Menu
What's new
By:
Filters Better Search

ip6tables mangle does not do anything

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

V

vesati

New Around Here
I'm somewhat new at this, but I am needing to adjust the TTL/HL on IPv4 and IPv6 traffic passing through my router.

For context, the router is an Asus RT-AX86U Pro running Merlin firmware version 388.2_2.

I have enabled custom scripts, and then used Putty to access the firewall over SSH.

I navigate to /jffs/scripts and have created a firewall-start script with the following:
#!/bin/sh
iptables -t mangle -I POSTROUTING -j TTL --ttl-set 64
iptables -t mangle -I PREROUTING -j TTL --ttl-set 64
ip6tables -t mangle -I POSTROUTING -j HL --hl-set 64
ip6tables -t mangle -I PREROUTING -j HL --hl-set 64

For IPv4 traffic, it seems to work as expected.
Reply from 192.168.20.1: bytes=32 time<1ms TTL=64

But it doesn't seem to work as expected for IPv6 traffic.
Reply from fe80::a236:bcff:feb3:b8d8: time=1ms

Can anyone please advise on what I might be doing wrong that is causing this result?
 
How do you know it’s not working? Are there any hits on the rule?
 
dave14305 said:
How do you know it’s not working? Are there any hits on the rule?
Click to expand...
I don't how to check for hits to the rule, but I can see that it isn't working for IPv6 when I ping the firewall and get a TTL value different from what I have set through iptables in the firewall.

The ping command to the IPv6 address of the firewall doesn't return a TTL or HL value, so I took that to mean that it isn't being modified as expected.

Is there a better way to confirm that?
 
vesati said:
I don't how to check for hits to the rule
Click to expand...
Run:
Code: 
ip6tables -t mangle -nvL

Note the documentation on hoplimit:

HL (IPv6-specific)​

This is used to modify the Hop Limit field in IPv6 header. The Hop Limit field is similar to what is known as TTL value in IPv4. Setting or incrementing the Hop Limit field can potentially be very dangerous, so it should be avoided at any cost. This target is only valid in mangle table.

Don't ever set or increment the value on packets that leave your local network!

--hl-set valueSet the Hop Limit to `value'.
--hl-dec valueDecrement the Hop Limit `value' times.
--hl-inc valueIncrement the Hop Limit `value' times.
Click to expand...
 
You must log in or register to reply here.

Similar threads

P
DCSP marking
Replies
19
Views
1K
Coldblackice
Coldblackice
M
IPv6 and Router Advertisement adding route to delegated /56 via WAN interface
Replies
0
Views
225
MrC99
M
R
Port mirroring makes router freeze
Replies
0
Views
730
raca
R
A
Policy-based port routing to bypass NordVPN client
Replies
10
Views
1K
Don->
D
iJorgen
Optimize blocked events from firewall in the system-log
Replies
5
Views
754
iJorgen
iJorgen
Similar threads
Thread starter Title Forum Replies Date
Coldblackice Does ASUS Merlin's QoS consider DSCP? Asuswrt-Merlin 6
fffddd URL filtering in the firewall does not take effect Asuswrt-Merlin 7
B Solved Client list in Network Map is empty and changing the System Log verbosity in the web GUI does nothing Asuswrt-Merlin 7
D [ASUS AX86U Merlin] Blink Sync Module does not connect (connects to iphone hotspot) Asuswrt-Merlin 0
L Does the latest AsusWRT/Merlin FW has a memory leak? Asuswrt-Merlin 20
G network map does not get refreshed Asuswrt-Merlin 7
C Does default dnsmasq configuration store LAN names? Asuswrt-Merlin 6
R My whole network has been randomly freezing up and when it does the log sayes this: Asuswrt-Merlin 4
D Asus GT-AX11000 - Dual WAN Issues - Does Merlin Resolve? Asuswrt-Merlin 17
D IPTV - VPN via Router does not work, App does Asuswrt-Merlin 2

Similar threads

Latest threads

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!

Members online

Total: 934 (members: 31, guests: 903)
Top