Change outgoing TTL

Hi all,

Cool little router. Having a couple issues though that I hope someone could help with.

I have been messing with the firewall rules to change the outgoing TTL to 65, but I can’t seem to get it to work. Looking at the packages installed, everything is there for mangle and Postrouting… So I am a bit lost… I have tried:

iptables -t mangle -A POSTROUTING -j TTL --ttl-set 65


iptables -t mangle -I POSTROUTING -o get_wanface -j TTL --ttl-set 65

but no luck.

Edit: figured out the ssh issue



Hooray. I figured it out. Gues posting was just the little nudge I needed to figure it out. For anyone else searching:


iptables -t mangle -I POSTROUTING 1 -j TTL --ttl-set 65


thanks for sharing

Thanks for this, you just opened up a whole new world for me. :grinning::+1:t3:

Would you kindly explain what you are trying to achieve / why you want to change the TTL?

Presumably this command goes in Network>Firewall>Custom Rules?


Yes it goes in custom rules.

Certain wireless (cellular) providers filter or determine traffic based on TTL. Others also add in browser user agent filters as well.

By changing the TTL you can make traffic appear to originate from the phone instead of via tether. The implication being full speed and priority tethering without a “plan” that you can share with the house.

1 Like

Thanks for sharing.
What does the “1” do after POSTROUTING?

The original fix for tethering given in these forums was:

iptables -t mangle -I POSTROUTING -o 3g-modem -j TTL –ttl-set 64

so interesting comparing that to your solution.


There are a few issues with that line. First it sets the interface, that is fine but not really necessary also it sets the interface as the modem which is slightly different than tethering. Second, setting ttl of 64 will result in a ttl of 63 leaving the tethered phone. This will result in a throttle since 64 is the usual leaving the phone.

As far as the “1” in my line, it sets the order of precidence. It isn’t required but it is good housekeeping and could avoid issues depending on other rules established.

But feel free to do what you would like.

Thanks for clarification.
Yes, I think I understand it now - the fix I gave appears to set the TTL to 64 for data leaving through the 3G modem (connected to the router), whereas your fix sets the TTL to 65 for data leaving the router > phone hotspot. Thus, data leaving the phone will have a TTL of 64.

The only other thing I notice is two hyphens (instead of one) before the ttl-set 65. Is this intentional?

How du I apply these changes in command line?
Custom rules is bug,
Token expire

Didn’t work for me what’s your setup

Try rebooting after you set the custom rules. It is likely either that or you need to do more work on your phone.

I have been using mine flawlessly since I posted and figured it out in 2017 (hurray for $20 unlimited cellular line)

I started with the cheapo $20 I think gli 350 modem and an old nexus 4for testing. I have since upgrade to the $80 2.4 and 5ghz modem for the 5ghz and for more stable power since it uses a brick and not microusb. I think it is b1300 and a newer phone with more bands (nexus 4 had to be hacked to enable lte and only on band 4).

Something to keep in mind on the phone you must also modify the apn or tethering can still be detected. Additionally carrier branded cellular tethering apps bypass apns and will detect tethering.

I am now using a galaxy s 8, that isn’t tied to any carrier and doesn’t have any carrier firmware. Even that took work modify. (global_tether_dun=0 and the like)

Sorry I can’t be more specific, I didn’t takenotes while working on it and i haven’t touched it (aside from occasional reboots) in ~a year.

If you run linux you can also modify the ttl for your linux box via the command line for testing.

I have a iPhone and I’ve been trying different versions of iptables command but to no avail I am using cheap 20$

Iphone will not work unless you have serious chops. Their stuff is beyond locked down.

So basically this was a year ago and I forgot however, the good news is you prompted me to check out my settings on my router and this line wasn’t there. Even more good news is to get this to work using a Verizon S10+ with unlimited is easy. I did nothing to the phone at all.

With that said connect the Slate to your phones hotspot then sign-in to the Slate. After you’re signed in select “More Settings” on the right, then “Advanced”. You’ll have to sign-in to the router once more, once in advanced settings at the top select “Network”, from that menu select “Firewall”, once in the firewall setting select “Custom Rules” (it’s in blue text). At the very bottom of the “Firewall - Custom Rules” box place the text cursor there and press enter so there is a space between the last line and this new one, copy and paste this…

Now press the “Restart Firewall” button and you should be running at near full speed on your carriers wireless network. Hope this helps, good luck!

1 Like

Nice. Glad it is working well for you. I pop in every now and then when someone bumps the thread.

With the phone it all depends on how the carrier recognizes tethering. I had to do quite a bit of work on a certain provider’s phone (not the router) to make sure traffic was going over the normal apn. They had set up a different one that triggered when tethering was enabled. So no matter what the TTL They saw the tether, until i modified it. They can be tricky.

Do i put a space since it might get corrupted if I don’t?

I just put a space (return) to separate it from what was. I don’t think anything will get corrupted if you didn’t have the space (return) so you should be good.

Do you tether phone using usb android native hotspot

Did you connect phone later or before which carrier did you use version or T-Mobile