LinuxQuestions.org - iptables TTL change does not work

- Linux - Networking (https://www.linuxquestions.org/questions/linux-networking-3/)

- - iptables TTL change does not work (https://www.linuxquestions.org/questions/linux-networking-3/iptables-ttl-change-does-not-work-603988/)

iptables TTL change does not work

There are two linux boxes on my network. 192.168.168.51 is a router and has a vpn-connection, 192.168.168.50 is a guest
this is done on 192.168.168.51:

Code:

echo 1 > /proc/sus/ipv4/ip_forward

iptables -t nat -A POSTROUTING -s 192.168.168.50 -o ppp0 -j MASQUERADE

iptables -t mangle -A POSTROUTING -s 192.168.168.50 -o ppp0 -j TTL --ttl-inc 1

this on 192.168.168.50:

Code:

ip route add default via 192.168.168.51

ping somehost from 192.168.168.51:

Code:

64 bytes from somehost: icmp_seq=1 ttl=61 time=4.33 ms

and ping somehost form 192.168.168.50:

Code:

64 bytes from somehost: icmp_seq=1 ttl=60 time=5.59 ms

So, ttls differ, but should be equal.

Yes, I am trying to hide from my ISP, though it is legal for my case, don't want them to spot me. Please help.
kernels are 2.6.23 for 192.168.168.51 and 2.6.23.8 for 192.168.168.50

Aren't you seeing the echo reply? I believe that what you are doing changes the ttl on the echo request. It makes perfect sense that the ttl is different on the reply, since it is going through a router, which as you know will decrement the ttl. But, to see if it's working, you need to watch the ping from 192.168.168.50 as it leaves 192.168.168.51

Quote:

Originally Posted by krock923 (Post 2978400)

Hm... Forgot that packets are returning, not emerging... So, i did on 192.168.168.51:

Code:

iptables -t mangle -A POSTROUTING -d 192.168.168.50 -j TTL --ttl-inc 1

and it did the trick backwards.

Is chain POSTROUTING only for passing through packets? Or does it work for local?

I believe that it is only for packets that are forwarded, but I am not one hundred percent sure of that.