Try to use the current toolstack (iproute2) and dont use the depreciated ifconfig & route commands.
To list all IPv4 addresses:
ip -4 address
Or shorter:
ip -4 a
Or less verbose:
ip -br -4 a
Or for a particular <INTERFACE_NAME> (the s argument for show):
ip -br -4 a s <INTERFACE_NAME>
List IPv4 routes:
ip -4 r
To isolate showing only the default route(s) (the s argument for show):
ip -4 r s default
To add an IP to an interface (a argument for add):
sudo ip a a <IP_ADDRESS>/<MASK> dev <INTERFACE_NAME>
To remove an IP from an interface (d argument for delete):
sudo ip a d <IP_ADDRESS>/<MASK> dev <INTERFACE_NAME>
To add a default route (a for add):
sudo ip r a default via <GATEWAY_IP> dev <INTERFACE_NAME> src <OWN_IP_ADDRESS>
To remove a default route (d for delete):
sudo ip r d default via <GATEWAY_IP> dev <INTERFACE_NAME> src <OWN_IP_ADDRESS>
When in sh.t creek, try make it so that only one default route exists via the WAN interface.
Test with the ping and traceroute -n commands.
And when get it to work like this, you'll have to look into who/which piece of software is borking your IP stack.
EDIT: Ow forgot to ask, did you already apply below for actual forwarding?
$ sysctl net.ipv4.ip_forward
net.ipv4.ip_forward = 1
And below for masquerading outbound traffic?
$ sudo nft -n list table nat
table ip nat {
chain POSTROUTING {
type nat hook postrouting priority 100; policy accept;
oifname "<WAN_INTERFACE_NAME>" counter packets 8068 bytes 728001 masquerade
}
}
EDIT2: Ow and ditch isc-dhcp-server and let pihole-FTL do DNS plus DHCP for your clients.
Makes things allot easier ... KISS.
Ow and setup a proper firewall to allow, or not, only particular services coming in via the WAN interface! (EDIT: Eg a VPN service)