TTL modify using iptables -t mangle

[olegfusion]

Good day and Happy New Year everybody!

I have specific question regarding TTL.
I need to change it for each interface for in and our traffic, however:

admin@RT-AC68U-8710:/tmp/home/root# iptables -t mangle -I PREROUTING -i eth0 -j TTL --ttl-set 10
iptables: No chain/target/match by that name.

admin@RT-AC68U-8710:/tmp/home/root# iptables -t mangle -I POSTROUTING -o eth0 -j TTL --ttl-set 10
iptables: No chain/target/match by that name.

Using latest firmware.

Got some reply from google, so:

admin@RT-AC68U-8710:/tmp/home/root# cat /proc/net/ip_tables_matches
time
string
state
mac
limit
helper
conntrack
conntrack
connlimit
connbytes
connmark
mark
u32
addrtype
addrtype
icmp
webstr
tcpmss
recent
multiport
iprange
udplite
udp
tcp

admin@RT-AC68U-8710:/tmp/home/root# cat /proc/net/ip_tables_targets
NOTRACK
NFLOG
CLASSIFY
CONNMARK
MARK
TRIGGER
REJECT
MASQUERADE
LOG
DNAT
SNAT
ERROR
TCPMSS
TOS
DSCP

So, ok, ipt_TTL module is not turned on.

admin@RT-AC68U-8710:/tmp/home/root# modprobe ipt_TTL
modprobe: module ipt_TTL not found in modules.dep

admin@RT-AC68U-8710:/tmp/home/root# insmod ipt_TTL
insmod: 'ipt_TTL.ko': module not found

Please help me, how can I activate this module?

Thanks a lot for reply.

 

[charlie2alpha]

admin@ASUS:/lib/modules/2.6.36.4brcmarm/kernel/net/netfilter# modprobe  xt_HL
admin@ASUS:/lib/modules/2.6.36.4brcmarm/kernel/net/netfilter# cat /proc/net/ip_tables_targets
NOTRACK
NFLOG
CLASSIFY
CONNMARK
MARK
TTL
TRIGGER
REJECT
MASQUERADE
LOG
DNAT
SNAT
ERROR
TCPMSS
TOS
DSCP

Try it.

 

[charlie2alpha]

By the way, there are two different modules for TTL, as I see in my Linux system:

defiant ~ # modinfo xt_HL
filename:       /lib/modules/3.17.7-gentoo/kernel/net/netfilter/xt_HL.ko
alias:          ip6t_HL
alias:          ipt_TTL
license:        GPL
description:    Xtables: Hoplimit/TTL Limit field modification target
author:         Maciej Soltysiak <solt@dns.toxicfilms.tv>
author:         Harald Welte <laforge@netfilter.org>
depends:        x_tables
intree:         Y
vermagic:       3.17.7-gentoo SMP mod_unload
defiant ~ # modinfo xt_hl
filename:       /lib/modules/3.17.7-gentoo/kernel/net/netfilter/xt_hl.ko
alias:          ip6t_hl
alias:          ipt_ttl
license:        GPL
description:    Xtables: Hoplimit/TTL field match
author:         Maciej Soltysiak <solt@dns.toxicfilms.tv>
depends:        x_tables
intree:         Y
vermagic:       3.17.7-gentoo SMP mod_unload

Both are available in my RT-AC56U.

 

[olegfusion]

hm, xt_HL made its job great. Not sure what's the difference between xt_HL and xt_hl.
Thanks for help!

 

[RMerlin]

if your ISP limits your TTL to 1, you can now extend it through the webui (this is a new feature recently added by Asus, and included in 376.49). Go to the WAN page, and at the bottom of the page enable the Extend TTL setting. This will extend the TTL to 64.