Friday, October 17, 2008

Configure iptables to bypass the ttl=1 set by ISP

I've just got a cheap 24hours internet account where my ISP sets a ttl = 1 which prevents it from sharing with multiple computers at a time. Which cannot stop me from using the mighty iptables and live a peaceful life. Here is a quick tip as to set up an internet connection sharing and at the same time change the ttl values.

A fancy ascii connection structure

LanComputer (A, 192,168.1.100) ------> gateway(B, eth1 192.168.1.1)

gateway(B, ppp0 public ip) ------------> ISP (internet)

Here are the magic lines

$ sudo iptables -t nat -A POSTROUTING -j MASQUERADE
$ sudo iptables -A FORWARD -i ppp0 -o eth1 -s 192.168.1.0/24 -m state --state NEW -j ACCEPT
$ sudo iptables -A FORWARD -m state --state ESTABLISHED,RELATED -j ACCEPT
$ sudo iptables -t mangle -A PREROUTING -j TTL --ttl-inc 1

Also for internet connection sharing make sure the ip forwarding is setup. Here is the command.
$sudo sh -c "echo 1 > /proc/sys/net/ipv4/ip_forward"
More on internet connection sharing is available at https://help.ubuntu.com/community/Internet/ConnectionSharing

Now someone needs to test this with openwrt or ddwrt.

Cheers
Posted by at No comments:
Subscribe to: Posts (Atom)