Bekijk de volledige versie : increasing TTL how to ?
tomilius
27-03-2005, 08:41
Does iptables in 1.9.2.7-4 or any other firmware support TTL matching? That would be a useful security feature for allowing IGMP only from local sources...
Does iptables in 1.9.2.7-4 or any other firmware support TTL matching? That would be a useful security feature for allowing IGMP only from local sources...
Yes, I created one - based on 1.9.2.7-4 which can do that.
But I am not sure if it is a good idea for you to use my firmware.
Cheers.
tomilius
27-03-2005, 21:05
Hmm... prithee upload it apart from your firmware if that's possible. ;)
I did some research before I created this thread, actually, and found out that libipt_ttl.so is needed; I just didn't know where to request features... hehe...
well, in fact filtering based on ttl is not a good idea, except of ttl==1. why don't you filter based on source mac?
tomilius
28-03-2005, 04:28
I've already struggled to try to get the MAC of the IGMP source and have tried allowing it but it hasn't worked. Anyway, yes, I would be testing for a TTL of 1.
I've already struggled to try to get the MAC of the IGMP source and have tried allowing it but it hasn't worked. Anyway, yes, I would be testing for a TTL of 1.
I have included the kernel modules ipt_TTL.o and ipt_ttl.o. Without using the corresponding kernel and iptables which I compiled, I am not sure if it is going to work by patching these modules alone.
I Hope it will work, then it saves you lots of trouble. ;)
Cheers
tomilius
28-03-2005, 15:44
Thank you! I'll try it soon.
EDIT: I think I'll wait for my pen drive to come in, actually, which should be in a few days, just to save myself from extra hassle. Thanks, though.
tomilius
31-03-2005, 09:09
Hmm... it's not a shared object library.. or something.
It's a .o instead of a .so like the others *gasp*
Can't make it work be renaming.
Thanks though... really not that urgent either.... though thinking more about it that connlimit thing would be above excellent
Hmm... it's not a shared object library.. or something.
It's a .o instead of a .so like the others *gasp*
Can't make it work be renaming.
Thanks though... really not that urgent either.... though thinking more about it that connlimit thing would be above excellent
It is not a userspace program. It's for use by the kernel, although at this moment I am not sure if the user space counter part is present or not. You could ***TRY*** to use it this way ( for example ),
cd what_ever_path
insmod ipt_ttl.o
( if you need the ttl match )
insmod ipt_TTL.o
( if you need the TTL target )
Cheers
tomilius
02-04-2005, 00:57
Nope. Not happening. Thanks though.
The TTL target is included in 1.9.2.7-4, isn't it?
Hi when I try this script on oleg's firmware give me error :(
iptables -t mangle -I PREROUTING -i vlan1 -j TTL --ttl-set 10
"iptables: No chain/target/match by that name"
It works without any problem with DD-WRT firmaware
How can I increase because my ISP set this value to 1 and I cannot use internet connection more than 1 PS etc...
My router is Asus WL-500gx
insmod ipt_TTL.o or something like this.
Yes you are right without this module will not work :D
Now working very well
only need to write nvram
Thank you Oleg
Hello It is my first post on this forum :D I had to change settings of TTL value and now i can again share my internet connection baut everytime when i switch off my Asus WL-500g premium i have to make everything once again!! How can i save it... ?? I try: nvram commit but after this is the same...
Here is what i did:
insmod ipt_TTL.o
iptables -t mangle -I PREROUTING -i vlan1 -j TTL --ttl-set 10
how can i write it to nvram??
what you need is to add those lines to /usr/local/sbin/post-boot
and next save the changes to flash (flashfs save; flashfs commit; flashfs enable)
If you don't know how to do it, just take a look at macsat's oleg tutorials at http://www.macsat.com
My ISP is banning the use of routers by setting the TTL of incoming data to 1.
I read it is possible to overcome this limitation by using the Oleg's firmware. However, I'm not very brave :) and I'm still on original Asus firmware. I'm wondering if the original firmware supports TTL modification and if so, how to do it.
AFAIK the original firmware doesn't support TTL modification. You have to use iptables to do that.
wirespot
21-03-2007, 10:01
Start from here (http://www.collaborium.org/onsite/benin/docs/services/NETFILTER_RELATED/netfilter-extensions/netfilter-extensions-HOWTO-4.html#ss4.7). Hopefully, the iptables included with Oleg's already support the TTL target. I'm thinking he may have applied Patch-O-Matic to the package, but I don't know.
I have WL-500W router. Unfortunately I can't configure the internet connection (Vista). Perhaps ISP made TTL restriction. How can check if it’s true and how can I ménage this problem? Is there any custom software for WL-500W router where I’ll able to increase TTL?
TTL should be a value in windows, I'm not exactly shure where.
I know that "tune-up utilities" can improve the TTL, but I don't really notice it:p
Hello
I'm noob so please by patient . My problem is that my SPI made "routing lock"- ttl ==1. So how I can make that TTL value will be ttl++ not --ttl( by changing firmware or if already made it please share ). I have only c/c++ skills.
are you sure you set up the router correctly?:rolleyes:
yes. everythink is set up.