How to change ttl to 65

Have you tired adding to /etc/config/network -

config device                    
	option name 'eth0.2'
	option ttl '65'

How to apply to wan interface?

I just showed you:

config device                    
	option name 'eth0.2'
	option ttl '65'

Did it work?

I Tried sysctl net.ipv4.ip_default_ttl=65 but after reboot it goes back to 64.

Did you try what I put twice above!?!?

You would add that to /etc/sysctl.conf

It will affect all interfaces.

That is what I want. How to save changes?

I just told you:

How to add that command to /etc/sysctl.conf

Can you list all steps?

Are you saying you don't know how to use the editor on the command line?

https://linux.die.net/man/1/vi

The command to enter the editor is: vi /etc/sysctl.conf

Yes sir. I don't know linux.

After adding that to vi how to exit and save?

The link to the manual will tell you.

  • Step 1
  • Step 2 - find a free line

  • Step 3 - hit INSERT to edit

  • Step 4 - add sysctl line

  • Step 5 - hit ESC to stop editing

  • Step 6 :wq to save and quit

  • Step 7 - reboot

(Please read the manuals and wikis provided in the future.)

Do I have enter
sysctl net.ipv4.ip_default_ttl=65 or
net.ipv4.ip_default_ttl=65

I apologize.

I mean in step 4, do I have to enter the command:
sysctl net.ipv4.ip_default_ttl=65 or
net.ipv4.ip_default_ttl=65

You're not entering any commands, your editing the file /etc/sysctl.conf

At step 4, you can see the contents of the file. If you can see the file, use the exact syntax as the other entries.

Entries in that file (as you can see) do not contain a command sysctl. So I'm not sure what you're asking.

Ok. Make sense.

Also can review below commands, will this option will work?

#from a fresh install/reset to defaults
opkg update && opkg install iptables-mod-ipopt kmod-ipt-ipopt

flush tables

iptables -F
iptables -t nat -F -t mangle

apply routing

iptables -t nat -A POSTROUTING -o eth1 -j MASQUERADE
iptables -t mangle -A PREROUTING -j TTL --ttl-set 65
iptables -A FORWARD -i eth1 -o br-lan -m state --state RELATED,ESTABLISHED -j ACCEPT
iptables -A FORWARD -i eth1 -o br-lan -j ACCEPT

What does this post have to do with TTL?

  • If this is unrelated, please make a new thread.
  • You are aware you don't need to use the command line to make firewall entries, right? There's a web GUI for that. You're also erasing the firewall created by OpenWrt.
  • I have no clue what you want these rules to "work" for. Please just make a new thread.

If your TTL issue is solved, please mark the appropriate post as the solution.

I'm not reading an off-site post. You'll need to explain.

  • Is your TTL issue solved, or not?
  • You changed the system TTL already via sysctl, why are you trying to mangle it in the firewall now?
  • Mangling causes issues with utilities like traceroute

I am working on it and let you know.

1 Like

This topic was automatically closed 10 days after the last reply. New replies are no longer allowed.