Normalizing TTL across all packets leaving WAN interface

ajathom

I have pfsense 2.4 and I want to normalize all of the packets that are leaving the WAN interface of my router.  My ISP doesn't like routers and blocks data whose ttl is not "stock".

I did some experimentation and found that if I increment the TTL they can't tell that I'm behind a router and let the traffic through.

I found a very old post that had a way to do this: https://forum.pfsense.org/index.php?topic=4712.0

But my filters.inc doesn't have that line and I don't understand what that file does well enough to make the changes.

Is normalizing the ttl for all traffic leaving an interface something that can stil lbe accomplished?

johnpoz

Well filters.inc has been rewritten a bit since that post back in 2007 ;)

But its still there really its just under the scrub function..

function filter_generate_scrubing() {
 <snipped>if (!isset($config['system']['disablescrub'])) {
                        $scrubrules .= "scrub on \${$scrubcfg['descr']} all {$scrubnodf} {$scrubrnid} {$mssclamp} fragment reassemble\n"; // reassemble all directions</snipped> 

So you should be able to edit that per those threads instructions to do what your asking.

ajathom

Thanks johnpoz, that worked perfectly!

$scrubrules .= "scrub on \${$scrubcfg['descr']} all min-ttl 128 {$scrubnodf} {$scrubrnid} {$mssclamp} fragment reassemble\n"; // reassemble all
 directions

johnpoz

Great - glad it worked out for you… Shitty Ass ISPs  So they want your devices directly attached?  And you can have only 1?

You could write a patch to make this edit for you, since every time you update and that file gets updated your change will be lost..