Does iptables in 1.9.2.7-4 or any other firmware support TTL matching? That would be a useful security feature for allowing IGMP only from local sources...

Does iptables in 1.9.2.7-4 or any other firmware support TTL matching? That would be a useful security feature for allowing IGMP only from local sources...

Yes, I created one - based on 1.9.2.7-4 which can do that.

But I am not sure if it is a good idea for you to use my firmware.

Cheers.

Hmm... prithee upload it apart from your firmware if that's possible. ;)

I did some research before I created this thread, actually, and found out that libipt_ttl.so is needed; I just didn't know where to request features... hehe...

well, in fact filtering based on ttl is not a good idea, except of ttl==1. why don't you filter based on source mac?

I've already struggled to try to get the MAC of the IGMP source and have tried allowing it but it hasn't worked. Anyway, yes, I would be testing for a TTL of 1.

I've already struggled to try to get the MAC of the IGMP source and have tried allowing it but it hasn't worked. Anyway, yes, I would be testing for a TTL of 1.

I have included the kernel modules ipt_TTL.o and ipt_ttl.o. Without using the corresponding kernel and iptables which I compiled, I am not sure if it is going to work by patching these modules alone.

I Hope it will work, then it saves you lots of trouble. ;)

Cheers

Thank you! I'll try it soon.

EDIT: I think I'll wait for my pen drive to come in, actually, which should be in a few days, just to save myself from extra hassle. Thanks, though.

Hmm... it's not a shared object library.. or something.
It's a .o instead of a .so like the others *gasp*
Can't make it work be renaming.
Thanks though... really not that urgent either.... though thinking more about it that connlimit thing would be above excellent

Hmm... it's not a shared object library.. or something.
It's a .o instead of a .so like the others *gasp*
Can't make it work be renaming.
Thanks though... really not that urgent either.... though thinking more about it that connlimit thing would be above excellent

It is not a userspace program. It's for use by the kernel, although at this moment I am not sure if the user space counter part is present or not. You could ***TRY*** to use it this way ( for example ),

cd what_ever_path
insmod ipt_ttl.o
( if you need the ttl match )
insmod ipt_TTL.o
( if you need the TTL target )

Cheers

Nope. Not happening. Thanks though.

The TTL target is included in 1.9.2.7-4, isn't it?

Hi when I try this script on oleg's firmware give me error :(

iptables -t mangle -I PREROUTING -i vlan1 -j TTL --ttl-set 10

"iptables: No chain/target/match by that name"

It works without any problem with DD-WRT firmaware


How can I increase because my ISP set this value to 1 and I cannot use internet connection more than 1 PS etc...

My router is Asus WL-500gx

insmod ipt_TTL.o or something like this.

Yes you are right without this module will not work :D
Now working very well
only need to write nvram

Thank you Oleg

Hello It is my first post on this forum :D I had to change settings of TTL value and now i can again share my internet connection baut everytime when i switch off my Asus WL-500g premium i have to make everything once again!! How can i save it... ?? I try: nvram commit but after this is the same...

Here is what i did:

insmod ipt_TTL.o
iptables -t mangle -I PREROUTING -i vlan1 -j TTL --ttl-set 10

how can i write it to nvram??

what you need is to add those lines to /usr/local/sbin/post-boot
and next save the changes to flash (flashfs save; flashfs commit; flashfs enable)
If you don't know how to do it, just take a look at macsat's oleg tutorials at http://www.macsat.com

My ISP is banning the use of routers by setting the TTL of incoming data to 1.

I read it is possible to overcome this limitation by using the Oleg's firmware. However, I'm not very brave :) and I'm still on original Asus firmware. I'm wondering if the original firmware supports TTL modification and if so, how to do it.

AFAIK the original firmware doesn't support TTL modification. You have to use iptables to do that.

Start from here (http://www.collaborium.org/onsite/benin/docs/services/NETFILTER_RELATED/netfilter-extensions/netfilter-extensions-HOWTO-4.html#ss4.7). Hopefully, the iptables included with Oleg's already support the TTL target. I'm thinking he may have applied Patch-O-Matic to the package, but I don't know.

I have WL-500W router. Unfortunately I can't configure the internet connection (Vista). Perhaps ISP made TTL restriction. How can check if it’s true and how can I ménage this problem? Is there any custom software for WL-500W router where I’ll able to increase TTL?

TTL should be a value in windows, I'm not exactly shure where.
I know that "tune-up utilities" can improve the TTL, but I don't really notice it:p

Hello
I'm noob so please by patient . My problem is that my SPI made "routing lock"- ttl ==1. So how I can make that TTL value will be ttl++ not --ttl( by changing firmware or if already made it please share ). I have only c/c++ skills.

are you sure you set up the router correctly?:rolleyes:

yes. everythink is set up.