I know that > changing ttl's is easy to bypass but not for normal user :) > I am using pf as my packet filter but there is no option to change > ttls to smaler value. Please help me with this problem. > Big thanks IIRC, ipf can match packets by their ttl. You can use it to drop packets that come from your network and have odd ttls (63, 127), therefore preventing (most) users in that network from NATing eachother. >=20 > -- > Best Regards: > GiZmen >=20 > UNIX is user-friendly; it's just picky about its friends > UNIX is simple; it just takes a genius to understand its simplicity > _______________________________________________ > freebsd-net@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-net > To unsubscribe, send any mail to "freebsd-net-unsubscribe@freebsd.org" >=20 --=20 If it's there, and you can see it, it's real. If it's not there, and you can see it, it's virtual. If it's there, and you can't see it, it's transparent. If it's not there, and you can't see it, you erased it.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?79722fad05042700334e7c1a9b>