Default Route, pointopoint Address

Default route

How can I set the default route via UCI or Luci ?
Under Debian I have to set the following entries in the network configuration (Proxmox Routed Configuration LXC-Container):

        post-up ip route add aa.bb.ccc.ddd dev eth0
        post-up ip route add default via aa.bb.ccc.ddd dev eth0
        pre-down ip route del default via aa.bb.ccc.ddd dev eth0
        pre-down ip route del aa.bb.ccc.ddd dev eth0

How does this look under Openwrt via console or Luci ?

I virtualize Openwrt in a KVM VM, under Debian I have to add a pointopoint address in the networkinterface configuration. How do I set this on the WAN interface ?

Either by configuring a static address with a gateway, or by configuring a static address and a separate default route (a gateway is just another term for a default route anyway). Either approach works.

1 Like

All of your examples are not default routes; but nonthelss:

Using the example:

# in /etc/config/network

config route
        option target '0.0.0.0'
        option netmask '0.0.0.0'
        option gateway 'aa.bb.ccc.ddd'
        option interface 'lan' #<--in default OpenWrt eth0 us usually LAN

This route statement seems incomplete.

See:

2 Likes

When I enter the two commands in the console:

     ip route add aa.bb.ccc.ddd dev eth0
     ip route add default via aa.bb.ccc.ddd dev eth0

Can the VM be pinged from outside and inside, but no external connection to HTTP or SSH is possible. A route is displayed.

If I enter the following in /etc/config/network:

config route
         option target '0.0.0.0'
         option netmask '0.0.0.0'
         option gateway 'aa.bb.ccc.ddd'
         option interface 'lan'

Internal and external ping is not possible. No route is shown either.

I have no further ideas

This is by design. Add rules allowing inbound 22/tcp and 80/tcp to the router.

LAN? Not WAN?

I tried it with WAN ... no change

Then it's probably time to dig into your configuration.

What are the contents of /etc/config/network and /etc/config/firewall?

1 Like

/etc/config/network

config interface 'loopback'
        option device 'lo'
        option proto 'static'
        option ipaddr '127.0.0.1'
        option netmask '255.0.0.0'

config globals 'globals'
        option ula_prefix 'fd9f:46c0:57d7::/48'

config device
        option name 'br-lan'
        option type 'bridge'
        list ports 'eth0'

config interface 'lan'
        option device 'br-lan'
        option proto 'static'
        option ipaddr '192.168.1.1'
        option netmask '255.255.255.0'
        option ip6assign '60'

config interface 'wan'
        option device 'eth1'
        option proto 'static'
        list ipaddr 'aa.bb.ccc.ddd'
        option gateway 'aa.bb.ccc.eee'
        list dns '1.1.1.1'

config interface 'wan6'
        option device 'eth1'
        option proto 'none'

config device
        option name 'eth1'
        option ipv6 '0'

/etc/config/firewall


config defaults
        option syn_flood '1'
        option input 'ACCEPT'
        option output 'ACCEPT'
        option forward 'REJECT'

config zone
        option name 'lan'
        list network 'lan'
        option input 'ACCEPT'
        option output 'ACCEPT'
        option forward 'ACCEPT'

config zone
        option name 'wan'
        list network 'wan'
        list network 'wan6'
        option input 'REJECT'
        option output 'ACCEPT'
        option forward 'REJECT'
        option masq '1'
        option mtu_fix '1'

config forwarding
        option src 'lan'
        option dest 'wan'

config rule
        option name 'Allow-DHCP-Renew'
        option src 'wan'
        option proto 'udp'
        option dest_port '68'
        option target 'ACCEPT'
        option family 'ipv4'

config rule
        option name 'Allow-Ping'
        option src 'wan'
        option proto 'icmp'
        option icmp_type 'echo-request'
        option family 'ipv4'
        option target 'ACCEPT'

config rule
        option name 'Allow-IGMP'
        option src 'wan'
        option proto 'igmp'
        option family 'ipv4'
        option target 'ACCEPT'

config rule
        option name 'Allow-DHCPv6'
        option src 'wan'
        option proto 'udp'
        option dest_port '546'
        option family 'ipv6'
        option target 'ACCEPT'

config rule
        option name 'Allow-MLD'
        option src 'wan'
        option proto 'icmp'
        option src_ip 'fe80::/10'
        list icmp_type '130/0'
        list icmp_type '131/0'
        list icmp_type '132/0'
        list icmp_type '143/0'
        option family 'ipv6'
        option target 'ACCEPT'

config rule
        option name 'Allow-ICMPv6-Input'
        option src 'wan'
        option proto 'icmp'
        list icmp_type 'echo-request'
        list icmp_type 'echo-reply'
        list icmp_type 'destination-unreachable'
        list icmp_type 'packet-too-big'
        list icmp_type 'time-exceeded'
        list icmp_type 'bad-header'
        list icmp_type 'unknown-header-type'
        list icmp_type 'router-solicitation'
        list icmp_type 'neighbour-solicitation'
        list icmp_type 'router-advertisement'
        list icmp_type 'neighbour-advertisement'
        option limit '1000/sec'
        option family 'ipv6'
        option target 'ACCEPT'

config rule
        option name 'Allow-ICMPv6-Forward'
        option src 'wan'
        option dest '*'
        option proto 'icmp'
        list icmp_type 'echo-request'
        list icmp_type 'echo-reply'
        list icmp_type 'destination-unreachable'
        list icmp_type 'packet-too-big'
        list icmp_type 'time-exceeded'
        list icmp_type 'bad-header'
        list icmp_type 'unknown-header-type'
        option limit '1000/sec'
        option family 'ipv6'
        option target 'ACCEPT'

config rule
        option name 'Allow-IPSec-ESP'
        option src 'wan'
        option dest 'lan'
        option proto 'esp'
        option target 'ACCEPT'

config rule
        option name 'Allow-ISAKMP'
        option src 'wan'
        option dest 'lan'
        option dest_port '500'
        option proto 'udp'
        option target 'ACCEPT'

config rule
        option name 'Allow-SSH-WAN'
        option src 'wan'
        option proto 'tcp'
        option dest_port '52881'
        option target 'ACCEPT'
        option family 'ipv4'

Currently I have entered the following in /etc/rc.local:

ip route add aa.bb.ccc.eee dev eth1
ip route add default via aa.bb.ccc.eee dev eth1

and the connection on SSH works until I restart the network and firewall

No subnet mask?

I specified a netmask (255.255.255.255), restarted = no change

Then I have again the route

config route
       option target '0.0.0.0'
       option netmask '0.0.0.0'
       option gateway 'aa.bb.ccc.eee'
       option interface 'wan

entered restarted and have no change, only with the entries I made in the rc.local the network works

Why?

Why not pick a netmask which is compatible with both the ipaddr and gateway values?

I have a V-Server on which my additional IP addresses are bound to the Mac address of the primary network adapter, I believe this is called Routed Network Configuration.

Host is a Proxmox 8 server. Openwrt is installed here as KVM guest.

Which is all well and good, but doesn't explain why you chose a /32 netmask instead of one which corresponds to your desired ipaddr and gateway values.

If you configure a netmask which fits with both your ipaddr and gateway values, you might find some success.

The IP address of the Openwrt server is in a different subnet.

Then you need to fix that first.

I note, however, that your redacted examples implied some correlation:

aa.bb.ccc.ddd
aa.bb.ccc.eee

The casual observer would understandably reason that a /24 might be suitable.

2 Likes

That seems to be the solution to the problem. I set the network mask to /24 and it works.

1 Like

This topic was automatically closed 10 days after the last reply. New replies are no longer allowed.