|
|
Thanks for the repost.
On Tue, Apr 30, 2002 at 04:32:48PM +0200, Kaddouch Guillaume wrote:
> > You should be able to do something like this:
> >
> > -t mangle -A PREROUTING <some restrictions to the rule> j TTL --ttl-set 0
>
> I had forgot to say that it is for using with the "fake-source"
> patch-o-matic that is already install to have a rule like this:
>
> ... -j REJECT --reject-with icmp-time-exceeded --fake-source IPADDR
>
> The rule with "-t mangle ..." doesn't allow me to specify an IP address.
OK. Try to set the TTL in PREROUTING:
-t mangle -A PREROUTING <some restrictions to the rule> j TTL --ttl-set 0
and then when your box generates the time-exceeded in response to this
rule, set the src in POSTROUTING:
-t nat A POSTROUTING -m ttl --ttl-eq 0 -j SNAT --to IPADDR
Ramin
>
> But I haven't the sufficient skill to do myself the patch.
> Is it scheduled?
>
> Or are they an other method?
>
> Thanks for your answers.
>
> Guillaume.
>
> >
> > Ramin
|
|