Yes, I created one - based on 1.9.2.7-4 which can do that.Originally Posted by tomilius
But I am not sure if it is a good idea for you to use my firmware.
Cheers.
Does iptables in 1.9.2.7-4 or any other firmware support TTL matching? That would be a useful security feature for allowing IGMP only from local sources...
Yes, I created one - based on 1.9.2.7-4 which can do that.Originally Posted by tomilius
But I am not sure if it is a good idea for you to use my firmware.
Cheers.
Hmm... prithee upload it apart from your firmware if that's possible.
I did some research before I created this thread, actually, and found out that libipt_ttl.so is needed; I just didn't know where to request features... hehe...
well, in fact filtering based on ttl is not a good idea, except of ttl==1. why don't you filter based on source mac?
I've already struggled to try to get the MAC of the IGMP source and have tried allowing it but it hasn't worked. Anyway, yes, I would be testing for a TTL of 1.
Last edited by tomilius; 28-03-2005 at 04:37.
I have included the kernel modules ipt_TTL.o and ipt_ttl.o. Without using the corresponding kernel and iptables which I compiled, I am not sure if it is going to work by patching these modules alone.Originally Posted by tomilius
I Hope it will work, then it saves you lots of trouble.
Cheers
Thank you! I'll try it soon.
EDIT: I think I'll wait for my pen drive to come in, actually, which should be in a few days, just to save myself from extra hassle. Thanks, though.
Last edited by tomilius; 28-03-2005 at 23:37.
Hmm... it's not a shared object library.. or something.
It's a .o instead of a .so like the others *gasp*
Can't make it work be renaming.
Thanks though... really not that urgent either.... though thinking more about it that connlimit thing would be above excellent
It is not a userspace program. It's for use by the kernel, although at this moment I am not sure if the user space counter part is present or not. You could ***TRY*** to use it this way ( for example ),Originally Posted by tomilius
cd what_ever_path
insmod ipt_ttl.o
( if you need the ttl match )
insmod ipt_TTL.o
( if you need the TTL target )
Cheers
Nope. Not happening. Thanks though.
The TTL target is included in 1.9.2.7-4, isn't it?
Hi when I try this script on oleg's firmware give me error
iptables -t mangle -I PREROUTING -i vlan1 -j TTL --ttl-set 10
"iptables: No chain/target/match by that name"
It works without any problem with DD-WRT firmaware
How can I increase because my ISP set this value to 1 and I cannot use internet connection more than 1 PS etc...
My router is Asus WL-500gx
insmod ipt_TTL.o or something like this.
Yes you are right without this module will not work
Now working very well
only need to write nvram
Thank you Oleg
Hello It is my first post on this forum I had to change settings of TTL value and now i can again share my internet connection baut everytime when i switch off my Asus WL-500g premium i have to make everything once again!! How can i save it... ?? I try: nvram commit but after this is the same...
Here is what i did:
insmod ipt_TTL.o
iptables -t mangle -I PREROUTING -i vlan1 -j TTL --ttl-set 10
how can i write it to nvram??
what you need is to add those lines to /usr/local/sbin/post-boot
and next save the changes to flash (flashfs save; flashfs commit; flashfs enable)
If you don't know how to do it, just take a look at macsat's oleg tutorials at http://www.macsat.com