[LARTC] Why TTL is changing when sending a ping?

[LARTC] Why TTL is changing when sending a ping?

[ArcosCom Linux User]

The situation is this:

INTERNET -- ROUTER -- ETHERNET+WIFI -- PC's

The conection between INTERNET and ROUTER is done with 2 LINKs with static
IP's.

The conection between ROUTER and PC's is done via ETHERNET lan with many
bridges and ACCESSPOINTS.

The PC's are in a IP subnet, the BRIDGES in another IP subnet, the AP's in
another IP subnet. The ROUTER has 1 bridge interface (2 real ethernets in
the bridge) connected to the LAN.

In the router exists then br0, br0:1, br0:2, br0:3 (PCs, APs, BRIDGEs IP
subnets) to allow IP connection over the ETHERNET+WIFI between ROUTER and
clients.

The principal purpose of the ROUTER is to allow internet acces to PC's.
The BRIDGES and AP's have got implemented STP protocol and appears to be
working fine (ap's and bridges are embedded linux boxes).

In router I have enabled rp_filter in all interfaces, default and each one.
The ip routing is enabled too (obviously).

I detected that a normal ping from ROUTER to one PC usually has a TTLd,
but many times that TTL changes to 128.

What could be the problem? The "routing" enabled in bridge devices?
Some TCP/IP parameter I don't configured fine?
Any idea?

Thanks



_______________________________________________
LARTC mailing list
LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc

[Bridge] Why TTL is changing when sending a ping?

[ArcosCom Linux User]

The situation is this:

INTERNET -- ROUTER -- ETHERNET+WIFI -- PC's

The conection between INTERNET and ROUTER is done with 2 LINKs with static
IP's.

The conection between ROUTER and PC's is done via ETHERNET lan with many
bridges and ACCESSPOINTS.

The PC's are in a IP subnet, the BRIDGES in another IP subnet, the AP's in
another IP subnet. The ROUTER has 1 bridge interface (2 real ethernets in
the bridge) connected to the LAN.

In the router exists then br0, br0:1, br0:2, br0:3 (PCs, APs, BRIDGEs IP
subnets) to allow IP connection over the ETHERNET+WIFI between ROUTER and
clients.

The principal purpose of the ROUTER is to allow internet acces to PC's.
The BRIDGES and AP's have got implemented STP protocol and appears to be
working fine (ap's and bridges are embedded linux boxes).

In router I have enabled rp_filter in all interfaces, default and each one.
The ip routing is enabled too (obviously).

I detected that a normal ping from ROUTER to one PC usually has a TTL=64,
but many times that TTL changes to 128.

What could be the problem? The "routing" enabled in bridge devices?
Some TCP/IP parameter I don't configured fine?
Any idea?

Thanks

Re: [Bridge] Why TTL is changing when sending a ping?

[Stephen Hemminger]

On Fri, 30 Mar 2007 22:30:36 +0200 (CEST)
"ArcosCom Linux User" <linux@arcoscom.com> wrote:

> The situation is this:
> 
> INTERNET -- ROUTER -- ETHERNET+WIFI -- PC's
> 
> The conection between INTERNET and ROUTER is done with 2 LINKs with static
> IP's.
> 
> The conection between ROUTER and PC's is done via ETHERNET lan with many
> bridges and ACCESSPOINTS.
> 
> The PC's are in a IP subnet, the BRIDGES in another IP subnet, the AP's in
> another IP subnet. The ROUTER has 1 bridge interface (2 real ethernets in
> the bridge) connected to the LAN.
> 
> In the router exists then br0, br0:1, br0:2, br0:3 (PCs, APs, BRIDGEs IP
> subnets) to allow IP connection over the ETHERNET+WIFI between ROUTER and
> clients.
> 
> The principal purpose of the ROUTER is to allow internet acces to PC's.
> The BRIDGES and AP's have got implemented STP protocol and appears to be
> working fine (ap's and bridges are embedded linux boxes).
> 
> In router I have enabled rp_filter in all interfaces, default and each one.
> The ip routing is enabled too (obviously).
> 
> I detected that a normal ping from ROUTER to one PC usually has a TTL=64,
> but many times that TTL changes to 128.
> 
> What could be the problem? The "routing" enabled in bridge devices?
> Some TCP/IP parameter I don't configured fine?
> Any idea?
> 

Are you using some form of connection tracking filtering on the bridge?
If the packet has to be regenerated as part of filtering it might
restart the TTL hop count.

[LARTC] Re: [Bridge] Why TTL is changing when sending a ping?

[ArcosCom Linux User]

El Dom, 1 de Abril de 2007, 21:05, Stephen Hemminger escribió:
> On Fri, 30 Mar 2007 22:30:36 +0200 (CEST)
> "ArcosCom Linux User" <linux@arcoscom.com> wrote:
>
>> The situation is this:
>>
>> INTERNET -- ROUTER -- ETHERNET+WIFI -- PC's
>>
>> The conection between INTERNET and ROUTER is done with 2 LINKs with
>> static
>> IP's.
>>
>> The conection between ROUTER and PC's is done via ETHERNET lan with many
>> bridges and ACCESSPOINTS.
>>
>> The PC's are in a IP subnet, the BRIDGES in another IP subnet, the AP's
>> in
>> another IP subnet. The ROUTER has 1 bridge interface (2 real ethernets
>> in
>> the bridge) connected to the LAN.
>>
>> In the router exists then br0, br0:1, br0:2, br0:3 (PCs, APs, BRIDGEs IP
>> subnets) to allow IP connection over the ETHERNET+WIFI between ROUTER
>> and
>> clients.
>>
>> The principal purpose of the ROUTER is to allow internet acces to PC's.
>> The BRIDGES and AP's have got implemented STP protocol and appears to be
>> working fine (ap's and bridges are embedded linux boxes).
>>
>> In router I have enabled rp_filter in all interfaces, default and each
>> one.
>> The ip routing is enabled too (obviously).
>>
>> I detected that a normal ping from ROUTER to one PC usually has a
>> TTLd,
>> but many times that TTL changes to 128.
>>
>> What could be the problem? The "routing" enabled in bridge devices?
>> Some TCP/IP parameter I don't configured fine?
>> Any idea?
>>
>
> Are you using some form of connection tracking filtering on the bridge?
> If the packet has to be regenerated as part of filtering it might
> restart the TTL hop count.
>

Yes, but not really into the bridges as is. I'm using tracking between
wan0 an zlan0, not between the bridges interfaces.

As I described below, the TTL changes with pings from ROUTER to any PC, my
question is not about pings from LAN to internet and in this case (local
pings from router to PCs) the tracking I expect has no effect, is ICMP
trafic (echo requests and answers).

Could you explain a bit how connection tracking modules (IP layer) can
interfere with ICMP traffic as you suggest?

Any other suggestions?

_______________________________________________
LARTC mailing list
LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc

Re: [Bridge] Why TTL is changing when sending a ping?

[ArcosCom Linux User]

El Dom, 1 de Abril de 2007, 21:05, Stephen Hemminger escribió:
> On Fri, 30 Mar 2007 22:30:36 +0200 (CEST)
> "ArcosCom Linux User" <linux@arcoscom.com> wrote:
>
>> The situation is this:
>>
>> INTERNET -- ROUTER -- ETHERNET+WIFI -- PC's
>>
>> The conection between INTERNET and ROUTER is done with 2 LINKs with
>> static
>> IP's.
>>
>> The conection between ROUTER and PC's is done via ETHERNET lan with many
>> bridges and ACCESSPOINTS.
>>
>> The PC's are in a IP subnet, the BRIDGES in another IP subnet, the AP's
>> in
>> another IP subnet. The ROUTER has 1 bridge interface (2 real ethernets
>> in
>> the bridge) connected to the LAN.
>>
>> In the router exists then br0, br0:1, br0:2, br0:3 (PCs, APs, BRIDGEs IP
>> subnets) to allow IP connection over the ETHERNET+WIFI between ROUTER
>> and
>> clients.
>>
>> The principal purpose of the ROUTER is to allow internet acces to PC's.
>> The BRIDGES and AP's have got implemented STP protocol and appears to be
>> working fine (ap's and bridges are embedded linux boxes).
>>
>> In router I have enabled rp_filter in all interfaces, default and each
>> one.
>> The ip routing is enabled too (obviously).
>>
>> I detected that a normal ping from ROUTER to one PC usually has a
>> TTL=64,
>> but many times that TTL changes to 128.
>>
>> What could be the problem? The "routing" enabled in bridge devices?
>> Some TCP/IP parameter I don't configured fine?
>> Any idea?
>>
>
> Are you using some form of connection tracking filtering on the bridge?
> If the packet has to be regenerated as part of filtering it might
> restart the TTL hop count.
>

Yes, but not really into the bridges as is. I'm using tracking between
wan0 an zlan0, not between the bridges interfaces.

As I described below, the TTL changes with pings from ROUTER to any PC, my
question is not about pings from LAN to internet and in this case (local
pings from router to PCs) the tracking I expect has no effect, is ICMP
trafic (echo requests and answers).

Could you explain a bit how connection tracking modules (IP layer) can
interfere with ICMP traffic as you suggest?

Any other suggestions?