PDA

Bekijk de volledige versie : increasing TTL how to ?



tomilius
27-03-2005, 08:41
Does iptables in 1.9.2.7-4 or any other firmware support TTL matching? That would be a useful security feature for allowing IGMP only from local sources...

mctiew
27-03-2005, 12:48
Does iptables in 1.9.2.7-4 or any other firmware support TTL matching? That would be a useful security feature for allowing IGMP only from local sources...

Yes, I created one - based on 1.9.2.7-4 which can do that.

But I am not sure if it is a good idea for you to use my firmware.

Cheers.

tomilius
27-03-2005, 21:05
Hmm... prithee upload it apart from your firmware if that's possible. ;)

I did some research before I created this thread, actually, and found out that libipt_ttl.so is needed; I just didn't know where to request features... hehe...

Oleg
27-03-2005, 21:15
well, in fact filtering based on ttl is not a good idea, except of ttl==1. why don't you filter based on source mac?

tomilius
28-03-2005, 04:28
I've already struggled to try to get the MAC of the IGMP source and have tried allowing it but it hasn't worked. Anyway, yes, I would be testing for a TTL of 1.

mctiew
28-03-2005, 08:45
I've already struggled to try to get the MAC of the IGMP source and have tried allowing it but it hasn't worked. Anyway, yes, I would be testing for a TTL of 1.

I have included the kernel modules ipt_TTL.o and ipt_ttl.o. Without using the corresponding kernel and iptables which I compiled, I am not sure if it is going to work by patching these modules alone.

I Hope it will work, then it saves you lots of trouble. ;)

Cheers

tomilius
28-03-2005, 15:44
Thank you! I'll try it soon.

EDIT: I think I'll wait for my pen drive to come in, actually, which should be in a few days, just to save myself from extra hassle. Thanks, though.

tomilius
31-03-2005, 09:09
Hmm... it's not a shared object library.. or something.
It's a .o instead of a .so like the others *gasp*
Can't make it work be renaming.
Thanks though... really not that urgent either.... though thinking more about it that connlimit thing would be above excellent

mctiew
31-03-2005, 09:27
Hmm... it's not a shared object library.. or something.
It's a .o instead of a .so like the others *gasp*
Can't make it work be renaming.
Thanks though... really not that urgent either.... though thinking more about it that connlimit thing would be above excellent

It is not a userspace program. It's for use by the kernel, although at this moment I am not sure if the user space counter part is present or not. You could ***TRY*** to use it this way ( for example ),

cd what_ever_path
insmod ipt_ttl.o
( if you need the ttl match )
insmod ipt_TTL.o
( if you need the TTL target )

Cheers

tomilius
02-04-2005, 00:57
Nope. Not happening. Thanks though.

The TTL target is included in 1.9.2.7-4, isn't it?

hsca
05-03-2006, 21:26
Hi when I try this script on oleg's firmware give me error :(

iptables -t mangle -I PREROUTING -i vlan1 -j TTL --ttl-set 10

"iptables: No chain/target/match by that name"

It works without any problem with DD-WRT firmaware


How can I increase because my ISP set this value to 1 and I cannot use internet connection more than 1 PS etc...

My router is Asus WL-500gx

Oleg
06-03-2006, 11:10
insmod ipt_TTL.o or something like this.

hsca
06-03-2006, 19:38
Yes you are right without this module will not work :D
Now working very well
only need to write nvram

Thank you Oleg

wojto22
04-01-2007, 15:36
Hello It is my first post on this forum :D I had to change settings of TTL value and now i can again share my internet connection baut everytime when i switch off my Asus WL-500g premium i have to make everything once again!! How can i save it... ?? I try: nvram commit but after this is the same...

Here is what i did:

insmod ipt_TTL.o
iptables -t mangle -I PREROUTING -i vlan1 -j TTL --ttl-set 10

how can i write it to nvram??

danielb
05-01-2007, 22:51
what you need is to add those lines to /usr/local/sbin/post-boot
and next save the changes to flash (flashfs save; flashfs commit; flashfs enable)
If you don't know how to do it, just take a look at macsat's oleg tutorials at http://www.macsat.com

citro
14-03-2007, 00:32
My ISP is banning the use of routers by setting the TTL of incoming data to 1.

I read it is possible to overcome this limitation by using the Oleg's firmware. However, I'm not very brave :) and I'm still on original Asus firmware. I'm wondering if the original firmware supports TTL modification and if so, how to do it.

neos2k1
15-03-2007, 11:40
AFAIK the original firmware doesn't support TTL modification. You have to use iptables to do that.

wirespot
21-03-2007, 10:01
Start from here (http://www.collaborium.org/onsite/benin/docs/services/NETFILTER_RELATED/netfilter-extensions/netfilter-extensions-HOWTO-4.html#ss4.7). Hopefully, the iptables included with Oleg's already support the TTL target. I'm thinking he may have applied Patch-O-Matic to the package, but I don't know.

mjkmjk
21-03-2008, 01:03
I have WL-500W router. Unfortunately I can't configure the internet connection (Vista). Perhaps ISP made TTL restriction. How can check if it’s true and how can I ménage this problem? Is there any custom software for WL-500W router where I’ll able to increase TTL?

wpte
20-05-2008, 12:03
TTL should be a value in windows, I'm not exactly shure where.
I know that "tune-up utilities" can improve the TTL, but I don't really notice it:p

wee
16-06-2008, 11:46
Hello
I'm noob so please by patient . My problem is that my SPI made "routing lock"- ttl ==1. So how I can make that TTL value will be ttl++ not --ttl( by changing firmware or if already made it please share ). I have only c/c++ skills.

wpte
23-06-2008, 12:47
are you sure you set up the router correctly?:rolleyes:

wee
23-06-2008, 15:41
yes. everythink is set up.