incrementing TTL in firewall

Bill Hance bill at billhance.com
Tue Nov 8 00:21:16 CET 2005


Greetings,

  I am trying to "hide" my firewall from showing up on traceroutes, but
want my network to be pingable.  So, I've forwarded icmp type 8 through
the firewall to a host that will do the echo replying.

  As you can see below, when I omit the "1" from the command, I get a
message to specify a value.  But when I add "1" as the value, I get a
"No chain/target/match by that name" error...

  Any help would be appreciated.

 -Bill




[root at BULLDOG /]# uname -r
2.4.20-6
[root at BULLDOG /]# rpm -q iptables
iptables-1.2.7a-2
[root at BULLDOG /]#
[root at BULLDOG /]# iptables -t mangle -L -n -v
Chain PREROUTING (policy ACCEPT 56522 packets, 32M bytes)
 pkts bytes target     prot opt in     out     source              
destination

Chain INPUT (policy ACCEPT 14410 packets, 919K bytes)
 pkts bytes target     prot opt in     out     source              
destination

Chain FORWARD (policy ACCEPT 42112 packets, 31M bytes)
 pkts bytes target     prot opt in     out     source              
destination

Chain OUTPUT (policy ACCEPT 13576 packets, 1318K bytes)
 pkts bytes target     prot opt in     out     source              
destination

Chain POSTROUTING (policy ACCEPT 55687 packets, 32M bytes)
 pkts bytes target     prot opt in     out     source              
destination
[root at BULLDOG /]#
[root at BULLDOG /]#
[root at BULLDOG /]#
[root at BULLDOG /]# iptables -t mangle -A PREROUTING -j TTL --ttl-inc
iptables v1.2.7a: TTL: You must specify a value
Try `iptables -h' or 'iptables --help' for more information.
[root at BULLDOG /]#
[root at BULLDOG /]# iptables -t mangle -A PREROUTING -j TTL --ttl-inc 1
iptables: No chain/target/match by that name
[root at BULLDOG /]#
[root at BULLDOG /]#









More information about the netfilter mailing list