I've successfully set up the iptables to produce the same TTL value for all outgoing packets, but there is still passive way how to detect NAT using the ID field of IP packets (as described
here). There is a possibility to eliminate this by setting the ID of IP packets to the same value (e.g. 0), but this means that I will have to turn the DF (don't fragment) flag to all outgoing packets. And my question is - can I do it safely? I use Internet for mails, www and some games and I'm not sure if this won't break them.
Or, is there any other way how to eliminate NAT detection using ID field? Thank for reactions.