Routes

Routing is one of the core features of your firewall, which is responsible for forwarding packets over the network based on (predefined) paths.

Within the routing section of your firewall you can keep track of configured routes and define static routes yourself to teach your firewall which path it should take when forwarding packets to a specific network.

When a client sends a packet to the firewall for a network not directly attached to it, the firewall would normally check its routing table to determine to which gateway (see Gateways) it should be send.

Tip

Use traceroute (Interfaces ‣ Diagnostics ‣ Trace Route) to verify which path traffic would follow to reach its destination.

Configuration

This is where you can setup static routes, looking at the diagram in the previous chapter, here you would define how [1] would access [2] using router [3].

The number of settings are obviously limited, we need to know the gateway and the target network.


Disabled

(temporary) disable this item

Network Address

Destination network to reach

Gateway

The gateway to use.

Description

Optional description for this item

Note

Some services are known to update the routing table themselves, in which case you shouldn’t add static routes manually (OpenVPN manages its own routes for example).

Status

The status page shows the current active content of the routing table.


Proto

Protocol (IPv4 or IPv6)

Destination

Destination network

Gateway

Where to send the packet for this destination network

Flags

Routes have associated flags which influence operation of the protocols when sending to destinations matched by the routes. See the Flags table below for details.

Use

Counts the number of packets sent via this route

MTU

The MTU set for this route

Netif

Interface to use for this route

Netif (name)

Name of the interface if found

Expire

The time at which this route should expire, or zero if it should never expire. It is the responsibility of individual protocol suites to ensure that routes are actually deleted once they expire.

Flags

The following flags are supported by the kernel.

Letter / Flag

Description

1 [RTF_PROTO1]

Protocol specific routing flag

2 [RTF_PROTO2]

Protocol specific routing flag

3 [RTF_PROTO3]

Protocol specific routing flag

B [RTF_BLACKHOLE]

Just discard pkts (during updates)

b [RTF_BROADCAST]

The route represents a broadcast address

C [RTF_CLONING]

Generate new routes on use

c [RTF_PRCLONING]

Protocol-specified generate new routes on use

D [RTF_DYNAMIC]

Created dynamically (by redirect)

d [RTF_DONE]

Message confirmed

G [RTF_GATEWAY]

Destination is a gateway

H [RTF_HOST]

Host entry (net otherwise)

L [RTF_LLINFO]

Valid protocol to link address translation

M [RTF_MODIFIED]

Modified dynamically (by redirect)

R [RTF_REJECT]

Host or net unreachable

S [RTF_STATIC]

Manually added

U [RTF_UP]

Route usable

X [RTF_XRESOLVE]

External daemon resolves name

Logs

Route related logging, like radvd and rtsold for IPv6 write messages to this logging section which can be used for debugging purposes.