Custom route fails to work without setting gateway

[hayzamjs]

This is my network config:

config interface 'loopback'
	option device 'lo'
	option proto 'static'
	option ipaddr '127.0.0.1'
	option netmask '255.0.0.0'

config globals 'globals'
	option ula_prefix 'fdac:2bfe:d5cf::/48'

config device
	option name 'br-lan'
	option type 'bridge'
	list ports 'lan1'
	list ports 'lan2'
	list ports 'lan3'
	list ports 'sfp2'

config interface 'lan'
	option device 'br-lan'
	option proto 'static'
	option ipaddr '10.254.100.1/24'
	option netmask '255.255.255.0'
	option ip6assign '60'
	option dns '10.254.100.1'

config device
	option name 'br-wan'
	option type 'bridge'
	option macaddr 'CE:3B:48:7D:DB:62'
	list ports 'eth1'
	list ports 'wan'

config device
	option name 'eth1'
	option macaddr 'ce:3b:48:7d:db:62'

config device
	option name 'wan'
	option macaddr 'ce:3b:48:7d:db:62'

config interface 'wan'
	option device 'br-wan'
	option start '100'
	option limit '150'
	option leasetime '12h'
	option metric '10'
	option proto 'pppoe'
	option username '<username>'
	option password '<password>'
	option ipv6 '0'

config interface 'wan6'
	option device '@wan'
	option metric '10'
	option reqaddress 'try'
	option reqprefix 'auto'
	option sourcefilter '0'
	option proto 'dhcpv6'

config interface '4G'
	option proto 'qmi'
	option auth 'none'
	option pdptype 'ipv4v6'
	option device '/dev/cdc-wdm0'
	option metric '50'
	option delegate '0'

config interface 'BSNLTrunk'
	option device 'lan4'
	option proto 'dhcp'
	option metric '1000'
	option delegate '0'

config interface 'tailscale'
	option proto 'none'
	option device 'tailscale0'

This is my firewall config:

config defaults
	option input 'REJECT'
	option output 'ACCEPT'
	option forward 'REJECT'
	option synflood_protect '1'

config zone
	option name 'lan'
	option input 'ACCEPT'
	option output 'ACCEPT'
	option forward 'ACCEPT'
	list network 'lan'

config zone
	option name 'wan'
	option input 'REJECT'
	option output 'ACCEPT'
	option forward 'REJECT'
	option masq '1'
	option mtu_fix '1'
	list network 'wan'
	list network 'wan6'
	list network '4G'
	list network 'BSNLTrunk'

config forwarding
	option src 'lan'
	option dest 'wan'
	
config rule
	option name 'Allow-DHCP-Renew'
	option src 'wan'
	option proto 'udp'
	option dest_port '68'
	option target 'ACCEPT'
	option family 'ipv4'

config rule
	option name 'Allow-IGMP'
	option src 'wan'
	option proto 'igmp'
	option family 'ipv4'
	option target 'ACCEPT'

config rule
	option name 'Allow-DHCPv6'
	option src 'wan'
	option proto 'udp'
	option dest_port '546'
	option family 'ipv6'
	option target 'ACCEPT'

config rule
	option name 'Allow-MLD'
	option src 'wan'
	option proto 'icmp'
	option src_ip 'fe80::/10'
	list icmp_type '130/0'
	list icmp_type '131/0'
	list icmp_type '132/0'
	list icmp_type '143/0'
	option family 'ipv6'
	option target 'ACCEPT'

config rule
	option name 'Allow-ICMPv6-Input'
	option src 'wan'
	option proto 'icmp'
	list icmp_type 'echo-request'
	list icmp_type 'echo-reply'
	list icmp_type 'destination-unreachable'
	list icmp_type 'packet-too-big'
	list icmp_type 'time-exceeded'
	list icmp_type 'bad-header'
	list icmp_type 'unknown-header-type'
	list icmp_type 'router-solicitation'
	list icmp_type 'neighbour-solicitation'
	list icmp_type 'router-advertisement'
	list icmp_type 'neighbour-advertisement'
	option limit '1000/sec'
	option family 'ipv6'
	option target 'ACCEPT'

config rule
	option name 'Allow-ICMPv6-Forward'
	option src 'wan'
	option dest '*'
	option proto 'icmp'
	list icmp_type 'echo-request'
	list icmp_type 'echo-reply'
	list icmp_type 'destination-unreachable'
	list icmp_type 'packet-too-big'
	list icmp_type 'time-exceeded'
	list icmp_type 'bad-header'
	list icmp_type 'unknown-header-type'
	option limit '1000/sec'
	option family 'ipv6'
	option target 'ACCEPT'

config include 'miniupnpd'
	option type 'script'
	option path '/usr/share/miniupnpd/firewall.include'

config zone
	option name 'tailscale'
	option input 'ACCEPT'
	option output 'ACCEPT'
	option forward 'ACCEPT'
	option masq '1'
	list network 'tailscale'

config forwarding
	option src 'tailscale'
	option dest 'lan'

config forwarding
	option src 'tailscale'
	option dest 'wan'

config forwarding
	option src 'lan'
	option dest 'tailscale'

Before I set anything up, I can ping 172.30.249.11 and 172.30.249.33 by using the command ping <ip> -I lan4, what I want to achieve is all packets directed to these IPs (and some other IPs that I will add later) to automatically use lan4 (BSNLTrunk). I can see the following data in the overview page as well:

Protocol: DHCP client
Address: 10.148.113.22/19
Gateway: 10.148.96.1
DNS 1: 172.30.249.11
DNS 2: 172.30.249.33
Expires: 1h 15m 56s
Connected: 0h 14m 4s

Now this is my setup :

1. I mark the packets from anywhere 0.0.0.0/0 to 172.30.249.0/24 using these nftables rules:

/usr/share/nftables.d/chain-pre/mangle_output/0-pbr.nft :

ip saddr { 0.0.0.0/0 } ip daddr { 172.30.249.0/24 } counter meta mark set 720801 comment "!fw4: 720801"

/usr/share/nftables.d/chain-pre/mangle_prerouting/0-pbr.nft :

iifname "br-lan" ip saddr { 0.0.0.0/0 } ip daddr { 172.30.249.0/24 } counter meta mark set 720801 comment "!fw4: 720801"

2. I setup rules and routes to use the marked packets using these rules in the /etc/config/network file:

config route
	option table '47167'
	option interface 'BSNLTrunk'
	option target '0.0.0.0/0'

config rule
	option mark '720801'
	option lookup '47167'

Now I should ideally be able to ping 172.30.249.0/24 from anywhere in the network right? But that's not the case the pings seemingly go nowhere and the traceroute (from the router to the range) looks like this:

root@openwrt-box:/usr/share/nftables.d# traceroute 172.30.249.11
traceroute to 172.30.249.11 (172.30.249.11), 30 hops max, 46 byte packets
 1  10.148.113.22 (10.148.113.22)  423.972 ms !H  3118.365 ms !H  3120.005 ms !H

Also I should note that in the overview page the gateway has turned into 0.0.0.0?

Protocol: DHCP client
Address: 10.148.113.22/19
Gateway: 0.0.0.0
DNS 1: 172.30.249.11
DNS 2: 172.30.249.33
Expires: 1h 9m 38s
Connected: 0h 20m 22s

Now I should add that I use the same method to PBR using other interfaces (My 4G interface, some wireguard interfaces) and they all work perfectly fine except this one interface. Also when I add the gateway '10.148.96.1' to this route:

config route
	option table '47167'
	option interface 'BSNLTrunk'
	option target '0.0.0.0/0'
	option gateway '10.148.96.1'

It works as expected again (setting the interface BSNLTrunk to a different routing table also works), but I don't want to use the gateway as it's not reliable and prone to change in my case, I want to use the interface directly. I have tried everything I could think of but I can't seem to get it to work. A user on the forum told me it might be a bug so thought I'd post it here.

[gntcs]

@jow- , I have created an interface with dhcp client protocol named iptv without default gateway option. ifstatus iptv shows this record correctly:

inactive -> route -> nexthop: 100.112.84.1

But when i leave blank the gateway (see image attachment), "traceroute 10.31.44.26" says no route to host(this is dhcpserver). NETIFD can't read inactive -> route -> nexthop value.
On the page it says: if omitted the gateway from the parent interface is taken.
It works only when I enter gateway 100.112.84.1 manually, but when I reboot the device default route is changed, I enter it manually again.

#ifstatus iptv

{
   "up": true,
   "pending": false,
   "available": true,
   "autostart": true,
   "dynamic": false,
   "uptime": 183,
   "l3_device": "wan.103",
   "proto": "dhcp",
   "device": "wan.103",
   "updated": [
      "addresses",
      "routes",
      "data"
   ],
   "metric": 0,
   "dns_metric": 0,
   "delegation": true,
   "ipv4-address": [
      {
         "address": "100.XXX.XX.44",
         "mask": 22
      }
   ],
   "ipv6-address": [

   ],
   "ipv6-prefix": [

   ],
   "ipv6-prefix-assignment": [

   ],
   "route": [
      {
         "target": "10.63.0.0",
         "mask": 20,
         "nexthop": "0.0.0.0",
         "source": "0.0.0.0/0"
      },
      {
         "target": "10.31.0.0",
         "mask": 16,
         "nexthop": "0.0.0.0",
         "source": "0.0.0.0/0"
      }
   ],
   "dns-server": [

   ],
   "dns-search": [

   ],
   "neighbors": [

   ],
   "inactive": {
      "ipv4-address": [

      ],
      "ipv6-address": [

      ],
      "route": [
         {
            "target": "0.0.0.0",
            "mask": 0,
            "nexthop": "100.112.84.1",
            "source": "100.XXX.XX.44/32"
         }
      ],
      "dns-server": [
         "XXX.74.0.5",
         "XXX.74.1.5"
      ],
      "dns-search": [

      ],
      "neighbors": [

      ]
   },
   "data": {
      "dhcpserver": "10.31.44.26",
      "leasetime": 3600
   }

[hayzamjs]

@gntcs That's weird when I set the gateway manually like this it works fine (and persists):

config route
	option table '47167'
	option interface 'BSNLTrunk'
	option target '0.0.0.0/0'
	option gateway '10.148.96.1'

Without a different route it works fine as well, just that when I add a route without setting a gateway to an interface that is not point to point (like VPN/4G/PPPoE) it doesn't work

[gntcs]

@hayzamjs No problem when I specify gateway address manually, it works. The problem is when the router is rebooted, the ip address and the gateway is changed (PROTO=DHCP), I have to add new gateway again manually.

IMO,
IF ISEMPTYORNULL(LUCI-STATICROUTING-GATEWAY) THEN
DYNAMICGWIP = getIFACEIPfromINACTIVE-route-nexthop(IPTV); foreach route.iptv.gateway= DYNAMICGWIP
IF 0.0.0.0 no route.
IF ADDEDMANUALY=accept static gateway ip.

See route->"nexthop": "0.0.0.0", IT must be empty "", not "0.0.0.0".