From owner-freebsd-net@FreeBSD.ORG Wed Apr 27 07:33:05 2005 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 8718916A4CE for ; Wed, 27 Apr 2005 07:33:05 +0000 (GMT) Received: from zproxy.gmail.com (zproxy.gmail.com [64.233.162.202]) by mx1.FreeBSD.org (Postfix) with ESMTP id 21EC243D60 for ; Wed, 27 Apr 2005 07:33:05 +0000 (GMT) (envelope-from vladgalu@gmail.com) Received: by zproxy.gmail.com with SMTP id 40so270182nzk for ; Wed, 27 Apr 2005 00:33:04 -0700 (PDT) DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=beta; d=gmail.com; h=received:message-id:date:from:reply-to:to:subject:in-reply-to:mime-version:content-type:content-transfer-encoding:content-disposition:references; b=cjK2Vu48Ki7tuhgH54OIPJhp1r2U5NAgJ4QMrF3yYKVM858LtpkLL///woM6aubZW2wc1xO7mwJLnR5hlXh8HagsIGsP7ccA+JMmqk6SjKtO+NCImbyii7jZE/RgJRUyMqiFzJz/7BRwtVjl7Eh5WRx7OVUHj8gV7t3YBWkhc8Q= Received: by 10.36.33.6 with SMTP id g6mr29232nzg; Wed, 27 Apr 2005 00:33:04 -0700 (PDT) Received: by 10.36.82.2 with HTTP; Wed, 27 Apr 2005 00:33:04 -0700 (PDT) Message-ID: <79722fad05042700334e7c1a9b@mail.gmail.com> Date: Wed, 27 Apr 2005 10:33:04 +0300 From: Vlad GALU To: freebsd-net@freebsd.org In-Reply-To: <20050426225230.GA61019@procent.t2.ds.pwr.wroc.pl> Mime-Version: 1.0 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: quoted-printable Content-Disposition: inline References: <20050426225230.GA61019@procent.t2.ds.pwr.wroc.pl> Subject: Re: Changing packets ttl's X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list Reply-To: Vlad GALU List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 27 Apr 2005 07:33:05 -0000 On 4/27/05, GiZmen wrote: > Hi, >=20 > I am searching how to change packet ttl. I am runing a freebsd 5.4 > gateway and i would like to change ttl of any packets that are > going out from my internal interface. My goal is to change ttl to 1 > so the last hop is the next host in my internal network. > I want to prevent people to do small NAT in my network. I know that > changing ttl's is easy to bypass but not for normal user :) > I am using pf as my packet filter but there is no option to change > ttls to smaler value. Please help me with this problem. > Big thanks IIRC, ipf can match packets by their ttl. You can use it to drop packets that come from your network and have odd ttls (63, 127), therefore preventing (most) users in that network from NATing eachother. >=20 > -- > Best Regards: > GiZmen >=20 > UNIX is user-friendly; it's just picky about its friends > UNIX is simple; it just takes a genius to understand its simplicity > _______________________________________________ > freebsd-net@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-net > To unsubscribe, send any mail to "freebsd-net-unsubscribe@freebsd.org" >=20 --=20 If it's there, and you can see it, it's real. If it's not there, and you can see it, it's virtual. If it's there, and you can't see it, it's transparent. If it's not there, and you can't see it, you erased it.