Help with changing outgoing TTL on Asus WRT

[unsynaps]

Wow. ISP's STILL use this to 'detect' if you are using a router?

 

[truematic]

For anyone stumbling onto this page looking for the same thing, the syntax is:

iptables -t mangle -A POSTROUTING -o usb0 -j TTL --ttl-set 65

This will change the TTL of all packets being routed through the usb attached android phone to 65.

I like what you are doing here where the ttl is 65 only on usb0, but the code would not change the ttl on my router - I confirmed by ping. The following code from a yt video linked on another thread did work, but it's more of a blanket approach and I would prefer your method. Did anyone run into this issue and have a fix?

nano /jffs/scripts/nat-start
#!/bin/sh
sleep 10
modprobe xt_HL
modprobe xt_hl
iptables -t mangle -A POSTROUTING -j TTL --ttl-set 65
chmod a+rx /jffs/scripts/*

My router info:
Asus RT-AC68U
Merlin Firmware Version:384.14 Factory Reset

 

[SpeedyG]

This works perfectly.

If anyone is happening upon this thread here is what I did:

1. install merlin
   1. download the right one from the website
   2. extract it
   3. go to your router.asus.com page
   4. in administration>firmware upgrade, upload your file and flash
2. enable etend the ttl value and spoof lan ttl value in usb modem settings on your router.asus.com page
3. enable ssh at administration>system in router.asus.com
4. ssh in (I used router.asus.com) and my password
5. run chmod a+rx /jffs/scripts/*
6. navigate to jffs/scripts
7. type nano firewall-start
8. edit the script to be:
   #!/bin/sh
   iptables -t mangle -A POSTROUTING -o -usb0 -j TTL --ttl-set 65
   
   
9. ctrl+x and save it
10. reboot the router

I also set up tasker on my phone to turn on usb tethering, I used the power/usb in the state list then used secure settings to turn on usb tethering. Working like a charm.

Hi, I am new to this any help would be greatly appreciated. I have the Asus RT-AC66U_B1 with my phone usb tethered. I am trying to bypass the throttling I get on tethered devices by using your guide. I was able to flash the router with Merlin 384.15 and turned on the ttl extend, ttl spoof lan, and enabled ssh. After this I start to loose the steps. I used putty to ssh into the router (not sure if that is the correct way), and I'm not sure exactly what to type next for your step #5. Thanks.

 

[ColinTaylor]

For those people using John's firmware version V43E6 added the ability to spoof the TTL with a custom value (e.g. 65) in the GUI. Find it under the Firewall tab.

 

[yorlik]

This works perfectly.

If anyone is happening upon this thread here is what I did:

1. install merlin
   1. download the right one from the website
   2. extract it
   3. go to your router.asus.com page
   4. in administration>firmware upgrade, upload your file and flash
2. enable etend the ttl value and spoof lan ttl value in usb modem settings on your router.asus.com page
3. enable ssh at administration>system in router.asus.com
4. ssh in (I used router.asus.com) and my password
5. run chmod a+rx /jffs/scripts/*
6. navigate to jffs/scripts
7. type nano firewall-start
8. edit the script to be:
   #!/bin/sh
   iptables -t mangle -A POSTROUTING -o -usb0 -j TTL --ttl-set 65
   
   
9. ctrl+x and save it
10. reboot the router

I also set up tasker on my phone to turn on usb tethering, I used the power/usb in the state list then used secure settings to turn on usb tethering. Working like a charm.

I used SSH to send "iptables -t mangle -A POSTROUTING -o -usb0 -j TTL --ttl-set 65" and my tethered USB phone went from 5 to full 20-30mbps speed on speedtest.net! YAE!

My Asus RT-68U does not have a choice to format JFFS partician. It is almost factory latest version 385.100 - not merlin I think?

So I just turned on SSH & used my WinSCP program to go to the router... I found /JFFS directory; it had no /script subdirectory, so I made one.

I added a file named firewall-start (not fiewall-start.conf or anthing else). Made it two lines as above. Rebooted Asus: now my speed is back to throttled 5mbps

I then tried to just enter into putty SSH "iptables -t mangle -A POSTROUTING -o -usb0 -j TTL --ttl-set 65" and it changes nothing. My pings are no different.

HELP!?

 

[yorlik]

WAIT! I think ColinTaylor justhad a typo in his script?? I could not get my speed back up with his:

iptables -t mangle -A POSTROUTING -o -usb0 -j TTL --ttl-set 65

So I tried the previous in the thread one:
iptables -t mangle -A POSTROUTING -o usb0 -j TTL --ttl-set 65

And got faster speed again!

Am I correct that it either works or it does not? If works, we get what is available, otherwise we get normal tethered value, right? Ie., I do not need to try to 'tweak' the value of 65 to get a faster speed, right?

thank you all for your replies!!!

 

[ColinTaylor]

WAIT! I think ColinTaylor justhad a typo in his script?? I could not get my speed back up with his:

iptables -t mangle -A POSTROUTING -o -usb0 -j TTL --ttl-set 65

So I tried the previous in the thread one:
iptables -t mangle -A POSTROUTING -o usb0 -j TTL --ttl-set 65

And got faster speed again!

You are correct, that was a typo. BTW that wasn't my script it was @Clinton Cochrane's.

Am I correct that it either works or it does not? If works, we get what is available, otherwise we get normal tethered value, right? Ie., I do not need to try to 'tweak' the value of 65 to get a faster speed, right?

Correct.

 

[yorlik]

You are correct, that was a typo. BTW that wasn't my script it was @Clinton Cochrane's.


Correct.

THANKS!!!!!! I am SOOOOOO Happy with how this is working!!!

May I also ask another related question?

Since the factory RT-68U firmkware does not include a "format JFFS partician, will my simply adding the subdirectory scripts under the already present /JFFS directory be work? I assume the firmware looks for a file named firewall-start in such a directory, and if found, runs it automatically when required? If so, I will be good after power failures or reboots...

PS: You had in 2019 listed adding another program to force your phone to turn on USB tethering: forgive me as you probably know now that is no longer required? For anyone who does not, there is a setting in android phones now to automatically turn on USB tethering as soon as any USB cable is plugged in: if you don't know yet, it is under your phones settings->system->advanced->developer options. You gain access to developer options by asking 4 or 5 (I dont reccall exact number) times. If you need help turning on developer options, duckduckgo it.

 

[yorlik]

You are correct, that was a typo. BTW that wasn't my script it was @Clinton Cochrane's.


Correct.

One last question please? Some of the writeups say you need a different TTL value to prevent some websites not loading... In the hour I have played so far, I have found 4-5 sits that say "not available." I wonder if this is just normal or if it is related to my opening up my tether speed? Time will tell, but Any ideas?

 

[ColinTaylor]

Since the factory RT-68U firmkware does not include a "format JFFS partician, will my simply adding the subdirectory scripts under the already present /JFFS directory be work? I assume the firmware looks for a file named firewall-start in such a directory, and if found, runs it automatically when required? If so, I will be good after power failures or reboots...

No. User scripts like firewall-start are part of Merlin's firmware. They will not work with stock Asus firmware.

PS: You had in 2019 listed adding another program to force your phone to turn on USB tethering: forgive me as you probably know now that is no longer required? For anyone who does not, there is a setting in android phones now to automatically turn on USB tethering as soon as any USB cable is plugged in: if you don't know yet, it is under your phones settings->system->advanced->developer options. You gain access to developer options by asking 4 or 5 (I dont reccall exact number) times. If you need help turning on developer options, duckduckgo it.

That wasn't me. Again, that was @Clinton Cochrane.

 

[umrico]

Good Afternoon,

Spent a couple hours last weekend and this weekend trying to achieve this result so when Comcast takes a dump virtual school can carry on. However I have not have any luck. There seems to be a lot of back and forth on the subject matter and changes over the years. I am on the latest Merlin on an AC68U. If someone has this working could you please post the steps with the working settings and commands? Thank you

 

[ColinTaylor]

Please be specific. There are different variations of this issue that require different solutions. What USB device are you using, and if appropriate how is it configured? What mobile carrier are you using and what TTL settings do they require? What have you already tried and what were the results?

 

[umrico]

Do I need to run a command similiar to this one? I found this in another thread as well:

iptables -t mangle -A PREROUTING -j TTL --ttl-set 65

 

[ColinTaylor]

Please answer the previous questions.

 

[umrico]

Please answer the previous questions.

Sorry.

I am using a note10+. I am using USB tethering. Tmobile. I currently have this in the firewall-start script as another thread said to add the modprobe lines. If I use ping from the router troubleshooting page or from window command per say to www.ask.com i get:

router:55
windows: 54


I was trying to set TTL to 65.

Additionally, I have these enabled on the WAN page

Spoof LAN TTL value
Extend the TTL value	\

Thank you for the speedy response I appreciate it so much!!!

Also, I just tried this from Reddit. However I am still not seeing TTL leaving correctly:

#!/bin/sh
#iptables -t mangle -A POSTROUTING -o usb0 -j TTL --ttl-set 65

sleep 5
modprobe xt_hl
modprobe xt_HL
iptables -t mangle -F POSTROUTING
iptables -t mangle -A POSTROUTING -o usb0 -j TTL --ttl-set 65
logger "TTL ran (firewall)"

 

[ColinTaylor]

Delete that script and reboot your router.

Turn off Extend the TTL value and Spoof LAN TTL value.

What symptoms are you experiencing in this standard configuration?

What firmware are you using?

 

[umrico]

Sorry it looks like our posts were crossing because my original response with the answers you asked for was held up needing mod approval as potential spam.

 

[umrico]

OK.

Both scripts have been deleted and both check boxes have been disabled.

I am getting TLS in the 50's instead of 65/64 according to pings from router and laptop to ask.com/microsoft.com.

I am on Merlins latest 386.2

Also, this is just a defaulted backup router so its a minimal config on the router. would only be pulled out for this one purpose in an emergency. Admin password is changed, wireless has a password, and thats about it. no other changes off the top of my head aside from those checkboxes and the script tryign to get the TTL to 65. both of which have been undone per your previous instruction.

 

[ColinTaylor]

I am getting TLS in the 50's instead of 65/64 according to pings from router and laptop to ask.com/microsoft.com.

That's normal. You won't see a TTL of 64 or 65 returned by ping.

C:\Users\Colin>ping www.ask.com

Pinging askmedia.map.fastly.net [151.101.62.114] with 32 bytes of data:
Reply from 151.101.62.114: bytes=32 time=12ms TTL=58
Reply from 151.101.62.114: bytes=32 time=13ms TTL=58
Reply from 151.101.62.114: bytes=32 time=10ms TTL=58
Reply from 151.101.62.114: bytes=32 time=10ms TTL=58

So apart from the TTL value what is the actual issue?

 

[umrico]

That's normal. You won't see a TTL of 64 or 65 returned by ping.

C:\Users\Colin>ping www.ask.com

Pinging askmedia.map.fastly.net [151.101.62.114] with 32 bytes of data:
Reply from 151.101.62.114: bytes=32 time=12ms TTL=58
Reply from 151.101.62.114: bytes=32 time=13ms TTL=58
Reply from 151.101.62.114: bytes=32 time=10ms TTL=58
Reply from 151.101.62.114: bytes=32 time=10ms TTL=58

So apart from the TTL value what is the actual issue?

No other issue! Just trying to get the TTL to 65