GoldenOrb NFT TTL settings
Forum rules
Use the SEARCH function for related topics PRIOR to posting a new topic on the same subject.
Use the SEARCH function for related topics PRIOR to posting a new topic on the same subject.
GoldenOrb NFT TTL settings
Hi all.
I am running pre-release build GO2023-04-05-AB22 and received a message that I had legacy iptable rules and nftable rules in conflict. (Sorry did not take a screenshot)
The Custom Rules tab for the firewall no longer has the text box for iptable rules, but instead has a TTL value. I set mine to a value of 65 and see the following in the modem log:
Fri Apr 7 15:32:40 2023 : TTL Settings 1 Setting TTL 65 on interface wwan0
Fri Apr 7 15:32:40 2023 : TTL Settings 1 iptables -t mangle -I POSTROUTING -o wwan0 -j TTL --ttl-set 65
Fri Apr 7 15:32:40 2023 : TTL Settings 1 iptables -t mangle -I PREROUTING -i wwan0 -j TTL --ttl-set 65
Couple of questions:
1. Will this set TTL for both IPv4 and IPv6?
2. Any concern with the iptable vs. nftables conflict message?
Thanks!
I am running pre-release build GO2023-04-05-AB22 and received a message that I had legacy iptable rules and nftable rules in conflict. (Sorry did not take a screenshot)
The Custom Rules tab for the firewall no longer has the text box for iptable rules, but instead has a TTL value. I set mine to a value of 65 and see the following in the modem log:
Fri Apr 7 15:32:40 2023 : TTL Settings 1 Setting TTL 65 on interface wwan0
Fri Apr 7 15:32:40 2023 : TTL Settings 1 iptables -t mangle -I POSTROUTING -o wwan0 -j TTL --ttl-set 65
Fri Apr 7 15:32:40 2023 : TTL Settings 1 iptables -t mangle -I PREROUTING -i wwan0 -j TTL --ttl-set 65
Couple of questions:
1. Will this set TTL for both IPv4 and IPv6?
2. Any concern with the iptable vs. nftables conflict message?
Thanks!
You do not have the required permissions to view the files attached to this post.
- Didneywhorl
- Posts: 3646
- Joined: Fri Mar 23, 2018 5:37 pm
- Location: USA
- Has thanked: 1370 times
- Been thanked: 764 times
- Contact:
Re: GoldenOrb NFT TTL settings
There is some debate on this. The only way to tell is to have the ping6 utility/app on a pc and ping the routers ipv6 address, if there is one available. regular ping for ipv4.
- BillA
- Posts: 1230
- Joined: Sun Dec 01, 2019 6:46 pm
- Location: USA
- Has thanked: 219 times
- Been thanked: 327 times
- Contact:
Re: GoldenOrb NFT TTL settings
biorchang wrote: Fri Apr 07, 2023 6:13 pm Hi all.
Couple of questions:
1. Will this set TTL for both IPv4 and IPv6?
2. Any concern with the iptable vs. nftables conflict message?
Thanks!
Normally you'd want to include the TTL rules for both IPv4+v6.
The global rules below covers all interfaces, no need to specify each interface separately (like wwan0, etc).
iptables -t mangle -I PREROUTING -j TTL --ttl-set 65
iptables -t mangle -I POSTROUTING -j TTL --ttl-set 65
ip6tables -t mangle -I PREROUTING -j HL --hl-set 65
ip6tables -t mangle -I POSTROUTING -j HL --hl-set 65
Just because your modem log is only showing "TTL --ttl-set 65" but not "HL --hl-set 65", that doesn't mean that IPv6 is not handled too.
That also depends on the carrier, some use IPv4 only like Verizon, or IPv4+v6 like Tmobile and ATT.
Also, if you have the IPv6 driver disabled on your computer, then the router will always use IPv4 for that device.
The true test is once you have used up your monthly hotspot allowance (usually 5-10 gigs), if it keeps working then the TTL is handled properly and the TTL value is set correctly. If the internet stops working, then either IPv6 is not handled properly or the TTL value is wrong.
Which router are your using, and have your tried the latest 2024 firmware yet?
Since the latest OpenWRT v22 has removed IPTables completely in some routers like from GLINet (Flint/AX1800 or Flint2/MT6000), does anyone know how to convert the above IPTable into the equivalent NFTable rules?
- Didneywhorl
- Posts: 3646
- Joined: Fri Mar 23, 2018 5:37 pm
- Location: USA
- Has thanked: 1370 times
- Been thanked: 764 times
- Contact:
Re: GoldenOrb NFT TTL settings
Best explanation I've seen: https://www.maroonmed.com/ttl-modificat ... firewall4/
- BillA
- Posts: 1230
- Joined: Sun Dec 01, 2019 6:46 pm
- Location: USA
- Has thanked: 219 times
- Been thanked: 327 times
- Contact:
Re: GoldenOrb NFT TTL settings
Didneywhorl wrote: Tue Apr 30, 2024 11:54 am Best explanation I've seen: https://www.maroonmed.com/ttl-modificat ... firewall4/
F*ckin' ayy! They always have to mess with stuff which ain't broken.
No more nice Custom Rules GUI, but silly command line config.
Seriously, what were they thinking when dropping the Custom Rules GUI, instead average users SSH-ing into routers?! smh
- Didneywhorl
- Posts: 3646
- Joined: Fri Mar 23, 2018 5:37 pm
- Location: USA
- Has thanked: 1370 times
- Been thanked: 764 times
- Contact:
- BillA
- Posts: 1230
- Joined: Sun Dec 01, 2019 6:46 pm
- Location: USA
- Has thanked: 219 times
- Been thanked: 327 times
- Contact:
Re: GoldenOrb NFT TTL settings
Well it's easy for you and me, but for the average user using SSH may be challenging.
Does the InvisaGig perform TTL internally, or it has to be done on the router?
- Didneywhorl
- Posts: 3646
- Joined: Fri Mar 23, 2018 5:37 pm
- Location: USA
- Has thanked: 1370 times
- Been thanked: 764 times
- Contact:
Re: GoldenOrb NFT TTL settings
It handles TTL and HL itselfBillA wrote: Wed May 01, 2024 5:48 pm Does the InvisaGig perform TTL internally, or it has to be done on the router?
- BillA
- Posts: 1230
- Joined: Sun Dec 01, 2019 6:46 pm
- Location: USA
- Has thanked: 219 times
- Been thanked: 327 times
- Contact:
Re: GoldenOrb NFT TTL settings
Didneywhorl wrote: Thu May 02, 2024 6:35 amIt handles TTL and HL itselfBillA wrote: Wed May 01, 2024 5:48 pm Does the InvisaGig perform TTL internally, or it has to be done on the router?
Would you know of a GUI based NFTables editor package? That'd be helpful.
- Didneywhorl
- Posts: 3646
- Joined: Fri Mar 23, 2018 5:37 pm
- Location: USA
- Has thanked: 1370 times
- Been thanked: 764 times
- Contact: