Thank you,
is this only available in beta firmware as 4.6.8 is the latest stable?
when will 4.8.0 be released as stable?
Yes. The v4.6.8 supported to config the TTL if I do not forget, if no, please upgrade to the v4.8.0 beta first, stable v4.8.0 is coming soon.
Does Beryl AX GL-MT3000 also support this from the UI?
Yes, MT3000 supported.
Hi -
I have an AR750, running 4.3.25, using it in the router/repeater setup connecting to the upstream connection via WiFi. Both nftables and legacy iptables are present on this router. Looking at /etc/init.d/firewall it looks like it uses fw4 on a restart, so I presume the legacy rules are down to some packages that haven't migrated over.
I added the rule using the directives above (incidentally, there's an alternate way of setting these up by creating a file under /etc/nftables.d/ though the syntax is somewhat different - can cover it for anyone interested). I can also verify via nft list ruleset that the rule goes in after a fw4 reload (fwiw I also used a value of 64 rather than 65 -- as this is more of a default standard).
The rule fails to work properly though, NATted packets are unaffected by the rule, though packets originating on the router itself (ping/ntp etc) are re-written.
Furthermore the fact that the packets from client machines are making it through having had their original TTLs (128 in the case of Windows) decremented, leads me to suspect that in this scenario the particular mangle_postrouting chain isn't being hit at all (otherwise whatever value outputted wouldn't be related to the input value - but would in some way be related to the value in the rule)
Even easier:
To add to this, this is only evident when sniffing the network layer -- within the filtering code, it appears to think the packet is locally modified (via log statements and look at the TTL values before and after the TTL instructions).
I'm reasonably convinced that this is something to do with conntrack/nat, it appears that packets originating on the router itself are fine, further the first couple of outgoing packets from new connections initiated by devices behind the router are also fine, the rest of them show up unmodified (again -- this can only be detected by sniffing the packets on the upstream router, not on the router itself).
This topic was automatically closed 90 days after the last reply. New replies are no longer allowed.