RE: forwarding with ttl=1
Hi All I am newbie with configuring networks under FreeBSD . I have small network with gateway running on FreeBSD 5.2 Release .My ISP offers me pppoe service for connecting to Internet . I didn't have problems with configuring ppp with pppoe . I used nat option wchich works fine for masquerading the local network from the world . The problem is that the ISP's gateway returns every time packets with ttl=1 which makes further forwarding impossible . My gateway returns icmp error mesage time exceeded and discards packets . I want to know if I made some mistake with configuring nat service or if not what is the solution of the problem ? Is there any service that can increment ttl and process the packet ? I tried to avoid the checking of ttl in the ip_forward() function in ip_input.c and skipping the decrement of ttl and everything works fine but i think that this is very ugly kernel hack . Probably there is an easy and elegant solution . Any ideas ? TTL (Time To Live) is a counter value in an IP packet that gets decremented by every hop (router). When it reaches a value of zero, the packet is discarded. Using a TTL of 1 isn't going to be very useful as your packets will all be discarded at the first router. This is working as intended. Normally, TTL is set to 128-ish. ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
RE: forwarding with ttl=1
The problem is that the ISP's gateway returns every time packets with ttl=1 which makes further forwarding impossible . My gateway returns icmp error mesage time exceeded and discards packets . TTL (Time To Live) is a counter value in an IP packet that gets decremented by every hop (router). When it reaches a value of zero, the packet is discarded. Using a TTL of 1 isn't going to be very useful as your packets will all be discarded at the first router. This is working as intended. That's what I mean . The incoming packets are with TTL=1 and my gateway cannot forward them to the local network . Probably the reason is that the ISP doesn't want from his clients to share one Internet connection between different machines in the local network . I dont have problem with outgoing packets . here is the code fragment from ip_forward() in ip_input.c /usr/src/sys/netinet/ip_input.c : if (ip-ip_ttl = IPTTLDEC) { //Yes !!! the TTL == 1 icmp_error(m, ICMP_TIMXCEED, ICMP_TIMXCEED_INTRANS,0, 0); return; } and further: ip-ip_ttl -= IPTTLDEC; when i execute netstat -s there is a big number of icmp time exceed errors indicating that the packets are discarded because of TTL expiration I need a way to avoid this . Thanks ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: forwarding with ttl=1
TTL (Time To Live) is a counter value in an IP packet that gets decremented by every hop (router). When it reaches a value of zero, the packet is discarded. One more thing . If the packet is going to be forwarded and the TTL has value of 1 than the hop discards the packet . A system should never receive IP datagram with TTL of 0 , but Net/3 generates the correct ICMP error if this happens since ip_ttl is examined after the packet is considered for local delivery and before it is forwarded [TCP/IP Illustrated , Volume 2 - Gary R. Wright , W.Richard Stevens] ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: forwarding with ttl=1
Alex, When posting please wrap your lines...they are easier to read and some MUA's don't deal well with them...including mine :) Thanks. This situation is kind of funny, I've never heard of an ISP doing this. I belive what you want to do is, if you are using IpFilter, use the fastroute keyword. You can find more about it at the link[1] posted below. Just do a search on the page for fastroute. There are probably options for the alternate packet filters (ipfw, pf) also. Just read the howto corresponding to the packet filters name and you should find out some more information. [1]http://www.obfuscation.org/ipf/ipf-howto.txt --Stephen Hi All I am newbie with configuring networks under FreeBSD . I have small network with gateway running on FreeBSD 5.2 Release .My ISP offers me pppoe service for connecting to Internet . I didn't have problems with configuring ppp with pppoe . I used nat option wchich works fine for masquerading the local network from the world . The problem is that the ISP's gateway returns every time packets with ttl=1 which makes further forwarding impossible . My gateway returns icmp error mesage time exceeded and discards packets . I want to know if I made some mistake with configuring nat service or if not what is the solution of the problem ? Is there any service that can increment ttl and process the packet ? I tried to avoid the checking of ttl in the ip_forward() function in ip_input.c and skipping the decrement of ttl and everything works fine but i think that this is very ugly kernel hack . Probably there is an easy and elegant solution . Any ideas ? please excuse my English ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: forwarding with ttl=1
On Thu, Feb 05, 2004 at 03:17:04PM +0200, Alexander Botov wrote: From: Alexander Botov [EMAIL PROTECTED] To: [EMAIL PROTECTED] Date: Thu, 5 Feb 2004 15:17:04 +0200 Subject: forwarding with ttl=1 Hi All I am newbie with configuring networks under FreeBSD . I have small network with gateway running on FreeBSD 5.2 Release .My ISP offers me pppoe service for connecting to Internet . I didn't have problems with configuring ppp with pppoe . I used nat option wchich works fine for masquerading the local network from the world . The problem is that the ISP's gateway returns every time packets with ttl=1 which makes further forwarding impossible . My gateway returns icmp error mesage time exceeded and discards packets . I want to know if I made some mistake with configuring nat service or if not what is the solution of the problem ? Is there any service that can increment ttl and process the packet ? I tried to avoid the checking of ttl in the ip_forward() function in ip_input.c and skipping the decrement of ttl and everything works fine but i think that this is very ugly kernel hack . Probably there is an easy and elegant solution . Any ideas ? You don't need to hack the kernel because this was already did. Add options IPSTEALTH in your kernel configuration file, build the new kernel and set net.inet.ip.ipstealt sysctl variable to 1. For more information see /usr/src/sys/conf/NOTES and /usr/src/sys/netinet/ip_input.c. please excuse my English ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED] -- Dancho Penev ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]