It looks like the default route on my nethsec box is an arbitrary interface. I would think that it should be set to the WAN and not something that points internally to my network.
A quick replace changes it and everything behaves as normal, trace routes (heading out) now correctly go straight out the WAN, and not hop once internally before heading out.
So wouldn’t the WAN be the better default? Thoughts?
Greetings @Noxonix is a clean installation?
NethSecurity inherits OpenWrt’s first‑boot interface logic. On some platforms (especially cloud / virtual, or when cabling/order of ports is unusual) the interface that the system names “wan” vs “lan” may not match what you expect from the hypervisor or hardware labels.[Default network config] In that case it looks like the default route is “wrong”, but in reality the WAN zone is bound to a different device than you think.
This is exactly what was discussed in the “Reverse Logic: WAN & LAN” issue: you may need to delete and re‑create the interfaces in the UI, then commit, to realign which physical NIC belongs to WAN and which to LAN.
When I install my nethsecurity the first interface is LAN green, after assigning my other 2 usb ethernet interfaces is where I start programming WAN / LAN
Hello thanks for the quick reply and the info.
It is a clean install, a vm running on XCP-ng. I did do some interface changes though, post install, I had to change the assigned nic in the hypervisor for the wan interface, maybe that is all this is.
I’m assuming “Reverse Logic: WAN & LAN” is a thread, or document I can find and review and past that, I will do a factory reset and see about setting the interfaces up again.
Thanks again.
Excellent.
Quick update
I factory reset and set things back up, recreated some vlans, and paid a little more attention to the interface associations and it looks like everything is routing correctly this time. default is the wan as expected.
I will continue to add the remaining interfaces and vlans and watch for anything to go amiss, but this issue does seem to be taken care of.
Again, thank you for the support.
Spoke too soon, once the vlans were deleted, it is now setting the default route to the br-lan.
Now i’m thoroughly confused. I’ve restarted a number of times (firstboot && reboot) done a ton of testing, had it fail a bunch.
but this time, everything is working as it should. even with adding and deleting the vlans. it’s still correct. in my research i’ve found that I can set the metric for the wan through a uci command which may also help if they go out of order again during my testing.
anyways, I will just keep testing for now.
Explain to me what you’re doing step by step.
To use uci:
uci set network.wan.metric=‘20’
uci commit network
reload_config
The commit command is used to apply changes; if you don’t use it, they won’t be saved.