Hi,
I have a Fibocom FM190W which has OpenWrt 22.03.5 built into the modem. Anyone knows how to set the custom TTL=65 into this firmware please?
I have attached a pictures from the firmware.
Thank you @AndrewZ but how to add those and where?
/etc/nftables.d/90-mangle-ttl.nft
chain mangle_ttl_out {
type filter hook postrouting priority mangle;
meta nfproto ipv4 oifname eth2 ip ttl set 64
}
chain mangle_ttl_in {
type filter hook prerouting priority mangle;
meta nfproto ipv4 iifname eth2 ip ttl 1 ip ttl set 5
}
Mine does no have file manager:
Connect over ssh and use your favourite editor to create and edit the file mentioned in the example.
There is no need to post pictures.
First would be to determine kind of firewall used in status/firewall and network/firewall.
ipt/fw3 looks like -A INPUT
nft/fw4 looks like table inet firewall4 {
If neither you need to ask vendor.
@AndrewZ would you mind if sharing how to create in SSH please? I'm logged into SSH now.
Where should I look for these. I'm sorry new to OpenWRT.
The firewall button highlighted in your picture?
I do not see any of these in firewall. Is there anyway we can add?
I get this in SSH:
root@OpenWrt:~# /etc/nftables.d/90-mangle-ttl.nft
-ash: /etc/nftables.d/90-mangle-ttl.nft: not found
root@OpenWrt:~#
@brada4 here is my Firewall view:
https://pdflink.to/88630680/
It is firewall3 and iptables, so in network/firewall last tab you can add additional rules in iptables-save syntax.
it is not OpenWRT 22 anymore, it is older firewall framework, probably you should rephrase title to ask for firewall3 custom rule help.
@brada4 Do you have the rules to set IPv4 and IPv6 for TTL=65?
My router uses the below interfaces.
It randomly uses one of the below example1 or example2:
wan
Type: Ethernet Adapter
Device: rmnet_data1
wan_v6
Type: Ethernet Adapter
Device: rmnet_data1
or
wan
Type: Ethernet Adapter
Device: rmnet_data0
wan_v6
Type: Ethernet Adapter
Device: rmnet_data0
you mean here?
It appears to be working with the below rule but it won't save it. With any reboot, I see different TTL:
iptables -t mangle -I POSTROUTING 1 -j TTL --ttl-set 65
You need to ask vendor.
@brada4 thank you but unfortunately Fibocom is not responsive and they have a bad support.
It is 3rd party defect, really nothing OpenWRT can do to stop random fork author from breaking basic UX.
Ok thanks for the help.
Use the official commands written on the OpenWrt Wiki:
Or change the TTL and IPv6 hop limit in nftables with these commands:
# Modify TTL and IPv6 hop limit for egress traffic on written devices
WAN_TTL="64"
WAN_HLIM="64"
WAN_DEV="eth1, ppp0, ppp1, usb0, usb1, wwan0, wwan1"
# Add TTL, IPv6 hop limit and firewall rules for egress traffic
cat << EOF > /etc/nftables.d/ttl_and_hlim.sh
nft add rule inet fw4 mangle_postrouting oifname { $WAN_DEV } ip ttl set $WAN_TTL
nft add rule inet fw4 mangle_postrouting oifname { $WAN_DEV } ip6 hoplimit set $WAN_HLIM
EOF
uci -q del firewall.ttl_and_hlim
uci set firewall.ttl_and_hlim="include"
uci set firewall.ttl_and_hlim.path="/etc/nftables.d/ttl_and_hlim.sh"
# Saving modified values of firewall
uci commit firewall
service firewall restart
# Check the rules of the chain "mangle_postrouting"
nft list chain inet fw4 mangle_postrouting
I got this error:
root@OpenWrt:~# WAN_TTL="65"
root@OpenWrt:~# WAN_HLIM="65"
root@OpenWrt:~# WAN_DEV="rmnet_data0, rmnet_data1, eth1, ppp0, ppp1, usb0, usb1,
wwan0, wwan1, wan, wan_v6"
root@OpenWrt:~# cat << EOF > /etc/nftables.d/ttl_and_hlim.sh
nft add rule inet fw4 mangle_postrouting oifname { $WAN_DEV } ip ttl set $WAN_
TTL
nft add rule inet fw4 mangle_postrouting oifname { $WAN_DEV } ip6 hoplimit set
$WAN_HLIM
EOF
-ash: can't create /etc/nftables.d/ttl_and_hlim.sh: nonexistent directory
root@OpenWrt:~# uci -q del firewall.ttl_and_hlim
root@OpenWrt:~# uci set firewall.ttl_and_hlim="include"
root@OpenWrt:~# uci set firewall.ttl_and_hlim.path="/etc/nftables.d/ttl_and_hlim
.sh"
Use those commands on the router where you have placed that modem.