Simple static route noob question

Hey there

I'm successfully routing all the clients traffic to a specific target IP (only one) over a separate (non-default) gateway, with a "static route".

Because I'm trying to limit which client gets routed, I've started playing with the "source" option on the second page of the static route config in luci.

Only problem is, when I set a source IP (like 192.168.123.158 which my client has), it basically kills the traffic. That target becomes unreachable. I'm curious to what it is I'm doing wrong. The target is a public address.

Openwrt describes the source option as:
"The preferred source address when sending to destinations covered by the target"

Preferred? I only want those source address packets to be routed. Hmm..

Thank you for reading or any help or comments.

In a route, the source address is not related to which devices can use that route, but which interface will be used for the outgoing packets.

What you need is to erase the source address, and control the traffic on the firewall.

In IPv4 routes it's the preferred source address which is the src option in the ip command.

But in IPv6 routes the source specifies source address depending routing (SADR) . This is the from option in the ip command. IPv6 routes also may contain a src option in linux but the preferred source address can't be configured in OpenWrt.

The fact that the source address of IPv4 and IPv6 routes mean different things in OpenWrt is a bit confusing.

BTW IPv4 doesn't support SADR. You'll need to use policy based routing using rules if you want to achieve something similar.

2 Likes

I think OP does not really want to configure the source address or use SADR, she/he just needs to limit which devices can use that route, hence my comment about the firewall.

1 Like
1 Like

Thanks. I don't think your idea is going to work for me.

I'm trying to select which clients are using which gateway to access a certain public IP. By using the firewall I'll eliminate access alltogether, won't I?

Thanks for writing. I really appreciate it!

(If you're wondering why I would want this. It's to access a server that's on the other side of the planet. The latency to it is a problem when doing certain operations. I run some clients over a vpn, and some I'd like to directly connect. I don't want to run file transfers over the vpn.)