As OpenWrt 22.03 uses nftables to replace iptables, the original ttl command is not working.
Here is how to change ttl for all outgoing interfaces to 65.
SSH to the router and use the following
mkdir -p /usr/share/nftables.d/chain-pre/mangle_postrouting/
echo "ip ttl set 65" > /usr/share/nftables.d/chain-pre/mangle_postrouting/01-set-tt
l.nft
fw4 reload
These commands works, but after reboot the device the ttl back to original. Any additional command can keep the ttl settings? Like load that nft file automatically when reboot
Try putting the commands to run when the router boots up via LuCI → System → Startup → Local Startup.
I do not work for and I am not directly associated with GL.iNet
Are we using NF tables now?
As of 22.03, yup… by thefw4 userland, it looks:
When you say put the commands in startup, do you mean the 'mkdir -p /user/share/… ’ lines above?
Not quite. Once you’re done making the directory, execute that command line beginning with echo. Then reload by the fw4 command to have the new firewall changes take effect.
This setting won’t survive a reboot/power cycle though. To do that, add that same echo command line to the Local Startup page @wcs2228 mentioned as the last line before exit 0. Do the same again for fw4 reload immed. before exit 0. Don’t forget to hit the save button(s), of course.
** I used the above code and you can see below what I got back from router did it work or no?? should the code be changed?? a novice at all this…
Thanks
Mike
text of my ssh into router
root@GL-MT1300:~# mkdir -p /usr/share/nftables.d/chain-pre/mangle_postrouting/
root@GL-MT1300:~# echo “ip ttl set 65” > /usr/share/nftables.d/chain-pre/mangle_
postrouting/01-set-ttl.nft
root@GL-MT1300:~# fw4 reload
Section block_dns (block_dns) is disabled, ignoring section
Section gls2s option ‘reload’ is not supported by fw4
Section gls2s specifies unreachable path ‘/var/etc/gls2s.include’, ignoring sect ion
Section glblock option ‘reload’ is not supported by fw4
Section vpn_server_policy option ‘reload’ is not supported by fw4
Automatically including ‘/usr/share/nftables.d/chain-pre/mangle_output/01-proces s_mark.nft’
Automatically including ‘/usr/share/nftables.d/chain-pre/mangle_postrouting/01-s et-ttl.nft’
DROP all opt – in * out * 0.0.0.0/0 → 0.0.0.0/0 match-set GL_MAC_BLOCK sr c
Log into SSH and run the ping localhost or ping (router IP address) command. Does the output show ttl=65?
I do not work for and I am not directly associated with GL.iNet
yes it is ttl=65, so good to go?? thanks for the assist
Should be good to go.
As an extra test, you can use the same command to set ttl to 64 and then ping should show ttl=64.
So the above code does work. also added this Configuring SQM to reduce Bufferbloat to get flawless IPTV streaming!!
I’ve got an A1300 and it’s on OpenWRT 21 and firewall3 not 4. Tried the above commands but doesn’t seem to work with the older version. Anyone ran into this? I see tons of stuff for the older ip table stuff and nftable stuff for version 22 but not 21 and fw3
Hello, to change mangle prerouting, what would be the steps?
Thank you so much.
