From mboxrd@z Thu Jan  1 00:00:00 1970
From: bert hubert <ahu@ds9a.nl>
Date: Sat, 24 Mar 2001 21:29:45 +0000
Subject: Re: [LARTC] Stealth Router
Message-Id: <marc-lartc-98546951600753@msgid-missing>
List-Id: <lartc.vger.kernel.org>
References: <marc-lartc-98545518711220@msgid-missing>
In-Reply-To: <marc-lartc-98545518711220@msgid-missing>
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
To: lartc@vger.kernel.org

On Sat, Mar 24, 2001 at 06:32:04PM +0100, M.F. PSIkappa wrote:
> Hi,
> in FreeBSD kernel is options that make router stealth, packet passed throw
> router have no change in TTL value.
> Is a posibility to make similar thing in Linux, I think that in traceroute
> isn't this hop, no asteris, no router, no change in TTL, nothing ...?

There are multiple ways to achieve this. 

* The Ethernet Frame Diverter which allows you to operate as a transparent
  bridge. The URL is in the HOWTO

* The TTL target in iptables. This allows you to raise the TTL again, so
  nobody might see your router. If you disallow certain ICMP Port
  Unreachable messages, I think your router won't appear in traceroute. You
  need to use proxy arp tricks to draw packets into your router if you want
  it to be totally transparent.

Regards,

bert

-- 
http://www.PowerDNS.com      Versatile DNS Services  
Trilab                       The Technology People   
'SYN! .. SYN|ACK! .. ACK!' - the mating call of the internet

_______________________________________________
LARTC mailing list / LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://ds9a.nl/2.4Routing/