Normalizing TTL across all packets leaving WAN interface

  • I have pfsense 2.4 and I want to normalize all of the packets that are leaving the WAN interface of my router.  My ISP doesn't like routers and blocks data whose ttl is not "stock".

    I did some experimentation and found that if I increment the TTL they can't tell that I'm behind a router and let the traffic through.

    I found a very old post that had a way to do this:

    But my doesn't have that line and I don't understand what that file does well enough to make the changes.

    Is normalizing the ttl for all traffic leaving an interface something that can stil lbe accomplished?

  • LAYER 8 Global Moderator

    Well has been rewritten a bit since that post back in 2007 ;)

    But its still there really its just under the scrub function..

    function filter_generate_scrubing() {
     <snipped>if (!isset($config['system']['disablescrub'])) {
                            $scrubrules .= "scrub on \${$scrubcfg['descr']} all {$scrubnodf} {$scrubrnid} {$mssclamp} fragment reassemble\n"; // reassemble all directions</snipped> 

    So you should be able to edit that per those threads instructions to do what your asking.

  • Thanks johnpoz, that worked perfectly!

    $scrubrules .= "scrub on \${$scrubcfg['descr']} all min-ttl 128 {$scrubnodf} {$scrubrnid} {$mssclamp} fragment reassemble\n"; // reassemble all

  • LAYER 8 Global Moderator

    Great - glad it worked out for you… Shitty Ass ISPs  So they want your devices directly attached?  And you can have only 1?

    You could write a patch to make this edit for you, since every time you update and that file gets updated your change will be lost..

Log in to reply