Forcing the TCP/IP TTL on GL-iNet devices

I sometimes use a GL-iNet AR750S Slate instead of tethering to my phone. It’s a nice, compact device, but I needed to change the TCP/IP TTL for one application. Here’s how:

SSH to the router (per docs):

ssh root@ 

The root password is the same as for accessing the web console.

From there you can go ahead and edit the contents of /etc/firewall.user and do a /etc/init.d/firewall restart. (It’s likely a reload would work there, but restart is more certain.)

…But the OpenWRT LuCi web interface is what most people use.

Update the opkg package list and install luCi:

opkg update
opkg install luci

Sign in to LuCi (per docs):

The username is root. The password is same as the one that you use to access the web Admin Panel

Now go to the firewall custom rules in your browser:

Add a block like the following:

#start TTL fix
#learn more info at
ip6tables -t mangle -I POSTROUTING -j HL --hl-set 65
iptables -t mangle -I POSTROUTING -j TTL --ttl-set 65
#end TTL fix

Now go to the firewall status page and click the button to restart the firewall:

Now go to a site like to confirm it’s all still working:

Additional related docs: