Posted: Mon Dec 30, 2019 17:41 Post subject: ***HELP*** TTL change for all devices using router
I am attempting to change the TTL for outgoing packets for all devices on the LAN side of my router. I have the following configuration.
tp-link AC1750 (archer c7) v.5 this will be connected to a Netgear LTE modem (LB2120) using a Verizon SIM. I have flashed my tp-link with the latest factory-to-ddwrt.bin I have logged in and established a username and password. The olny other change i have made is to change the ip from 192.168.1.1 to 192.168.2.1
I have found several threads on this but cannot get it working. when i run iptables -t mangle -vnL POSTROUTING i get the following.
Chain POSTROUTING (policy ACCEPT 12438 packets, 6106K bytes)
pkts bytes target prot opt in out source destination
I do not see any packet data after the command has been accepted. I feel like the is something im missing in the router setup maybe firewall related but am not sure.
yes - and still no change. On all the other examples i have seen when the command iptables -t mangle -vnL POSTROUTING is run there is packet information below. i get noting. I currently have the WAN port connected to my cable modem and its routing packets correctly as I can get online.
I have a PREROUTING set to 10 followed by a POSTROUTING set to incr 1. I think I had to do it in a certain order for it to 'work' and show up correctly when I wanted to list them like that.
Thanks for the quick reply. I still feel like im missing some other foundational configuration. shouldn't i see something after the command is accepted specific to packet info?
One other piece of information. I am coming into the router via the wireless ap from a win 10 desktop. i have no additional configuration on the AP its currently running in Wireless Mode = AP. I saw a post that indicated i may need to change the Wireless Mode but in my scenario i am not linking routers. I am going from desktop - wifi - router - cable modem.
Last edited by cabinfever1932 on Mon Dec 30, 2019 19:03; edited 1 time in total
Joined: 08 May 2018 Posts: 16218 Location: Texas, USA
Posted: Mon Dec 30, 2019 18:59 Post subject:
Ok, I have to ask, are you adding firewall rules to the firewall in Administration -> Commands tab, saving firewall, and then issuing the command to list the rules via telnet / ssh or in the Commands window? That webUI commands window is a problematic bitch still and mostly good for adding startup, custom, and firewall scripts, but not much else without figuring out exactly the right syntax and whatnot. _________________ "Life is but a fleeting moment, a vapor that vanishes quickly; All is vanity"
Contribute To DD-WRT Pogo - A minimal level of ability is expected and needed... RSS feed for DD-WRT releases (2025) RSS feed for DD-WRT releases (2024) RSS feed for DD-WRT releases (2023)
----------------------
Linux User #377467 counter.li.org / linuxcounter.net
Ok, I have to ask, are you adding firewall rules to the firewall in Administration -> Commands tab, saving firewall, and then issuing the command to list the rules via telnet / ssh or in the Commands window? That webUI commands window is a problematic bitch still and mostly good for adding startup, custom, and firewall scripts, but not much else without figuring out exactly the right syntax and whatnot.
yes, i added the following and clicked save firewall in the Commands tab.
Ok, I have to ask, are you adding firewall rules to the firewall in Administration -> Commands tab, saving firewall, and then issuing the command to list the rules via telnet / ssh or in the Commands window? That webUI commands window is a problematic bitch still and mostly good for adding startup, custom, and firewall scripts, but not much else without figuring out exactly the right syntax and whatnot.
yes, i added the following and clicked save firewall in the Commands tab.
So let me start from the beginning. After i flash with the new firmware. Is there anything i need to do beyond setting a username and password and before WRT is ready to accept the commands to change the TTL value?
No, nothing special that I recall. Not sure if you can use both of those rules together. I can't recall exactly if it was those two or the 128 rule and the incr 1 rule, but previous trial and error brought me to my current rules in use for TTL.
hmmm...
i saw this in another post and just cant get similar results.
root@ddwrt-lab1:~# iptables -t mangle -vnL POSTROUTING
Chain POSTROUTING (policy ACCEPT 218K packets, 36M bytes)
pkts bytes target prot opt in out source destination
1306 287K TTL 0 -- * vlan1 0.0.0.0/0 0.0.0.0/0 TTL set to 65
1396 298K TTL 0 -- * vlan1 0.0.0.0/0 0.0.0.0/0 TTL increment by 1
as you can see there is packet info after the command is issued.
hopefully someone will be able to point me in the right direction. im sure is something very simple that I am overlooking.
I don't think you can use the setting it to 128 and incrementing it by 1. That's what did not work for me, if I recall right. Also, you notice both of those are vlan1 (LAN), not vlan2 (WAN). I haven't implemented anything for vlan1, personally.
I haven't configured any vlan's is that something I need to do? the only things I have configured are user id / pwd. I haven't made any changes to firewall setting other than inserting the commands then saving them to firewall in the web gui and then running them via telnet
If those firewall rules are in your firewall script, why are you re-entering the commands via telnet? That is probably not helping. There are default vlans configured in the firmware, dependent on whether the router is pre-802.11n or post-802.11n. You should probably do a little more RTFM ....
Id love to RTFM but there doesn't seem to be clear guidance on this. I may have misunderstood but I thought you or someone else indicated to use the UI to copy the commands and save them for the Firewall but also issue them via telnet.
I'm trying to get some indication that the commands have executed and are working so far I see nothing that indicates that.
Obviously networking is not my forte. I know almost enough to be dangerous but not really.
SO here is my new plan. flash the firmware again back to a base load of WRT. Then only use the UI to save the following command to the firewall.