Can the ISP find out if I do routing and IP fowarding?
Linux - NetworkingThis forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
Can the ISP find out if I do routing and IP fowarding?
I have a lan with 15 computers in my the office, I want to acquire a 4 Mb/s ADSL and put a linux machine to do all the job of masquerading and forwarding of IP packages.
The thing is that the Internet Provider said that I can't do it, because the adsl service is only for one computer, like home use. (and that's why it is cheap, just $50 USD/month).
They also said that they can find out if I use more computers, and they will cut immediately the net.
I am quite sure they can't find out, but since they insisted, I came here to ask about.
By the way, I will use Jay's firewall script for the Internet sharing and firewall machine. It works just perfect, internet sharing, good firewall settings and easy to understand.
as long as you use a dns/dhcp server in your internal network when you masqurade your connection it should look like only one pc is connected. What im thinking is that they can "FIND OUT" by trying to access a web page on your router <- - most of the comercial routers do have a web based configuration interface. But as long as you block this they shouldent be able to tell.
Im not an expert on network stuff as far as being able to tear apart packets but they could find out if they seen that a packet was bound for another computer then the server ?
Other then that anything elese would be considered hacking the connection or breaking security by circumventing the firewall you setup. This would consitute hacking and is illieagal if its not specifyed that they can do this kind of montoring in your agreement.
Cox doesent like <-- (not enforced ) more connections then one computer on there network but i got something similar to what your doing setup at my house with a slackware server. Mostly they just tell us to disconnect it when we call them for support
One thing they can do is to monitor the TTL in a packet and if they see several different TTL's then they know there is more than one computer sending the packets.
This patch requires the TTL patch from the patch-o-matic tree available in the base directory from http://www.netfilter.org/documentation/index.html#FAQ - The official Netfilter Frequently Asked Questions. Also a good place to start at when wondering what iptables and Netfilter is about..
The TTL target is used to modify the Time To Live field in the IP header. One useful application of this is to change all Time To Live values to the same value on all outgoing packets. One reason for doing this is if you have a bully ISP which don't allow you to have more than one machine connected to the same Internet connection, and who actively pursue this. Setting all TTL values to the same value, will effectively make it a little bit harder for them to notify that you are doing this. We may then reset the TTL value for all outgoing packets to a standardized value, such as 64 as specified in Linux kernel.
For more information on how to set the default value used in Linux, read the ip-sysctl.txt, which you may find within the Other resources and links appendix.
And a mail transfer agent (MTA) for mail on the gateway carrying squid. It's quite normal for a user to have several mail accounts, so that alone won't be a pointer. (I have something like 8 or 9 with 3 different domains.)
Distribution: OpenBSD 4.6, OS X 10.6.2, CentOS 4 & 5
Posts: 3,660
Rep:
TTL monitoring really only works if the OSs in use all use different defaults, or if you have more than one tier of routing (i.e. some machines connected directly to the first router, then another router connected to that with yet more machines).
The most common ways to detect multiple machines behind NAT is to monitor IP IDs, TCP sequence numbers, and emphemeral source ports. Since most OSs increment these values in predictable ways, you'll know that there is more than one machine if you get some of the above numbers that have decremented instead of incremented.
OpenBSD takes care of this by having a packet filter feature for "modulate state" which randomizes all the applicable values. I'm not sure if iptables or one of the patch-o-matic modules supports something similar.
Be aware that even if it looks like your linux router is the only computer surfing you might give away your situation due to information sent within packets. For example ICQ would normally report both the local IP as well as the Public IP to your contacts. Having more than one computer using ICQ would show up in the icq traffic.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.
