What's new
By:

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

iptables and -j TTL dont work without enabling "Spoof LAN TTL value"

T

Theliel

Regular Contributor
Hi guys,

I don't know if is a bug or I do not understand something...
(Im using RT-AC56u with 384.5)

I was trying to set all outgoing TTL packets (with TTL less than 10) from specific host to a fixed new TTL, so my rule is:

iptables -t mangle -I PREROUTING -s 192.168.2.52 -m ttl --ttl-lt 10 -j TTL --ttl-set 64

In theory should work, but always throws me the same error:

"iptables: No chain/target/match by that name."

Now, I'd enabled "Spoof LAN TTL value" in WAN settings. Once that option is enabled, the previous rule is accepted perfectly and is working fine.

is "Spoof LAN TTL value" setting another parameter that allow us to use -j TTL??
 
The -m switch might be throwing you...

From the man page...

-m, --match match
Specifies a match to use, that is, an extension module that
tests for a specific property. The set of matches make up the
condition under which a target is invoked. Matches are evaluated
first to last as specified on the command line and work in
short-circuit fashion, i.e. if one extension yields false, eval‐
uation will stop.
 
iptables -t mangle -I PREROUTING -s 192.168.2.52 -j TTL --ttl-set 64

dont work neither.

After enabling Spoof LAN TTL... all work.
 
ColinTaylor said:
You need to do this first:

modprobe xt_HL
modprobe xt_hl
Click to expand...


Exactly!! both modules seem to be needed, added to firewall-start and all work fine now. Thank for the tip.


sfx2000, because my ISP IPTV Box send some packets with a extremely low TTL (between 2-5) , so some packatets were being discarded by the network
 
You must log in or register to reply here.

Similar threads

A
Entware iptables no chain/target/match and tcpdump problems
Replies
3
Views
1K
RMerlin
RMerlin
A
Policy-based port routing to bypass NordVPN client
Replies
10
Views
2K
Don->
D
P
Tutorial Subnetting isolation without a VLAN switch
Replies
6
Views
2K
Justinh
J
A
RT-AX86U "Spoof LAN TTL value" option is causing internet break on mobiles
Replies
1
Views
7K
Alexey8484
A
BOFH
Skynet Stats not generated and firewall not blocking anything
Replies
11
Views
2K
Tech Junky
T
Similar threads
Thread starter Title Forum Replies Date
R Iptables functionality on 3006.102.4 Asuswrt-Merlin 15
L iptables script by NAT-START not effective after WAN changed? Asuswrt-Merlin 2
M How to build iptables extensions Asuswrt-Merlin 3
J RT-AC88U drops the OpenVPN inbound ACCEPT iptables rule after a time Asuswrt-Merlin 14
J Curious behaviour after opening ports with iptables - RTAX86U - Asus Wrt Merlin Asuswrt-Merlin 6
S Custom IPTables and EBTables CLI after GUI reprovisioning Asuswrt-Merlin 1
r000t Hardcoded Google DNS IPTABLES rule Asuswrt-Merlin 6
F Understanding IPTABLES - asus ROG ax6000 Asuswrt-Merlin 17

Similar threads

Latest threads

Support SNBForums w/ Amazon

If you'd like to support SNBForums, just use this link and buy anything on Amazon. Thanks!

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!

Members online

Total: 1,493 (members: 22, guests: 1,471)
Back
Top