The pfSense Store

Author Topic: Normalizing TTL across all packets leaving WAN interface  (Read 227 times)

0 Members and 1 Guest are viewing this topic.

Offline ajathom

  • Newbie
  • *
  • Posts: 2
  • Karma: +0/-0
    • View Profile
Normalizing TTL across all packets leaving WAN interface
« on: December 14, 2017, 05:36:57 pm »
I have pfsense 2.4 and I want to normalize all of the packets that are leaving the WAN interface of my router.  My ISP doesn't like routers and blocks data whose ttl is not "stock". 

I did some experimentation and found that if I increment the TTL they can't tell that I'm behind a router and let the traffic through.

I found a very old post that had a way to do this: https://forum.pfsense.org/index.php?topic=4712.0

But my filters.inc doesn't have that line and I don't understand what that file does well enough to make the changes.

Is normalizing the ttl for all traffic leaving an interface something that can stil lbe accomplished?

Online johnpoz

  • Hero Member
  • *****
  • Posts: 14736
  • Karma: +1370/-202
  • Not a pfSense employee, they cannot fire me...
    • View Profile
Re: Normalizing TTL across all packets leaving WAN interface
« Reply #1 on: December 20, 2017, 04:01:57 am »
Well filters.inc has been rewritten a bit since that post back in 2007 ;)

But its still there really its just under the scrub function..

Code: [Select]
function filter_generate_scrubing() {
<snipped>

 if (!isset($config['system']['disablescrub'])) {
                        $scrubrules .= "scrub on \${$scrubcfg['descr']} all {$scrubnodf} {$scrubrnid} {$mssclamp} fragment reassemble\n"; // reassemble all directions

<snipped>
So you should be able to edit that per those threads instructions to do what your asking.
- An intelligent man is sometimes forced to be drunk to spend time with his fools.
- Please don't PM me for personal help
- if you want to say thanks applaud or https://www.freebsdfoundation.org/donate/
1x SG-2440 2.4.2-RELEASE-p1 (work)
1x SG-4860 2.4.2-RELEASE-p1 (home)

Offline ajathom

  • Newbie
  • *
  • Posts: 2
  • Karma: +0/-0
    • View Profile
Re: Normalizing TTL across all packets leaving WAN interface
« Reply #2 on: December 23, 2017, 06:46:38 pm »
Thanks johnpoz, that worked perfectly!

                       

Code: [Select]
$scrubrules .= "scrub on \${$scrubcfg['descr']} all min-ttl 128 {$scrubnodf} {$scrubrnid} {$mssclamp} fragment reassemble\n"; // reassemble all
 directions

Online johnpoz

  • Hero Member
  • *****
  • Posts: 14736
  • Karma: +1370/-202
  • Not a pfSense employee, they cannot fire me...
    • View Profile
Re: Normalizing TTL across all packets leaving WAN interface
« Reply #3 on: December 24, 2017, 03:27:33 am »
Great - glad it worked out for you... Shitty Ass ISPs  So they want your devices directly attached?  And you can have only 1?

You could write a patch to make this edit for you, since every time you update and that file gets updated your change will be lost..
- An intelligent man is sometimes forced to be drunk to spend time with his fools.
- Please don't PM me for personal help
- if you want to say thanks applaud or https://www.freebsdfoundation.org/donate/
1x SG-2440 2.4.2-RELEASE-p1 (work)
1x SG-4860 2.4.2-RELEASE-p1 (home)