changing ttl size of forwarding packet
Freddie Cash
fjwcash+freebsd at gmail.com
Tue Jul 24 19:31:19 UTC 2007
On July 24, 2007 11:28 am Chuck Swiger wrote:
> On Jul 24, 2007, at 10:46 AM, Samit wrote:
> > iptables can easily do it via mangle table. Is there any way using
> > ipfw2
> > to change the ttl size of the forwarding packets?
>
> The size of the TTL field is fixed by the IP protocol to 1 byte;
> perhaps you are looking for the IPFW transparent firewall option,
> which prevents it from decrementing the TTL in order to make a
> "hidden" firewall...?
Taken from http://www.linuxtopia.org/Linux_Firewall_iptables/x1196.html:
The TTL target is used to change the TTL (Time To Live) field of the
packet. We could tell packets to only have a specific TTL and so on. One
good reason for this could be that we don't want to give ourself away to
nosy Internet Service Providers. Some Internet Service Providers do not
like users running multiple computers on one single connection, and there
are some Internet Service Providers known to look for a single host
generating different TTL values, and take this as one of many signs of
multiple computers connected to a single connection.
What you are looking for is the IPSTEALTH kernel option, which gives you
an ipstealth sysctl that you can toggle. This will change the network
stack to either decrement the TTL as per normal (ipstealth=0) or not
decrement the TTL (ipstealth=1).
--
Freddie Cash, LPIC-2 CCNT CCLP Network Support Technician
School District 73 (250) 377-HELP [377-4357]
fjwcash+freebsd at gmail.com
More information about the freebsd-isp
mailing list