Created
October 15, 2023 12:31
-
-
Save davidbalbert/1ac3238bcf2954fb4f8c129bd61ab463 to your computer and use it in GitHub Desktop.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/sh | |
| set -e | |
| # NOTE: This is no longer necessary! When the IPv6 rollout started, the issue went away. | |
| # I'm just keeping the script here for posterity. | |
| # Verizon Fios's router on the other end of the ONT (one hop upstream of this router) responds to | |
| # any ICMP echo request with an ICMP echo reply, no matter who the intended host is. This breaks | |
| # any traceroute that uses ICMP, including mtr, making it look like the destination host is one | |
| # hop beyond this router. | |
| # | |
| # https://tech.arantius.com/working-around-broken-traceroute-on-fios | |
| # | |
| # Note: this script only fixes traceroutes that are forwarded by the router. Running mtr while on this | |
| # router still won't work, and adding an equivalent rule to the OUTPUT chain just makes mtr exit with | |
| # "mtr: Permission denied." Technically you could fix it with a rule on INPUT that dropped all ICMP | |
| # replies with a TTL of 255, but that would make it impossible to ping our upstream gateway, which | |
| # doesn't seem like a good tradeoff. | |
| sudo iptables -I FORWARD -o eth4 -p icmp --icmp-type echo-request -m ttl --ttl-eq 1 -m comment --comment "Verizon Fios traceroute TTL hack" -j DROP |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment