ISP blocked internet connection sharing!

[+BudMan MVC]

My modem is connected to NIC1 eventhough it shows limited or no connectivity the internet works fine!

Dude post the output of ipconfig on computer 1.. with limited or no connectivity on nic1 you are not using that to access the internet.

USE THE ROUTER!! And all your problems will go away. You just need to set it up for your PPPoE info for it to work.

[ZOR]

Hey guys, I just talked to a friend of mine who works at this ISP and asked him about this stuff...at first he didnt want to tell me much about this stuff but a bit later what he told me is that they(ISP) put some filters that are based on filtering TTL. Lets say the limit is 10ms if it passes it to 11ms it wont work! This is all what that guy told me.

Anyone can explain this to me?

[obsolete_power]

I personally have never heard of something like this...I know of ISPs that block P2P file sharing but since internet connection sharing is done locally, it is impossible for the ISP to have any sort of control over that. Pretty much the first computer in the series divides the bandwidth in between itself and the other computer(s). That is it, no more complicated than that.

[Sophism]

use the router.

Connect your modem to the router, when the router is running, unplug the modem and plug it back in. Then set the settings in the router including your loginname and pass.

Then connect BOTH PC's to the router seperatly. So PC1 and PC2 are connect to the router. Allow your router to assign IP's to the PC's and make sure you are set both PC's to retrieve the IP via DHCP.

That should work

[+BudMan MVC]

If they are filtering on TTL, it is not in ms, but in being used to count the hops from their router a device is.. This would be a method of only allowing directly connected devices to talk to their routers.

If they are doing that, that blows for you.. But as I told you before, these methods of detecting multiple hosts behind a nat, can be defeated quite easy.. In the case of TTL filter.. just change the value on the packet.. Can be as simple as this

iptables -t mangle -A PREROUTING -i eth0 -j TTL --ttl-dec 1

Here is some info that you might find useful.

http://www.linuxtopia.org/Linux_Firewall_iptables/x4799.html

The TTL target is used to modify the Time To Live field in the IP header. One useful application of this is to change all Time To Live values to the same value on all outgoing packets. One reason for doing this is if you have a bully ISP which don't allow you to have more than one machine connected to the same Internet connection, and who actively pursues this. Setting all TTL values to the same value, will effectively make it a little bit harder for them to notice that you are doing this. We may then reset the TTL value for all outgoing packets to a standardized value, such as 64 as specified in the Linux kernel.

If your using linux based router, it is no problem to change the ttl of outbound packets. Any of the 3rd party firmwares that run linux should work, openwrt, dd-wrt come to mind..

edit: BTW if they are doing this.. defeat it.. Then call them up an cancel your account - move to another provider. If your isp did turn on ttl filtering.. they must really suck!

Edited October 15, 2006 by BudMan

[ZOR]

If they are filtering on TTL, it is not in ms, but in being used to count the hops from their router a device is.. This would be a method of only allowing directly connected devices to talk to their routers.

If they are doing that, that blows for you.. But as I told you before, these methods of detecting multiple hosts behind a nat, can be defeated quite easy.. In the case of TTL filter.. just change the value on the packet.. Can be as simple as this

iptables -t mangle -A PREROUTING -i eth0 -j TTL --ttl-dec 1

Here is some info that you might find useful.

http://www.linuxtopia.org/Linux_Firewall_iptables/x4799.html

The TTL target is used to modify the Time To Live field in the IP header. One useful application of this is to change all Time To Live values to the same value on all outgoing packets. One reason for doing this is if you have a bully ISP which don't allow you to have more than one machine connected to the same Internet connection, and who actively pursues this. Setting all TTL values to the same value, will effectively make it a little bit harder for them to notice that you are doing this. We may then reset the TTL value for all outgoing packets to a standardized value, such as 64 as specified in the Linux kernel.

If your using linux based router, it is no problem to change the ttl of outbound packets. Any of the 3rd party firmwares that run linux should work, openwrt, dd-wrt come to mind..

edit: BTW if they are doing this.. defeat it.. Then call them up an cancel your account - move to another provider. If your isp did turn on ttl filtering.. they must really suck!

This may seem a trick that works but looks like Im new at this TTL filtering... As you know how my current setup of my comp2 from comp1 is...Now, all I have to do is setup the comp 2, right? How do I change the value on the packet? Some steps of this may be helpful to me...

edit: Im really curious to learn how this thing work.

[+BudMan MVC]

You will need a router that runs iptables.. ie a linksys wrt54gL running either openwrt or dd-wrt, or even hyperwrt I think can do it, etc..

Or you would need to be running a linux based router, say IPcop or m0n0wall, etc..

What router do you have? If it can run dd-wrt, install that and your good to go.. The link I gave you goes over how to change the ttl

But since your in some crazy mindset of using ICS, when you have router I just don't get it -- but here a simple google for ICS change ttl provided this

http://kamburov.net/index.php?/content/view/17/26/

It seems his fix is only when the ISP sets the inbound packets with a ttl of 1, which keeps ICS from forwarding them on, etc.. But if your isp is blocking traffic too their router, you will need to be able to mod the outbound traffics ttl.. Which is where iptables comes in.

[ZOR]

You will need a router that runs iptables.. ie a linksys wrt54gL running either openwrt or dd-wrt, or even hyperwrt I think can do it, etc..

Or you would need to be running a linux based router, say IPcop or m0n0wall, etc..

What router do you have? If it can run dd-wrt, install that and your good to go.. The link I gave you goes over how to change the ttl

But since your in some crazy mindset of using ICS, when you have router I just don't get it -- but here a simple google for ICS change ttl provided this

http://kamburov.net/index.php?/content/view/17/26/

It seems his fix is only when the ISP sets the inbound packets with a ttl of 1, which keeps ICS from forwarding them on, etc.. But if your isp is blocking traffic too their router, you will need to be able to mod the outbound traffics ttl.. Which is where iptables comes in.

Thanks man, let me check this out. Cant wait to defeat this thing just because my provider is RESELLING the same line multiple times.

[mircleman]

Your packets are taking a route that is more than (your ttl setting) hops from you. This is why you cannot connect.

Here is some information that should help you solve the problem:

How to change your TCP/IP ttl parameter

What is ttl? ttl stands for Time To Live. All IP packets have a ttl

field and as IP packets get passed around the Internet, this ttl value

is decreased, usually by one at every hop. If this field ever gets

down to zero, the IP packet is discarded and does not reach its

destination. What this means to you is that if you ever try to connect

to a site on the Internet that is at a hop level greater than your

ttl, your connection will fail.

What is your current ttl? Just "ping localhost" and you should see

output that looks like:

Pinging hostname [127.0.0.1] with 32 bytes of data:

Reply from 127.0.0.1: bytes=32 time10ms ttl=32

Reply from 127.0.0.1: bytes=32 time10ms ttl=32

Reply from 127.0.0.1: bytes=32 time10ms ttl=32

Reply from 127.0.0.1: bytes=32 time10ms ttl=32

The 'ttl=#' will tell you what your ttl is set to. In the above

example, it is set to 32. Your ttl should be set to at least 128.

Changing your ttl. Jim Starke has a program that will automate

changing your ttl setting. Either use Jim's program or use the

following instructions to manually change the ttl setting.

Changing the ttl under Windows 95/98. Run REGEDIT, open:

HKEY_LOCAL_MACHINE

\System

\CurrentControlSet

\Services

\VxD

\MSTCP

and edit (or create) the string variable named "Defaultttl". Enter a

new value of 128 or larger (but less than 256). Then after restarting

your computer, use "ping localhost" to verify the change.

Changing the ttl under Windows NT. Run REGEDT32, open:

HKEY_LOCAL_MACHINE

\System

\CurrentControlSet

\Services

\Tcpip

\Parameters

and edit (or create) the REG_DWORD variable named "Defaultttl". Enter

a new value of 128 or larger (but less than 256). Then after

restarting your computer, use "ping localhost" to verify the change.

[+BudMan MVC]

Um no.. that is not what his problem is.. his ISP is doing TTL filtering.. Changing the default ttl on a machine has nothing to do with what his ISP is doing.

[ZOR]

But as I said earlier, when I try any site it finds it saying: "Web site found. Waiting for reply..."! After a while it just shows the page can not be displayed!

[+BudMan MVC]

Doing a dns query to your comp1 has nothing to do with what your ISP is doing.. so yes you would be able to find the IP address of a website.. Since comp1 is the one actually doing the lookup. Comp2 is set to ask comp1 for dns..

edit: You have 3 options if your ISP is really doing TTL filtering.

1) Change your TTL so that your ISP thinks your device is directly connected, ie use IPtables. Or the ICS link I gave you if they are setting the inbound ttl to 1, which would keep your machine from sending the traffic onto computer 2.

2) Contact your ISP and pay them their blood money to connect more than 1 machine.

3) Change ISPs

Edited October 16, 2006 by BudMan

[aRTx]

Yes this problem is true.

I live in Kosovo and we don't have enough ISPs to take what we want! then we must accept these ISPs with these problems...

I have try ICS and I can't do anything but first I have used CCpoxy and I have share internet

second I have configure Mikrotik Router to share Ipko internet, I have done this by IP table mangle (change ttl to xxx "I forgot the number")

third I have configure TP-Link router with simple wizard and after it I have change the TTL to the client

all these three methods are working good!

1) If you use Mikrotik Router it's work good because you are not suppose to change the ttl to the client but it cost (money, time and space if you want to make it from a PC)

2) if you use CCProcy you have to configure every client and some device you can't configure like VoIP Adapter (linksys....)

3) If you use any Wireless Router like (TP-LINK, INTELLINET...) you have to change the ttl to every client machine and I suppose you can't change it every where (like DreamBOX, VoIP,...)

ZOR you try very hard to solve this problem, I like it!

my best,

aRTx

[DPyro]

WTH. This thread is 4 years old, why did you bump it?

[x-scratch]

WTH. This thread is 4 years old, why did you bump it?

lol look at when he joined

[Fred Derf Veteran]

ZOR you try very hard to solve this problem, I like it!

His problem was likely solved years ago.

[Thread Closed]