Page 1 of 1
DMZ ping and hide from traceroute?
Posted: Tue Mar 17, 2020 2:41 am
by saibarker
Hi there,
What im trying to do is, DMZ all traffic to a local host including ping requests. I also want to hide my RB from trace-routes... Is this possible?
Thanks,
Re: DMZ ping and hide from traceroute?
Posted: Thu Mar 19, 2020 3:41 am
by Sob
Sure it is. First is simple dstnat, same thing like when you forward ports, only you skip protocol and it will take all. And for second, use mangle to increase ttl by one, and block ttl exceeded packets from RB to client using filter in output.
Re: DMZ ping and hide from traceroute?
Posted: Mon Mar 23, 2020 3:32 am
by saibarker
Sure it is. First is simple dstnat, same thing like when you forward ports, only you skip protocol and it will take all. And for second, use mangle to increase ttl by one, and block ttl exceeded packets from RB to client using filter in output.
Thanks Sob, I get the first dst-nat part but don't get the second. Would you have an example command for this?
Re: DMZ ping and hide from traceroute?
Posted: Tue Mar 24, 2020 4:54 am
by Sob
In fact, dropping packets is not necessary, just change TTL. For example, this will cause client 192.168.80.10 to not see router in traceroute:
/ip firewall mangle
add action=change-ttl chain=prerouting new-ttl=increment:1 passthrough=yes src-address=192.168.80.10
Re: DMZ ping and hide from traceroute?
Posted: Tue Mar 24, 2020 5:47 am
by saibarker
In fact, dropping packets is not necessary, just change TTL. For example, this will cause client 192.168.80.10 to not see router in traceroute:
/ip firewall mangle
add action=change-ttl chain=prerouting new-ttl=increment:1 passthrough=yes src-address=192.168.80.10
Awesome! thanks Sob.
Ill give it a test tonight
Re: DMZ ping and hide from traceroute?
Posted: Thu Feb 08, 2024 3:15 am
by dice4real
I'm a newbie and wanted to hide my ISP Router. Can you provide a physical configuration for Mikrotik Thank you in advance...