[clug] How to prevent port forwarding

steve jenkin sjenkin at tip.net.au
Sun Apr 23 03:41:28 GMT 2006

Christopher Zhang wrote on 22/4/06 11:09 PM:
> Hi,
> I am interested to find out if it is possible, if so, how, that some 
> ISPs prevent 1 registered Internet user to distribute their Internet 
> connection by running their computer as a gateway for other users to 
> route through. The closest thing I can think of is TTL, since if other 
> hosts are routed through the legitimate host, then their TTL will be 
> at least be 1 less than if it were coming from the legitimate host, 
> without any artificial changes. Is this a plausible way for ISPs ? Can 
> anyone show me some iptables commands that the ISPs would do? and also 
> how can I change my TTLs and so on.
> Thanks
> Chris
> --linux mailing list
> linux at lists.samba.org
> https://lists.samba.org/mailman/listinfo/linux
I would've thought that devices behind a NAT'ing firewall would be 
invisible by definition:
- there is no route to them, they are in a private world.
  The external IP nr of the firewall is the only point that can be 
reached by tools like traceroute
- There is no TTL difference.  The firewall does not relay/rewrite by 
packet, but by connection.
- There is no host identifier - all internal IP's are mapped onto the 
one external...


Steve Jenkin, Info Tech, Systems and Design Specialist.
0412 786 915 (+61 412 786 915)
PO Box 48, Kippax ACT 2615, AUSTRALIA

sjenkin at canb.auug.org.au http://www.tip.net.au/~sjenkin

More information about the linux mailing list