Yesterday Etisalat took the questionable decision of setting TTL=2 for some or all their residential gateways (currently it’s unclear to what extent was this rolled out).
What does this mean
It means that users will only be allowed to have one level of devices connected behind the etisalat-supplied access devices. If you connect your computer to the etisalat modem you will get network access. If you connect a wireless router to the etisalat-supplied modem than everything connected to your wireless router will not have access to the internet.
This is achieved by setting the TTL (Time To Live) of the network package to a very low number. Network devices are designed to decrease the TTL number of each network package that is passing trough them and drop the package when TTL reaches zero. This setting is used to prevent network loops and to insure that packets do not live forever. Check wikipedia for a more detailed explanation of how TTL works.
How to diagnose
If your internet does not work, you can diagnose the problem by connecting directly to your etisalat modem and pinging google.com.
Pinging 209.85.146.106 with 32 bytes of data:
Reply from 209.85.146.106: bytes=32 time=5ms TTL=1
Reply from 209.85.146.106: bytes=32 time=5ms TTL=1
If you get the TTL=1 it means that indeed you’ve been hit by etisalat’s change in settings. Another way to diagnose the problem is to run a traceroute to any server on the internet (“tracert” in windows). If your packet reaches the first etisalat hop but not beyond, than most likely you are facing a TTL expiry problem.
How to fix
Etisalat probably intends to limit the extent to which internet is shared behind it’s residential gateways. While this may be a reasonable intent, the method of implementation is less than ideal. Any computer savvy user will eventually figure out that the TTL setting is just another byte in a packet and it can be adjusted.
Linux users can take a look at iptables. You don’t even need to run a linux computer, you can use iptables on any wireless router that runs linux. Even if your router does not run linux you may be able to change the OS by installing dd-wrt, which conveniently published a guide on how to deal with low TTL settings.
Comments
While it’s reasonable for an ISP to limit the extent to which it allows the internet to be shared, the method of implementation is not the best one. It will hurt non-computer savvy users, which probably were legitimately sharing the internet anyway. On the other hand users who are sharing the internet for profit most likely will find out how to circumvent the limitation in a matter of hours. Legitimate users hurt, illegitimate users untouched.
This setting will also affect the market for wifi routers, once users will learn that daisy chaining off etisalat routers does not work they will stop buying the products. A small percentage of them will buy dd-wrt compatible wifi devices.
In my opinion if etisalat is concerned about loosing money because users are sharing their internet connection than they should be focused on how the service is delivered. They should have cheap speed-capped packages attractive to individual users and insure that service installations are swift.