OpenWrt Forum Archive

Topic: iptable -ttl-set does not work anymore (iptables-mod-ipopt) ?

The content of this topic has been archived on 29 Apr 2018. There are no obvious gaps in this topic, but there may still be some posts missing at the end.

Post #1
Chris000
19 Nov 2011, 15:20

Hi all,

I just installed iptables-mod-ipopt and but to add a TTL-modifying rule just throws an error (I'm running Backfire 10.03.1-RC6)
   iptables -A PREROUTING -t mangle -i eth0.1 -d 192.168.100.1 -j TTL --ttl-set 10
   iptables v1.4.6: unknown option `--ttl-set'

What's wrong with that? I know the syntax is correct (tested in a debian box). I tried other TTL change option (ttl-inc, ttl-dec): same result.

Is something broken ... in openwrt ... or in my mind? Is there any other way to do to increase the TTL of an incoming packet?

Thanks in advance for the help.

(Last edited by Chris000 on 19 Nov 2011, 15:20)

Post #2
nikolya344
9 Feb 2012, 08:48

Hi, Chris000!
i have the same problem. Do you solved your problem? i have a vlan that looks at internet and i want will send all packets with fixed TTL=64. For this purpose i uses command:

iptables -t mangle -A PREROUTING -i vlan1 -j TTL -ttl-set 64

but openwrt returns to me result:

Bad argument `64'

I tried all possible arguments from 1 to 255 but it doesn't work. If i typing

iptables -t mangle -A PREROUTING -i vlan1 -j TTL -ttl-set -h

then openwrt returns to me result:

TTL target v1.3.8 options
  --ttl-set value               Set TTL to <value 0-255>
  --ttl-dec value               Decrement TTL by <value 1-255>
  --ttl-inc value               Increment TTL by <value 1-255>

So what is wrong?

P.S. Some information about my system:
dlink dir320
Linux version 2.4.37.11
iptables v1.3.8

(Last edited by nikolya344 on 9 Feb 2012, 08:52)

Post #3
Chris000
9 Feb 2012, 10:51

Alas, no progress. I discovered there is a ticket open, but for a long time and no solution found yet: https://dev.openwrt.org/ticket/8181

Post #4
dir2cas
10 Feb 2012, 21:55
Chris000 wrote:

Alas, no progress. I discovered there is a ticket open, but for a long time and no solution found yet: https://dev.openwrt.org/ticket/8181

Seems that the issue is still not solved, since the ticket stays opened for a long time. Hope that somebody will resolve this.

Post #5
HuTPaT
12 Feb 2012, 14:02

According to https://dev.openwrt.org/changeset/29645 this should be fixed in newer builds,
You can also look at https://dev.openwrt.org/ticket/10527 , but maybe you should patch manually netfilter.mk file, because of the differences between newer and older OpenWRT versions (and iptables packages). It means you should build OpenWRT manually ....

Post #6
Adze
12 Feb 2012, 15:53
nikolya344 wrote:

Hi, Chris000!
i have the same problem. Do you solved your problem? i have a vlan that looks at internet and i want will send all packets with fixed TTL=64. For this purpose i uses command:

iptables -t mangle -A PREROUTING -i vlan1 -j TTL -ttl-set 64

You're missing a dash:

iptables -t mangle -A PREROUTING -i vlan1 -j TTL --ttl-set 64

Post #7
dir2cas
12 Feb 2012, 19:12
HuTPaT wrote:

According to https://dev.openwrt.org/changeset/29645 this should be fixed in newer builds,
You can also look at https://dev.openwrt.org/ticket/10527 , but maybe you should patch manually netfilter.mk file, because of the differences between newer and older OpenWRT versions (and iptables packages). It means you should build OpenWRT manually ....

Can we expect the patch to be included in the official backfire?

Post #8
HuTPaT
13 Feb 2012, 11:04

In snapshots there is no integrated TTL target manipulation since ... (I don`t know smile but a long time ago) . If you want - you should do it yourself.
Official backfire 10.03.1 is ready since December 2011 and if you want to have TTL target manipulation you should build from source applying patch.
Other option is to wait for next non-snapshot release!

Post #9
dir2cas
5 Apr 2012, 10:27

Hello all,

As stated in This TT, the TTL target and match options are fixed in official backfire since r30897 and r30898.

I am running r31074 now and can confirm ttl options are implemented and working.
BR

Post #10
Bajramo
11 Nov 2012, 13:01

Can someone please explain step by step how to start up and configure the iptables package for changing the TTL of incoming  and outgoing packages using LuCl. I have tried everything but I can't change the TTL of incoming packages.

Installed the  iptables-mod-ipopt package but do not know how to start up and configure.

Where to insert the iptables -t mangle -I PREROUTING -i vlan1 -j TTL --ttl-set 10

Using AA beta 2
I was able to change the TTL in DD-WRT but the wireless using DD-WRT is not stable.

Post #11
fluxus
7 Jan 2013, 20:08

getting 

iptables: No chain/target/match by that name.

when runnign 

 iptables -t mangle -I PREROUTING -i eth0.1 -j TTL --ttl-inc 1

already replaced eth0.1 by my WAN IP and eth0...
system: OpenWrt Attitude Adjustment 12.09-rc1 on ASUS WL-500g Premium
iptables-mod-ipopt installed
anyone knows how to solve this?

@Bajramo you may try running the command connectin via ssh(enable via System -> Administartion in luci and connecting to your router via putty on port 22)

(Last edited by fluxus on 7 Jan 2013, 20:11)

Post #12
fahim1rocks
5 Jul 2015, 13:45

No fix for the problem yet?

Post #13
gluker
26 Oct 2015, 14:47

opkg install iptables-mod-ipopt kmod-ipt-ipopt

Post #14
zekelee
8 Aug 2016, 09:44
gluker wrote:

opkg install iptables-mod-ipopt kmod-ipt-ipopt

wow, Thanks!!!

Post #15
mrhellko
1 Oct 2016, 11:02
gluker wrote:

opkg install iptables-mod-ipopt kmod-ipt-ipopt

Hello, i have problem:
I connected to the router via telnet and write in console "opkg install iptables-mod-ipopt kmod-ipt-ipopt".

Package kmod-ipt-ipopt (2.6.32.27-1) installed in root is up to date.
Package iptables-mod-ipopt (1.4.6-3.1) installed in root is up to date.

but when I try to enter "iptables -t mangle -A POSTROUTING -j TTL --ttl-set 65" router responds: unknown option `--ttl-set`
maybe need more packages?

The discussion might have continued from here.