Nmcli: adding routes with a source IP address?

We have an external NAT that our Linux servers can’t seem to figure out when the traffic arrives. Thus we have to manually add the routes with internal NAT source IP. I can manually add routes with an IP source like so:
ip route add via src

And I could add that to the old network file “route-eth0” just by adding the line: via src

However I can’t figure out how to add the persistent route to NetworkManager with the nmcli command. I can do this all day long:
nmcli con mod eth0 +ipv4.routes “”

But the when I try to add a source I get an error. These versions of this command fail:
nmcli con mod eth0 +ipv4.routes “ src”
nmcli con mod eth0 +ipv4.routes “" src

How do I achieve this without having to resort to using rc.local to get this done at boot?

Edit: Originally I forgot to add that this interface has two IP addresses - and

For “regular” routes, if connection “eth0” has address (where includes,
there is already link-local route dev eth0 src (or something to that effect).
Adding via means that packet to has to go out from eth0 (and will have src= in order to reach the router

It is not entirely clear (to me) what your NAT does to the picture.

RH doc Chapter 20. Configuring static routes Red Hat Enterprise Linux 9 | Red Hat Customer Portal says:

nmcli con mod eth0 +ipv4.routes “ src=”

The NAT is performed by a Cisco firewall. Windows servers have no problem responding to inbound traffic however our Linux servers need to have the route ‘forced’ to the internal IP of the NAT. For example if the NAT is > the Windows server has no problem properly responding to the traffic. Our Linux servers however do not respond until we force that traffic to go back via the internal NAT with that command:
ip route add via src

Edit: What I forgot to add is that there are two IP addresses on this interface. Eth0 has and Sorry, this makes the question have a lot more sense.

Another bit that might be necessary is Policy-based Routing: Chapter 21. Configuring policy-based routing to define alternative routes Red Hat Enterprise Linux 9 | Red Hat Customer Portal

Overall, more than one IP address on same subnet is IMHO usually more trouble than benefit.

How is the network topology, actually?

LanA --- (Xa)Cisco(Xb) --- LanB --- (Rb)Rocky


  • LanA 10.0/16
  • Xb
  • Rb

What is the NAT?

  • to LanA, sNAT Xa
  • to LanB, sNAT Xb

Or what?

WAN — Cisco Firewall — LAN Switch — Rocky
Inbound >>> Cisco Xlate to >>> Rocky has and .3

Sometimes however (at least on older Linux distros) the OS gets confused and sends the traffic back out the other IP.
The NATed IP is not the primary/first IP on the list. If this is the case then the traffic is sent out the first IP instead of the one the traffic arrived on.

Whatever the case this issue is resolved by forcing those routes out the proper interface with the “src” directive.

Thanks for the link. It does show the “src” directive and that it needs an “=” sign. This is what works:
nmcli con mod eth0 +ipv4.routes “ src=”

That is dNAT (aka port-forwarding), rather than sNAT, isn’t it?

That is, client sends packet (SRC= DST=
The Cisco does dNAT (DST= → DST=
and the server receives (SRC= DST=

This topic was automatically closed 60 days after the last reply. New replies are no longer allowed.