The objective here is to reach equipments present in other local networks.
Here is a diagram of my local network:
It’s divided into 4 different networks to split and restrict access:
in purple: the server/services network which includes NAS equipment, Home Assistant, Freebox (internet router) and the Firewall allowing me to control the flows of other networks
in blue: the network for PCs, printers, smartphones, etc… of my home
in orange : the network for guests
in green: the network of IoT IP devices
The need is to allow my Home Assistant in the purple network (192.168.1.0/24) to reach for example a Yeelight which is in the green network (192.168.3.38).
I have to create a static route on my Home Assistant because the default gateway is a Freebox, it is impossible to declare (on the Freebox) routes (=> product limitation).
To solve this problem, I have to tell the Home assistant to join the IP address of the Firewall (192.168.1.253) to reach another networks.
It’s imperative to install SSH add-on on Home Assistant. Important point, you have to install only the one called “SSH & Web Terminal” and uncheck the protected mode. This will give access to advanced commands that we will see later (for example nmcli)
- Verification of the non-access to the resource
Once this module is installed and configured, we’ll try to reach the Yeelight’s IP using ping command
You can see in the screenshot that 0 packets have been received
- List all configured connections
The nmcli device show command displays the following information:
It’s important here to identify the connection name (here Supervisor eth0) in charge of the purple network. On this network, we will add a new route (the first two were added automatically).
We can see in this list that there is no route to the green network (192.168.3.0/24)
- Editing the parameters of the card
The command nmcli con edit " Supervisor eth0" (replace this name between quotation marks according to the name of your card indicated in the previous command) allows you to enter the configuration mode
You can see a change in the prompt (here we switch to nmcli>)
- Display the detailed configuration of the network card
The print ipv4 command allows to display the configuration details and then to overload the automatic configuration (seen during the command of point 3)
- Adding the route
We want to add a new route, for that we have to type the command set ipv4.routes 192.168.3.0/24 192.168.1.253 . So, to reach the network 192.168.3.0/24, we have to transmit the packet to the gateway 192.168.1.253
- Change check
Thanks to the print ipv4 command, we can observe the addition of the new route
- Apply the configuration
This step is essential, otherwise the new route will not be taken into account in the network card. You have to save the configuration BUT in persistent mode. So, that will be applied even after a reboot. To do that, we use the command save persistent (and especially not only save)
The result of the command shows that the configuration has been updated.
- Exit nmcli mode
All that remains is to quit the module with the quit command
- Reboot the host
The last essential step is to reboot the host completely in order to allow completely the new routing table: be careful, this operation may take a little time depending on your configuration.
For this reboot :
Supervisor > System > Restart Host
- Global check
To confirm that the new route is working, we will execute the command in point 3 and check the presence of the route
And confirm with the ping command (same as point 1) that we can now reach our equipment