Setting TTL using IPTables in Gentoo
by unassailable from LinuxQuestions.org on (#55HHQ)
My goal is to set the value of my connection's TTL, as demonstrated by [1] [2] [3] [4] [5] [6].
Fresh install of iptables/ip6tables following [7]
Code:iptables -L -n
Chain INPUT (policy DROP)
target prot opt source destination
ACCEPT all -- 0.0.0.0/0 0.0.0.0/0 ctstate RELATED,ESTABLISHED
ACCEPT all -- 0.0.0.0/0 0.0.0.0/0
ACCEPT icmp -- 0.0.0.0/0 0.0.0.0/0 icmptype 3
ACCEPT icmp -- 0.0.0.0/0 0.0.0.0/0 icmptype 11
ACCEPT icmp -- 0.0.0.0/0 0.0.0.0/0 icmptype 12
REJECT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:113 flags:0x17/0x02 reject-with tcp-reset
Chain FORWARD (policy DROP)
target prot opt source destination
Chain OUTPUT (policy ACCEPT)
target prot opt source destinationWhen adding the rule
Code:iptables -t mangle -A POSTROUTING -j TTL --ttl-set 65I receive the error
Code:iptables: No chain/target/match by that name.[5] shows that ipt_ttl.ko was required circa 2007 and [6] shows this was succeeded by xt_state.ko circa 2009.
I've compiled my kernel and have loaded xt_state.ko, but the error still persists.
Code:cat .config|grep -i _NETFILTER_
# CONFIG_NETFILTER_ADVANCED is not set
CONFIG_NETFILTER_INGRESS=y
CONFIG_NETFILTER_NETLINK=y
CONFIG_NETFILTER_NETLINK_LOG=y
CONFIG_NETFILTER_NETLINK_GLUE_CT=y
CONFIG_NETFILTER_XTABLES=y
CONFIG_NETFILTER_XT_MARK=m
CONFIG_NETFILTER_XT_TARGET_CONNSECMARK=m
CONFIG_NETFILTER_XT_TARGET_LOG=m
CONFIG_NETFILTER_XT_NAT=m
CONFIG_NETFILTER_XT_TARGET_NETMAP=m
CONFIG_NETFILTER_XT_TARGET_NFLOG=m
CONFIG_NETFILTER_XT_TARGET_REDIRECT=m
CONFIG_NETFILTER_XT_TARGET_SECMARK=m
CONFIG_NETFILTER_XT_TARGET_TCPMSS=m
CONFIG_NETFILTER_XT_MATCH_ADDRTYPE=m
CONFIG_NETFILTER_XT_MATCH_CONNTRACK=m
CONFIG_NETFILTER_XT_MATCH_POLICY=m
CONFIG_NETFILTER_XT_MATCH_STATE=mCode:cat .config|grep -i mangle
CONFIG_IP_NF_MANGLE=y
CONFIG_IP6_NF_MANGLE=yCode:lsmod
Module Size Used by
xt_state 16384 0
iptable_nat 16384 0
nf_nat_ipv4 16384 1 iptable_nat
nf_nat 32768 1 nf_nat_ipv4
xt_conntrack 16384 5
nf_conntrack 98304 4 xt_conntrack,nf_nat,xt_state,nf_nat_ipv4
nf_defrag_ipv6 16384 1 nf_conntrack
nf_defrag_ipv4 16384 1 nf_conntrackI have also recompiled net-firewall/iptables with the conntrack, netlink, and nftables use flags, still no change.
Code:[ebuild R ] net-firewall/iptables-1.6.1-r3:0/12::gentoo USE="conntrack ipv6 netlink nftables (split-usr) -pcap -static-libs" 0 KiBI assume that I'm missing something obvious. Has anyone dealt with this before on Gentoo?
Fresh install of iptables/ip6tables following [7]
Code:iptables -L -n
Chain INPUT (policy DROP)
target prot opt source destination
ACCEPT all -- 0.0.0.0/0 0.0.0.0/0 ctstate RELATED,ESTABLISHED
ACCEPT all -- 0.0.0.0/0 0.0.0.0/0
ACCEPT icmp -- 0.0.0.0/0 0.0.0.0/0 icmptype 3
ACCEPT icmp -- 0.0.0.0/0 0.0.0.0/0 icmptype 11
ACCEPT icmp -- 0.0.0.0/0 0.0.0.0/0 icmptype 12
REJECT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:113 flags:0x17/0x02 reject-with tcp-reset
Chain FORWARD (policy DROP)
target prot opt source destination
Chain OUTPUT (policy ACCEPT)
target prot opt source destinationWhen adding the rule
Code:iptables -t mangle -A POSTROUTING -j TTL --ttl-set 65I receive the error
Code:iptables: No chain/target/match by that name.[5] shows that ipt_ttl.ko was required circa 2007 and [6] shows this was succeeded by xt_state.ko circa 2009.
I've compiled my kernel and have loaded xt_state.ko, but the error still persists.
Code:cat .config|grep -i _NETFILTER_
# CONFIG_NETFILTER_ADVANCED is not set
CONFIG_NETFILTER_INGRESS=y
CONFIG_NETFILTER_NETLINK=y
CONFIG_NETFILTER_NETLINK_LOG=y
CONFIG_NETFILTER_NETLINK_GLUE_CT=y
CONFIG_NETFILTER_XTABLES=y
CONFIG_NETFILTER_XT_MARK=m
CONFIG_NETFILTER_XT_TARGET_CONNSECMARK=m
CONFIG_NETFILTER_XT_TARGET_LOG=m
CONFIG_NETFILTER_XT_NAT=m
CONFIG_NETFILTER_XT_TARGET_NETMAP=m
CONFIG_NETFILTER_XT_TARGET_NFLOG=m
CONFIG_NETFILTER_XT_TARGET_REDIRECT=m
CONFIG_NETFILTER_XT_TARGET_SECMARK=m
CONFIG_NETFILTER_XT_TARGET_TCPMSS=m
CONFIG_NETFILTER_XT_MATCH_ADDRTYPE=m
CONFIG_NETFILTER_XT_MATCH_CONNTRACK=m
CONFIG_NETFILTER_XT_MATCH_POLICY=m
CONFIG_NETFILTER_XT_MATCH_STATE=mCode:cat .config|grep -i mangle
CONFIG_IP_NF_MANGLE=y
CONFIG_IP6_NF_MANGLE=yCode:lsmod
Module Size Used by
xt_state 16384 0
iptable_nat 16384 0
nf_nat_ipv4 16384 1 iptable_nat
nf_nat 32768 1 nf_nat_ipv4
xt_conntrack 16384 5
nf_conntrack 98304 4 xt_conntrack,nf_nat,xt_state,nf_nat_ipv4
nf_defrag_ipv6 16384 1 nf_conntrack
nf_defrag_ipv4 16384 1 nf_conntrackI have also recompiled net-firewall/iptables with the conntrack, netlink, and nftables use flags, still no change.
Code:[ebuild R ] net-firewall/iptables-1.6.1-r3:0/12::gentoo USE="conntrack ipv6 netlink nftables (split-usr) -pcap -static-libs" 0 KiBI assume that I'm missing something obvious. Has anyone dealt with this before on Gentoo?