I bought a new router (AXT1800) to replace my Synology router, and I have an ethernet ISP where I have to manually set the Gateway, the static IP address, and the DNS servers, which are all good.
The problem is that the ISP doesn't like routers and usually checks TTL for that. So I went to custom firewall settings, and I added:
But didn't work. The google web page keeps loading forever and sometimes crash with DNS error. The router led keeps blinking and on the GL.iNET dashboard I see the ethernet connection is up/down consecutively.
For reference, I checked how the Synology router deals with this case. During ethernet wan configuration and after inserting all ip, Gateway, dns, .. there is a checkbox where you set activate TTL-Spoofing for this connection. When you check that box new rules are added to iptables:
Chain SPOOF_TTL_FORWARD (1 references)
target prot opt source destination
RETURN all -- anywhere anywhere
RETURN all -- anywhere anywhere
TTL all -- anywhere anywhere TTL match TTL > 30 TTL match TTL < 254 TTL set to 64
TTL all -- anywhere anywhere TTL match TTL == 254 TTL set to 255
Then, the internet works correctly without any problem.
Another information: I also copied the Synology router mac address to AXT1800 mac address to bypass any mac filtering but that didn't help.
The problem here is that if the ISP doesn't like third-party routers, they will do everything possible to make the user experience the worst possible. What I would do is change companies, since it is the user himself who has the right to use the telecommunications equipment he wants.
Synology router and a 10$ TPLINK router both are working fine. So I just need to know how to use the same script/logic on those working routers in AXT1800 router.
The ISP is not that smart and they are using very simple scripts such mac address check and TTL to force users not to use routers.
Usually the iptables hack should be enough but I feel there is another step of routing before reaching ISP that decrease the TTL and cause the detection.
Private residency with ethernet network across different apartments. They block routers to prevent reshare probably. But somehow Synology with TTL-Spoofing feature is bypassing that
Ping and nslookup are both working but with packets drop. Just by looking at the router dashboard I see the ethernet connection is connecting and disconnecting consecutively.
The same behavior was also with my synology router but when I activated the TTL-spoofing this problem went away.
So basically you can connect to the ISP for initial few seconds then you will be automatically disconnected and then reconnect again and you will be disconnected automatically. The few milliseconds while you are connected you can open google page do ping or nslookup but directly after that you will be disconnected.
Using a cheap tplink router (there is no TTL config) surprisingly works well. So I believe there is some checking somewhere (not MAC address check) that kills the connection.
I checked the outgoing packets using tcpdump and filtering on gateway as destination, they are all with TTL 64 which means the iptables setting is working.
Given that I believe that itβs more than TTL but some kind of device profiling or DHCP fingerprinting.
Using L2 switch between AXT1800 and the provider gateway bypass the check and the router is able to connect. Connecting the router directly still doesn't work.
Still can't figure out what the ISP is checking to detect router.
I can confirm that there is a check (from an insider engineer with the ISP), but I still need help figuring out how to bypass it. The same exact problem was a time ago with the Synology router, but after many test, it went through.
The residence ISP has Router and DHCP/DNS server with ethernet cables across different apartments. You can only connect to the ethernet port you have in your apartment and config DHCP client. You can't access anyway the ISP router or the gateway.