You are here

Persistent static route

10 posts / 0 new
Last post
wb6tae
Persistent static route

I need a static route on a node for local purposes.   I have added it to /etc/config/network and it works fine. Except for one thing, changes in the node config can cause that file to be overwritten.  My question is: Is there a way to assure the route is not impacted by local config changes?  I can live with firmware updates, so it is just setup changes I want to protect against.

BTW, I have considered putting an ip route... command in rc.local. But, I was wondering if there was another option.

FYI, here are the settings from the network config file

config 'route' 'default'
     option 'interface' 'lan'
     option 'target' '0.0.0.0'
     option 'netmask' '0.0.0.0'
     option 'gateway' '10.xxx.xxx.xxx'

 
AE6XE
AE6XE's picture
Take a look at the file "/etc

Take a look at the file "/etc/local/mesh-firewall/59-custom-rules".  (from memory...) This is the appropriate place to put any custom ip rules that are persistent, even across sysupgrades.

Note, the routing is a little more complex than putting entries in the 'main' route table.   AREDN uses policy route tables, which means there are many tables that are used, depending on where the traffic is coming from and going to.   It's possible, the intended end result is not achieved for all traffic.  If your 'local purpose' is limited to LAN devices of this node, then you might be OK.

Joe 

wb6tae
The custom rules file looks

The custom rules file looks like it is intended for iptables stuff. I suppose I might be able to do what I want... but at the price of figuring out what iptables is doing.
The entry in /etc/config/network worked fine, but it seems to get lost between reboots. For now I'll try rc.local and see what happens.

And, yes, this is a route "out" via a host on the local LAN.

AE6XE
AE6XE's picture
The entries in /etc/config

The entries in /etc/config/network are translated to iptable rules at start up and executed.  To figure out the commands,   do a "iptables -S" before and after and compare.  This command shows the original iptable options that created all the entries.  Find the delta and put in the custom rules file to persist.   Only issue is if you do a setting in the network file that affects other routing tables, then you'd need to do, e.g. "iptables -S -t mangle" to see the entries in that table.

What you're doing is experimental and risks breaking the routing somewhere else.   Best to keep your node as an end point no one else on the greater mesh would be routing though, which sounds like the situation.   This limits shooting only yourself in the foot :) . 

Joe AE6XE

wb6tae
Ready, fire, aim, ouch.

Ready, fire, aim, ouch. Thanks

wb6tae
Well now, that is odd.  The

Well now, that is odd.  The outputs of iptables -S and iptables -S -t mangle with and without the default route are identical. Also, in both cases, ip route does not show the default (0.0.0.0) route. However, if I add the default route to /etc/config/network and reboot, I most certainly have a route out (ping 8.8.8.8 works). If I comment the default rout out in /etc/config/network, then the ping fails.

????

AE6XE
AE6XE's picture
;) Ok, in a moment of working

;) Ok, in a moment of working on too many things at once, I gave you bad advice, need to get my tables straight.  Sorry about that.   We have netfilter/iptables tables and we have routing tables.    My comments were detecting changes in netfilter tables, but you are doing commands in routing tables -- two different things.   For routing I don't think there is a similar way.   Yea, just need to figure out the right command.   do "ip route" and see the main table  before/after to compare end-result.

wb6tae
I did check the ip route

I did check the ip route output in both cases (default route in /etc/config/network, and not) ... and here is where it gets interesting. In both cases, default route "out" and no route "out" the output of ip route was the same:

10.0.0.0/8 dev eth0.2 scope link  src 10.255.4.166 
10.0.0.0/8 dev wlan0 scope link  src 10.254.4.166 
10.240.37.48/29 dev eth0 scope link  src 10.240.37.49 
172.31.166.16/30 via 172.31.166.17 dev tun50 
172.31.166.16/30 dev tun50 scope link  src 172.31.166.18

Only when I specifically added a default route in rc.local did it show up in the ip route output as

default via 10.240.37.52 dev eth0

But, as I noted above, including the default route in /etc/config/network did the trick, even if it didn't appear in the output of ip route

AE6XE
AE6XE's picture
There are many routing tables

There are many routing tables.  You may not be looking at the right one.   the tables can be listed with the command "ip rule list".     Alternatively, the /etc/config/network route entry isn't working if a routing table isn't being updated.

I'm not real clear on what problem is being solved or the end goal of "local purposes".  if you are trying to get the devices on the LAN to have a different default route, to another IP address of a device on the same LAN, then affecting this setting is done through the node's dhcp setting when LAN devices acquire an IP address.   No need to have a device route to the mesh node, then back to the same LAN, rather the device should have a default route direct.  This is getting outside the core function of the nodes, and go-it-alone territory.

Joe AE6XE

wb6tae
The node in question, a

The node in question, a NanoStation, does not have a WAN connection. So to get out to the Internet (for tunnels) I need to route through a host on the LAN interface. (The other host is a Raspberry-Pi running at a NAT router.)  This all work fine and does just what I want. The only question is what is the best way to make that route persistent.  Adding the route command to rc.local seems to work well enough so I guess I'll just leave that in place. My only concern was I thought I had read somewhere that rc.local was not reliable, for whatever reason, on AREDN.

Theme by Danetsoft and Danang Probo Sayekti inspired by Maksimer