Changing packets ttl's
    Vlad GALU 
    vladgalu at gmail.com
       
    Wed Apr 27 00:33:05 PDT 2005
    
    
  
On 4/27/05, GiZmen <gizmen at zion.vsip.pl> wrote:
> Hi,
> 
> I am searching how to change packet ttl. I am runing a freebsd 5.4
> gateway and i would like to change ttl of any packets that are
> going out from my internal interface. My goal is to change ttl to 1
> so the last hop is the next host in my internal network.
> I want to prevent people to do small NAT in my network. I know that
> changing ttl's is easy to bypass but not for normal user :)
> I am using pf as my packet filter but there is no option to change
> ttls to smaler value. Please help me with this problem.
> Big thanks
   IIRC, ipf can match packets by their ttl. You can use it to drop
packets that come from your network and have odd ttls (63, 127),
therefore preventing (most) users in that network from NATing
eachother.
> 
> --
> Best Regards:
>                 GiZmen
> 
> UNIX is user-friendly; it's just picky about its friends
> UNIX is simple; it just takes a genius to understand its simplicity
> _______________________________________________
> freebsd-net at freebsd.org mailing list
> http://lists.freebsd.org/mailman/listinfo/freebsd-net
> To unsubscribe, send any mail to "freebsd-net-unsubscribe at freebsd.org"
> 
-- 
If it's there, and you can see it, it's real.
If it's not there, and you can see it, it's virtual.
If it's there, and you can't see it, it's transparent.
If it's not there, and you can't see it, you erased it.
    
    
More information about the freebsd-net
mailing list