JFFS Script Not Running

[zubbs1]

My script should change the TTL value of all outbound routed packets to 65. I added the suggested lines to add to logger, and to 'touch' to /tmp.
Quick sidenote:
My phone is tethered to the router, so the wan is not receiving access to the internet to set the timestamp, so my router logs July 31, 2015 for however long it takes to get the proper time. Therefore it is totally worthless to help in debugging (if there is something I can do to fix this, let me know).

I SSH into the router with WinSCP, and use the built in interface to write the script.

My script is titled SetTTL65.sh

#!/bin/sh
#Set all outgoing TTL values to 65
logger -t SetTTL65.sh TTL script finished
touch /tmp/SetTTL65.sh.ran
insmod xt_HL
insmod xt_hl
iptables -t mangle -I PREROUTING -i `nvram get wan0_ifname` -j TTL --ttl-set 10
iptables -t mangle -I POSTROUTING -o `nvram get wan0_ifname` -j TTL --ttl-set 64
iptables -t mangle -I POSTROUTING -o `nvram get wan0_ifname` -j TTL --ttl-inc 1
#iptables -t mangle -A POSTROUTING -j TTL --ttl-set 65

I ssh into the router with WinSCP
If I manually run it through that software's command line, It will add a log entry, and put the file in the /tmp location.

Another question though, if I run it manually through command line, and ping a connected device, the TTL is 64. This seems to indicate my script doesn't work even if I could get it to run at startup. Anyone have any advice on why the script isn't working?

Any help is greatly appreciated.

Cheers.

 

[thelonelycoder]

Make sure it's set as executable, run:

chmod a+rx /jffs/scripts/*

How is it started, did you place a link to the file in one of the start scripts?
Assuming the file is in this location /jffs/scripts/SetTTL65.sh. it will not simply run because it's there.

If you have a file /jffs/scripts/wan-start place a link to it into it, the file would look like this:

#!/bin/sh
/jffs/scripts/SetTTL65.sh

Create it if it does not exist, it is run whenever the WAN comes up. Make this file executable as well.

Also, make sure the line endings of the SetTTL65.sh file are set to unix, not DOS. You can do this with this command:

dos2unix /jffs/scripts/SetTTL65.sh

Test if it works by entering the following. If it works reboot the router for a final test:

/jffs/scripts/wan-start

 

[zubbs1]

Make sure it's set as executable, run:

chmod a+rx /jffs/scripts/*

How is it started, did you place a link to the file in one of the start scripts?
Assuming the file is in this location /jffs/scripts/SetTTL65.sh. it will not simply run because it's there.

If you have a file /jffs/scripts/wan-start place a link to it into it, the file would look like this:

#!/bin/sh
/jffs/scripts/SetTTL65.sh

Create it if it does not exist, it is run whenever the WAN comes up. Make this file executable as well.

Also, make sure the line endings of the SetTTL65.sh file are set to unix, not DOS. You can do this with this command:

dos2unix /jffs/scripts/SetTTL65.sh

Test if it works by entering the following. If it works reboot the router for a final test:

/jffs/scripts/wan-start

Very insightful, thank you. I did not know that you had to tell the system to run the script.

Your advice worked, and it is now running the script on startup. However, the script is a dud and is not changing the ttl value of attached devices.

Do you see anything wrong with the content of the script itself?

I really appreciate your help.

Cheers.

 

[RMerlin]

Such a script should go into a nat-start script rather than wan-start, otherwise anytime the firewall is restarted, your changes will be lost.

 

[zubbs1]

Such a script should go into a nat-start script rather than wan-start, otherwise anytime the firewall is restarted, your changes will be lost.

Will do. Any advice on getting the script to accomplish what I want it to?

Cheers.

 

[thelonelycoder]

Very insightful, thank you. I did not know that you had to tell the system to run the script.

Your advice worked, and it is now running the script on startup. However, the script is a dud and is not changing the ttl value of attached devices.

Do you see anything wrong with the content of the script itself?

I really appreciate your help.

Cheers.

I know about files and scripts, but not about firewall, iptables.
Someone else will surely help.

 

[RMerlin]

Will do. Any advice on getting the script to accomplish what I want it to?

Cheers.

Have you tried instead enabling the "Spoof LAN TTL value" setting on the WAN page?

 

[zubbs1]

Have you tried instead enabling the "Spoof LAN TTL value" setting on the WAN page?

I just tried it, and it accomplishes what I want, although I thought I needed specifically 65 for my solution. How does the 'Spoof LanTTL' work, or what is it actually doing to the routing of packets?

Thank you so much for your help!

 

[RMerlin]

I just tried it, and it accomplishes what I want, although I thought I needed specifically 65 for my solution. How does the 'Spoof LanTTL' work, or what is it actually doing to the routing of packets?

Thank you so much for your help!

I don't know. it was implemented by Asus in the stock firmware, and I've never looked at it.