Cannot set the TTL for packets

Roger Krowiak · 05-27-2005, 11:45 AM

Hi all,

I'm trying to set the TTL for outgoing traffic in iptables (to hide computers behind firewall). After adding this two lines of code

Code:

iptables -v -t mangle -A OUTPUT -o eth0 -j TTL --ttl-set 128
iptables -v -t mangle -A FORWARD -o eth0 -j TTL --ttl-set 128

I've got following error report:

Code:

TTL  all opt -- in * out eth0  0.0.0.0/0  -> 0.0.0.0/0  TTL set to 128
iptables: No chain/target/match by that name
TTL  all opt -- in * out eth0  0.0.0.0/0  -> 0.0.0.0/0  TTL set to 128
iptables: No chain/target/match by that name

The lines in iptables config are OK according to me and I'm very confused with the error message. Do you have any idea about this?

Linux distribution - Slackware current
Kernel - 2.6.11.10
if you need more info, please write.

Roger Krowiak · 05-29-2005, 02:42 PM

Well now I know the answer, the TTL target extension was not included in kernel, patching using patch-o-matic was needed to install this extension, now it works fine. I have one minor question: on netfilter.org is procedure how to download CVS version of patch-o-matic:

Code:

cvs -d :pserver:cvs@pserver.netfilter.org:/cvspublic login

using password cvs, but there is always error

Code:

cvs [login aborted]: connect to pserver.netfilter.org(213.95.27.115):2401 failed: Connection refused

so I had to use almost year old version from http://www.netfilter.org/files/patch...040621.tar.bz2. Do you know how/from where can be the latest version obtained? Thanks.