7 Linux Route Command Examples (How to Add Route in Linux)

Jay Taylor's notes

back to listing index

7 Linux Route Command Examples (How to Add Route in Linux)

[web search]

Original source (www.thegeekstuff.com)

Tags: ubuntu howto networking www.thegeekstuff.com

Clipped on: 2017-11-19

I. How Routing is Done?

1. Display Existing Routes

route command by default will show the details of the kernel routing table entries. In this example, the ip-address of the system where the route command is being executed is 192.168.1.157

$ route
Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
192.168.1.0     *               255.255.255.0   U     0      0        0 eth0

The above command shows that if the destination is within the network range 192.168.1.0 – 192.168.1.255, then the gateway is *, which is 0.0.0.0.

When packets are sent within this IP range, then the MAC address of the destination is found through ARP Protocol and the packet will be sent to the MAC address.

If you don’t know what ARP is, you should first understand how ARP protocol works.

In order to send packets to destination which is not within this ip range, the packets will be forwarded to a default gateway, which decides further routing for that packet. We will see this shortly.

By default route command displays the host name in its output. We can request it to display the numerical IP address using -n option as shown below.

$ route -n
Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
192.168.1.0     0.0.0.0         255.255.255.0   U     0      0        0 eth0
0.0.0.0         192.168.1.10    0.0.0.0         UG    0      0        0 eth0

2. Adding a Default Gateway

We can specify that the packets that are not within the network has to be forwarded to a Gateway address.

The following route add command will set the default gateway as 192.168.1.10.

$ route add default gw 192.168.1.10

Now the route command will display the following entries.

$ route
Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
192.168.1.0     *               255.255.255.0   U     0      0        0 eth0
default         gateway.co.in   0.0.0.0         UG    0      0        0 eth0

Now we have just added a default gateway to our machine. To verify whether it is working properly, ping some external host (for example, google.com) to send ICMP packet.

$ ping www.google.com

The following is the sequences of evets that happens when the above ping command is executed.

First it will query the DNS server to obtain the ip-address of google.com ( for example: 74.125.236.34 )
The destination address ( 74.125.236.34 ) is not within the network range.
So, in Layer-3 (IP header) the DESTINATION IP will be set as “74.125.236.34”.
In Layer-2, the DESTINATION MAC address will be the filled in as the MAC address of the default gateway ( 192.168.1.10’s MAC ). The MAC will be found by using ARP as described earlier.
When the packet is sent out, the network switch ( which works on Layer-2 ), send the packet to the default gateway since the destination MAC is that of the gateway.
Once the gateway receives the packet, based on its routing table, it will forward the packets further.

The above 2 examples would have given a good idea about how routing is done within a network. Now we will see other command line options available with route command.

3. List Kernel’s Routing Cache Information

Kernel maintains the routing cache information to route the packets faster. We can list the kernel’s routing cache information by using the -C flag.

$ route -Cn
Kernel IP routing cache
Source          Destination     Gateway         Flags Metric Ref    Use Iface
192.168.1.157   192.168.1.51    192.168.1.51          0      0        1 eth0
192.168.1.157   74.125.236.69   192.168.1.10          0      0        0 eth0
.
.
.

4. Reject Routing to a Particular Host or Network

Sometimes we may want to reject routing the packets to a particular host/network. To do that, add the following entry.

$ route add -host 192.168.1.51 reject

As you see below, we cannot access that particular host (i.e .51 host that we just rejected).

$ ping 192.168.1.51
connect: Network is unreachable

However we can still access other hosts in the network (for example, .52 host is still accessible).

$ ping 192.168.1.53
PING 192.168.1.53 (192.168.1.53) 56(84) bytes of data.
64 bytes from 192.168.1.53: icmp_seq=1 ttl=64 time=7.77 ms

If you want to reject an entire network ( 192.168.1.1 – 192.168.1.255 ), then add the following entry.

$ route add -net 192.168.1.0 netmask 255.255.255.0 reject

Now, you cannot access any of the host in that network (for example: .51, .52, .53, etc.)

$ ping 192.168.1.51
connect: Network is unreachable

$ ping 192.168.1.52
connect: Network is unreachable

$ ping 192.168.1.53
connect: Network is unreachable

II. A Sample Network Architecture (to understand routing)

Let us use the following sample network architecture for the rest of the examples.

In the diagram below, we have 2 individual networks ( 192.168.1.0 and 192.168.3.0, with subnet mask of 255.255.255.0 ).

We also have a “GATEWAY” machine with 3 network cards. 1st card is connected to 192.168.1.0, 2nd card is connected to 192.168.3.0, and the 3rd card is connected to the external world.

. .

{ 56 comments… add one }

rinku April 30, 2012, 4:12 am

Great work
.

Link
Ironmaniaco April 30, 2012, 6:29 am

I don’t know how much time will take to deprecate the ifconfig+route with iproute2, but will not be so difficult to people learn iproute2 methods of creating routes, since the logic is basically the same, changing some “words” on the command sintax. 🙂
.

Link
bob April 30, 2012, 7:32 am

thank you. learnt something today.
.

Link
Jalal Hajigholamali April 30, 2012, 7:39 am

Hi,

Useful article…

thanks a lot
.

Link
yakup April 30, 2012, 9:14 am

Well written. One typo – in point 4 at the end, “is within 2.* range” should be “is within 3.* range”
.

Link
dexcript April 30, 2012, 1:53 pm

I prefer iproute2, its more flexible and powerfull..
.

Link
clay April 30, 2012, 8:37 pm

great series of articles.
another option: ip route [add|change|replace]
.

Link
Pierre B. May 1, 2012, 1:04 am

Yep! TGS strikes again!

Thanks for this tuto, and for the comments about iproute2, i need to learn this one too apparently.
.

Link
Sudharshan May 1, 2012, 9:39 am

Great thanks a lot ….
.

Link
Iván Carrasco quiroz May 1, 2012, 11:19 pm

A little summary of Iproute2:

Instead of “route add -net IP netmask MASk gw IP” you should enter
“ip route add IP/MASk via IP”.
Another command that can be used to replace “route -n” is “ip route show”.
To set a default gateway use: “ip route add default via IP”, and finally to delete a route use: “ip route del IP/MASK”.

Good luck
🙂
.

Link
niraj May 2, 2012, 12:50 am

Its really a good one to create a more than one gateway and route the same.
.

Link
Shashank Gosavi May 2, 2012, 6:02 am

Thnx buddy for introducing new commands…
.

Link
TedSki May 2, 2012, 8:05 am

A reminder that adding these static routes does not make them persistent across system reboots. Make sure to commit these changes to the relevant files within your distribution to make these persistent.
.

Link
Assi May 2, 2012, 8:31 am

good one, but after linux reboot all the routing table gone, to solved that follow this instraction:

1. Create call “route-eth0” file in nano -w /etc/sysconfig/network-scripts/route-eth0
2. save the following lines to the file:
ADDRESS0=10.0.0.0
NETMASK0=255.255.0.0
GATEWAY0=192.168.0.1
if there is more then one route change the extention of the ADD, NET, GAT, to 1 and etc….
sample:
route 1
ADDRESS0=10.100.0.0
NETMASK0=255.255.0.0
GATEWAY0=192.168.0.1

route 2
ADDRESS1=10.200.0.0
NETMASK1=255.255.0.0
GATEWAY1= 192.168.0.1

reboot and route saved successfully.
.

Link
Ivan Carrasco Quiroz May 2, 2012, 8:56 am

Thanks Assi, nice tip!
Anyway you can edit your /etc/rc.local and insert the command “ip route …”, it will load your routes at start.

🙂
.

Link
Assi May 2, 2012, 9:58 am

Thanks Ivan 🙂
i try to add this line (“ip route …”, ) to production servers that have RH / CentOS, from some reason its not working for me.
then i create the file “route-eth0” and its working like a magic.
.

Link
Ivan Carrasco Quiroz May 2, 2012, 4:50 pm

Try “apt-get install iproute” (DEB/UBUNTU) or “yum install iproute”(CENTOS). Maybe your distro does not have the package installed.

🙂
.

Link
bob May 4, 2012, 8:23 am

in the example for the “reject”, you might want to show the dump of the route command so that we can see how the entries look like.

in the sample network above, once you have configured everything, you might want to show dump of “route -n” at each of the 3 nodes, so that we can see at a glance how everything looks like.
.

Link
ramsse May 15, 2012, 7:46 pm

In step 7, where do we add the default route? in GATEWAY only?
$ route add default gw 125.250.60.59
.

Link
Lakshmanan Ganapathy October 12, 2012, 9:59 am

@ramsee,

That is done, to ensure that we can access the outside world. ( Internet ).

If the destination is not within the 1.* and 3.* series, it will reach out to outside world.
.

Link
Anonymous October 15, 2012, 3:13 am

awesome and thanks very much
.

Link
pria October 25, 2012, 11:46 pm

Great article !!!
.

Link
Nargunam November 1, 2012, 10:09 am

Suprb Article!!!
.

Link
alieblice November 6, 2012, 9:13 am

Hi
I dont understand this part :
——–
4. It then checks whether the destination is within 2.* range. IN this example, it is not
——–
why it should check fore 2.* range ? is 2.* should be 3.* ?
.

Link
obvious November 25, 2012, 3:59 pm

@alieblice: It’s a typo. It IS 3
.

Link
Girish November 29, 2012, 3:29 am

Great work Thanks for the info
.

Link
marikhu February 3, 2013, 10:26 pm

Nice work, clear and concise!
.

Link
Bilal Ali February 10, 2013, 2:23 pm

I think this the thing from which I had a routing fobia.
Which is now vanished.
Thanks for explaining step by step which helps beginners alot.
.

Link
santosh loke February 19, 2013, 4:36 am

nicely explained!
thx.
.

Link
giri February 27, 2013, 11:02 pm

In the above example:
4. Reject Routing to a Particular Host or Network

How do i undo the block? i mean later if the IP which is rejected,needs to be accepted,then what command we need to use?
.

Link
Anonymous April 30, 2013, 8:59 am

ip route del
.

Link
Shamsoo May 22, 2013, 11:08 am

In steps 5 and 6, why are routes being added on the Gateway to the local subnets (.1 and .3). Is that necessary?
.

Link
bechesa June 2, 2013, 2:25 am

@Shamso: yes , so that the two different sub networks are able to communicate to each other.
.

Link
shawn June 20, 2013, 9:15 pm

why are you specifying step #7
$ route add default gw 125.250.60.59
??

This can only be true if you are assigned a static IP from your ISP and using that, otherwise your modem interface (whatever that may be, i like to use eth0), should be set to DHCP and you have to masquerade out from the GATEWAY machine, which should be a firewall/router/DHCP/DNS server all in one to secure and solidify your whole LAN. make it easier.
.

Link
Javier Talens July 15, 2013, 5:14 am

Nice explanation. Good job! 🙂
.

Link
vinay kumar August 7, 2013, 1:02 am

hi

i want to add one virtual gateway in the centos , i have two nic card and assigned one static ip with gateway on the eth1 but second local ip with out gateway on the eth0

i have created one file route-eth0 (/etc/sysconfig/network-scripts)
added three lines for the route
ADDRESS0=192.168.3.3
NETMASK0=255.255.255.0
GATEWAY0=192.168.3.51
when i staring the service i am getting error Bringing up interface eth0: RTNETLINK answers: Invalid argument and it is not showing gateway thorugh this command route -n

Please help me for the same
.

Link
ivancarrascoq August 8, 2013, 10:39 am

Hi vinay kumar,

I think you should use on CentOS:
[root@corporativo ~]# cat /etc/sysconfig/network-scripts/ifcfg-eth0
DEVICE=eth0
BOOTPROTO=none
ONBOOT=yes
IPADDR=192.168.3.3
NETMASK=255.255.255.0
GATEWAY=192.168.3.51

Anyway, I recommend you first try your config with float addresses/gateways.
# ip addr add 192.168.3.3/24 dev eth0
# ip route add default via 192.168.3.51

You can load it into /etc/rc.local
What do you want to do?

Best regards,
Iván Carrasco Quiroz.
.

Link
nino August 14, 2013, 5:56 am

Hi, really great work, i was trying to implement the sample network using VMs in Openstack, but can seem to ping the networks from each other, though they can both ping the VM which i was using as the gateway, any help on what might be the reason i can implement it in an all VM situation
.

Link
abhi September 17, 2013, 2:15 am

Thanks a lot though i used route often but was filled up with some doubt.
Required a detailed information part 1 was full of basics and part 2 was well supported by example thanks a lot
.

Link
shiv January 8, 2014, 10:51 am

hi Laxmanan
Nice Explaination, it not working in my situation,
Can you figure out where is the mistake

firewall(ISP 101.202.100.201 and local 192.168.0.0 ) gateway 192.168.0.1
|
Gateway node(network 10.3.61.0 and 192.168.0.0)
|
Internal network(10.3.61.0) with gateway 10.3.61.1

I am able to access internet at gateway node by using proxy ip that is 192.168.0.1

I am not able to ping 192.168.0.1 from internal network. I did the setting as you specified in your architecture diagram.
I am able to ping gateway node on 10.1.1.1 gw from internal network.

I want to access internet from internal network and want all the traffic from internal network will pass through gateway node.

Please let me know if same can be achieved in some other way too.
Thanks in advance….
.

Link
MikeS January 31, 2014, 2:33 pm

Ok, so I’m trying to do this exact same setup except using ipv6 and I just can’t seem to get Lan A to talk to Lan B

Here’s my setup

LAN A Host: 2001::2

Gateway NicA: 2001::1
NicB 2000::1

Lan B Host: 2000::2

I’ve got the hosts’s gateway’d to my gateway. And i’ve been able to pink the nics on the gateway, but can not seem to get traffic to pass to the other network.
.

Link
chris April 16, 2014, 5:39 pm

Hi, ive been reading a lot of comments and docs regarding nullrouting. I am actually interested to nullroute one of my own IPs, and add 1 exemption to it. For example, I have a VPS with 3 IPs and I want 1 IP address to be null routed, while the other 2 working normal like before. As far as I read around i can only null route a specific address to my IP. What i want is my IP address to be totally null routed to any other external IP address, and adding only 1 IP exemption. Being said, I have 3 IPs, I want 2 of them to work normally like before, but one to be nullrouted to the internet, excepting 1 ip to be allowed to reach it.
Thanks,

Chris
.

Link
Arun May 22, 2014, 4:48 am

The screenshot shown for point 1 is actually that of point 2 and vice versa. Kindly check.
.

Link
Venkatt Guhesan June 24, 2014, 9:00 am

Ramesh – can you include the following notes under the sections for #5 and #6 of this article?

** In some Linux versions, IP-Forwarding will be switched OFF by default so you will need to enable it in addition to the “route add” to make the “ping” work.

Here is how you enable the IP-Forwarding (on the GATEWAY box):
# Edit /etc/sysctl.conf and set the following to a “1”
net.ipv4.ip_forward = 1 #used to be a zero
# Reboot the gateway box.
After you reboot if you tried pinging an IP on the other network and you now get “Destination Host Prohibited”, then you need to either turn off iptables or firewall rules (or add rules to allow those ports) on the Gateway box.
# If you wish to toggle that same ip_forward feature in real-time without restarting the gateway box, you can do this the following way:
echo 1 > /proc/sys/net/ipv4/ip_forward
# This turns the ip_forward switch ON but if you reboot, it will revert back to the default state of OFF (unless you change it in the /etc/sysctl.conf) file.
.

Link
Trempest February 7, 2015, 10:11 am

I’m figuring out if I could set multiple IPs on a Single NIC, each from different subnet with its own default gateway.

To run Postfix and Dovecot for multiple domains, each with OWN public IP and FQDN and OWN MX

Does this make any sense to you? Assuming routing is already taken care of on the FW, routers, etc

Server A has 2 separate NICs

NIC1 is physically connected to LAN switch
eth0 on DHCP (Private IP)
This is working fine

NIC2 is physically connected to core switch
eth1 to have 3 PUBLIC IP

*Catch: Public IP are from TWO different subnets, each with different gateway

auto eth1
iface eth1 inet static
address 119.73.132.98
netmask 255.255.255.248
post-up ip route add 119.73.132.96/29 via 119.73.132.97
post-up ip route add default via 119.73.132.97

auto eth1:1
iface eth1:1 inet static
address 203.126.43.134
netmask 255.255.255.240
post-up ip route add 203.126.43.128/28 via 203.126.43.129
post-up ip route add default via 203.126.43.129

auto eth1:2
iface eth1:1 inet static
address 203.126.43.131
netmask 255.255.255.240

Assuming FW rules allow access, will all three public IP addresses be accessible from the internet?

I’m figuring out if I could set multiple IPs on a Single NIC, each from different subnet with its own default gateway.
.

Link
Trempest February 7, 2015, 10:20 am

Sorry for the last message. I wasn’t clear.

Here’s what I wish to achieve.

I’m figuring out if I could set multiple IPs on a Single NIC, each from different subnet with its own default gateway.

The purpose is to run Postfix and Dovecot for multiple domains, each with OWN public IP and FQDN and OWN MX

Does this make any sense to you? Assuming routing is already taken care of on the FW, routers, etc

Server A has 2 separate NICs

NIC1 is physically connected to LAN switch
eth0 on DHCP (Private IP)
This is working fine

NIC2 is physically connected to core switch
eth1 to have 3 PUBLIC IP

*Catch: Public IP are from TWO different subnets, each with different gateway

At the end of /etc/iproute2/rt_tables
I add the following

1 rt2
1 rt3

Then in /etc/network/interfaces…

auto eth0
iface eth0 inet dhcp

auto eth1
iface eth1 inet static
address 119.73.132.98
netmask 255.255.255.248
post-up ip route add 119.73.132.96/29 dev eth1 src 119.73.132.98 table rt2
post-up ip route add default via 119.73.132.97 dev eth1 table rt2
post-up ip rule add from 119.73.132.96/29 table rt2
post-up ip rule add to 119.73.132.96/29 table rt2

auto eth1:1
iface eth1:1 inet static
address 203.126.43.134
netmask 255.255.255.240
post-up ip route add 203.126.43.128/28 dev eth1:1 src 203.126.43.134 table rt3
post-up ip route add default via 203.126.43.129 dev eth1:1 table rt3
post-up ip rule add from 203.126.43.128/28 table rt3
post-up ip rule add to 203.126.43.128/28 table rt3
.

Link
alireza goudarzi April 17, 2015, 6:59 am

tnx for useful information
.

Link
Zhifeng December 28, 2015, 1:49 am

Thanks a lot for the tutorial.
.

Link
Manikandan Somasundaram January 8, 2016, 3:41 am

Very Useful Article, Thanks
.

Link
David April 14, 2016, 12:33 pm

Nice article. However I lost my changes after a reboot. How do i make the changes permanent such that they dont disappear after a reboot or a network restart.
Thanks
.

Link
Shyam June 13, 2016, 12:24 am

Thanks, Great Tutorial ..
.

Link
Stanislas June 23, 2016, 10:47 am

Thanks alot for the tutorial. You deserve a big hug from me.
.

Link
AideN December 13, 2016, 11:51 pm

ThnkS Pal…!
.

Link
Xobi December 14, 2016, 1:58 am

I am new to LINUX, I have confusion regarding some commands I am writing those routing commands:
>> ip route add 10.195.220.0/28 dev rmnet0
>> ip rule add from 10.195.220.0/28 table 5
?? ip route add default via 10.195.220.1 dev rmnet0 table 5
>> ip route add 10.195.220.0/28 dev rmnet0 proto kernel scope link src 10.195.220.103 table 5.
>> ip route add 10.195.220.1 dev rmnet0 scope link table 5

What is the purpose of those commands? I do not clearly understand.
If anyone explain it will help me alot.
Thanks
.

Link
fb March 4, 2017, 10:02 pm

In Layer-3 (IP header) the DESTINATION IP will be set as “74.125.236.34”.
-> only in header? can you please elaborate?

In Layer-2, the DESTINATION MAC address will be the filled in as the MAC address of the default gateway ( 192.168.1.10’s MAC ).
Is this in in the Layer-2 frame?
.

Link
Deepak June 16, 2017, 6:29 am

What if i want to access one of the private range from internet and vice versa. then would be the configuration on private host, gateway and the host on internet.
.

Link

Support Us

Support this blog by purchasing one of my ebooks.

Bash 101 Hacks eBook

Sed and Awk 101 Hacks eBook

Vim 101 Hacks eBook

Nagios Core 3 eBook