Thursday, January 18, 2007

iptables to brake free from the ISP jail

You are asking yourself about the title of this right?
Well I received a couple of e-mail from bulgarian people about how to overcome the local restrictions we have in our country. For information I will say unlike other countries Bulgarian ISPs are doing everything possible to make you unable to share your internet traffic. So let's get started.

This is fast and I am going to ask you to read additional materials about what I will type here.

So first you got a linux box.
Second you need iptables.
Then open a console/terminal and authorize yourself as a root (the command is "su -").

The first thing to do when root is type in:
> iptables -t nat -A POSTROUTING -s IPADDRESS -j MASQUERADE

You should substitute IPADDRESS with the ip address of the host which we want to provide internet to. Basically many people don't use MASQUERADE but SOURCE NAT but this has a drawback with a certain configuration cause if you change addresses or if you have a dynamic address you can't use it.

> iptable -t mangle -A PREROUTING -j TTL --ttl-set 126
> iptable -t mangle -A POSTROUTING -s 192.168.4.0/255.255.255.0 -j TTL --ttl-inc 1

The first line is the thing we actually need.
It alters the TTL so it does not expire ;)
You can have the second one line in order to set the TTL from the other host to the same as it has come from your host! This is made for the reason your ISP doesn't understand that you have a host behind you.

Make sure to change the address in the example to the one you need!

So if you need more info about the commands and iptables please refer to http://www.netfilter.org/

No comments: