Menu
What's new
By:
Filters Better Search

ip6tables mangle does not do anything

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

V

vesati

New Around Here
I'm somewhat new at this, but I am needing to adjust the TTL/HL on IPv4 and IPv6 traffic passing through my router.

For context, the router is an Asus RT-AX86U Pro running Merlin firmware version 388.2_2.

I have enabled custom scripts, and then used Putty to access the firewall over SSH.

I navigate to /jffs/scripts and have created a firewall-start script with the following:
#!/bin/sh
iptables -t mangle -I POSTROUTING -j TTL --ttl-set 64
iptables -t mangle -I PREROUTING -j TTL --ttl-set 64
ip6tables -t mangle -I POSTROUTING -j HL --hl-set 64
ip6tables -t mangle -I PREROUTING -j HL --hl-set 64

For IPv4 traffic, it seems to work as expected.
Reply from 192.168.20.1: bytes=32 time<1ms TTL=64

But it doesn't seem to work as expected for IPv6 traffic.
Reply from fe80::a236:bcff:feb3:b8d8: time=1ms

Can anyone please advise on what I might be doing wrong that is causing this result?
 
How do you know it’s not working? Are there any hits on the rule?
 
dave14305 said:
How do you know it’s not working? Are there any hits on the rule?
Click to expand...
I don't how to check for hits to the rule, but I can see that it isn't working for IPv6 when I ping the firewall and get a TTL value different from what I have set through iptables in the firewall.

The ping command to the IPv6 address of the firewall doesn't return a TTL or HL value, so I took that to mean that it isn't being modified as expected.

Is there a better way to confirm that?
 
vesati said:
I don't how to check for hits to the rule
Click to expand...
Run:
Code: 
ip6tables -t mangle -nvL

Note the documentation on hoplimit:

HL (IPv6-specific)​

This is used to modify the Hop Limit field in IPv6 header. The Hop Limit field is similar to what is known as TTL value in IPv4. Setting or incrementing the Hop Limit field can potentially be very dangerous, so it should be avoided at any cost. This target is only valid in mangle table.

Don't ever set or increment the value on packets that leave your local network!

--hl-set valueSet the Hop Limit to `value'.
--hl-dec valueDecrement the Hop Limit `value' times.
--hl-inc valueIncrement the Hop Limit `value' times.
Click to expand...
 
You must log in or register to reply here.

Similar threads

R
Asus GT-AX11000 is bricked
Replies
12
Views
1K
dcsang
D
C
Solved Need help with nat-start scripts
Replies
3
Views
815
cathupo
C
P
DCSP marking
Replies
19
Views
1K
Coldblackice
Coldblackice
brocellous
RT-AC68U 802.11 DSCP QoS issue?
Replies
3
Views
558
brocellous
brocellous
M
IPv6 and Router Advertisement adding route to delegated /56 via WAN interface
Replies
2
Views
868
ZebMcKayhan
Z
Similar threads
Thread starter Title Forum Replies Date
K Solved "Block internet access" does nothing Asuswrt-Merlin 7
I Wireguard VPN client does not autostart after reboot Asuswrt-Merlin 2
J Does Asuswrt-Merlin support AiMesh over Wifi? Asuswrt-Merlin 4
M RT-AX88U_PRO Traffic Monitor does not work Asuswrt-Merlin 6
Q Does merlin reset router when assigning DHCP manual IP by MAC? Asuswrt-Merlin 11
JGrana Question - How Does Wireless Log determine Connected time? Asuswrt-Merlin 25
L DFS - Wireless Log - What does "Time elapsed" mean? Asuswrt-Merlin 3
G Device list does not display devices Asuswrt-Merlin 2
A LAN - IPTV - what does it do, and how to reproduce it on other than asus devices? Asuswrt-Merlin 1
Coldblackice Does ASUS Merlin's QoS consider DSCP? Asuswrt-Merlin 6

Similar threads

Latest threads

Support SNBForums w/ Amazon

If you'd like to support SNBForums, just use this link and buy anything on Amazon. Thanks!

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!

Members online

Total: 868 (members: 41, guests: 827)
Top