7 Linux Route Command Examples (How to Add Route in Linux)
In the 1st part of the IP Routing series, we learned the fundamentals of Linux IP Routing.
Route command is used to show/manipulate the IP routing table. It is primarily used to setup static routes to specific host or networks via an interface.
In this article we will see how to manipulate the routing tables in Linux using route command.
We’ll first explain how routing is done with some basic route command examples, and then we’ll explain using a sample network architecture about how to setup routes in your network.
I. How Routing is Done?
1. Display Existing Routes
route command by default will show the details of the kernel routing table entries. In this example, the ip-address of the system where the route command is being executed is 192.168.1.157
$ route Kernel IP routing table Destination Gateway Genmask Flags Metric Ref Use Iface 192.168.1.0 * 255.255.255.0 U 0 0 0 eth0
The above command shows that if the destination is within the network range 192.168.1.0 – 192.168.1.255, then the gateway is *, which is 0.0.0.0.
When packets are sent within this IP range, then the MAC address of the destination is found through ARP Protocol and the packet will be sent to the MAC address.
If you don’t know what ARP is, you should first understand how ARP protocol works.
In order to send packets to destination which is not within this ip range, the packets will be forwarded to a default gateway, which decides further routing for that packet. We will see this shortly.
By default route command displays the host name in its output. We can request it to display the numerical IP address using -n option as shown below.
$ route -n Kernel IP routing table Destination Gateway Genmask Flags Metric Ref Use Iface 192.168.1.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0 0.0.0.0 192.168.1.10 0.0.0.0 UG 0 0 0 eth0
2. Adding a Default Gateway
We can specify that the packets that are not within the network has to be forwarded to a Gateway address.
The following route add command will set the default gateway as 192.168.1.10.
$ route add default gw 192.168.1.10
Now the route command will display the following entries.
$ route Kernel IP routing table Destination Gateway Genmask Flags Metric Ref Use Iface 192.168.1.0 * 255.255.255.0 U 0 0 0 eth0 default gateway.co.in 0.0.0.0 UG 0 0 0 eth0
Now we have just added a default gateway to our machine. To verify whether it is working properly, ping some external host (for example, google.com) to send ICMP packet.
$ ping www.google.com
The following is the sequences of evets that happens when the above ping command is executed.
- First it will query the DNS server to obtain the ip-address of google.com ( for example: 74.125.236.34 )
- The destination address ( 74.125.236.34 ) is not within the network range.
- So, in Layer-3 (IP header) the DESTINATION IP will be set as “74.125.236.34”.
- In Layer-2, the DESTINATION MAC address will be the filled in as the MAC address of the default gateway ( 192.168.1.10’s MAC ). The MAC will be found by using ARP as described earlier.
- When the packet is sent out, the network switch ( which works on Layer-2 ), send the packet to the default gateway since the destination MAC is that of the gateway.
- Once the gateway receives the packet, based on its routing table, it will forward the packets further.
The above 2 examples would have given a good idea about how routing is done within a network. Now we will see other command line options available with route command.
3. List Kernel’s Routing Cache Information
Kernel maintains the routing cache information to route the packets faster. We can list the kernel’s routing cache information by using the -C flag.
$ route -Cn Kernel IP routing cache Source Destination Gateway Flags Metric Ref Use Iface 192.168.1.157 192.168.1.51 192.168.1.51 0 0 1 eth0 192.168.1.157 74.125.236.69 192.168.1.10 0 0 0 eth0 . . .
4. Reject Routing to a Particular Host or Network
Sometimes we may want to reject routing the packets to a particular host/network. To do that, add the following entry.
$ route add -host 192.168.1.51 reject
As you see below, we cannot access that particular host (i.e .51 host that we just rejected).
$ ping 192.168.1.51 connect: Network is unreachable
However we can still access other hosts in the network (for example, .52 host is still accessible).
$ ping 192.168.1.53 PING 192.168.1.53 (192.168.1.53) 56(84) bytes of data. 64 bytes from 192.168.1.53: icmp_seq=1 ttl=64 time=7.77 ms
If you want to reject an entire network ( 192.168.1.1 – 192.168.1.255 ), then add the following entry.
$ route add -net 192.168.1.0 netmask 255.255.255.0 reject
Now, you cannot access any of the host in that network (for example: .51, .52, .53, etc.)
$ ping 192.168.1.51 connect: Network is unreachable $ ping 192.168.1.52 connect: Network is unreachable $ ping 192.168.1.53 connect: Network is unreachable
II. A Sample Network Architecture (to understand routing)
Let us use the following sample network architecture for the rest of the examples.
In the diagram below, we have 2 individual networks ( 192.168.1.0 and 192.168.3.0, with subnet mask of 255.255.255.0 ).
We also have a “GATEWAY” machine with 3 network cards. 1st card is connected to 192.168.1.0, 2nd card is connected to 192.168.3.0, and the 3rd card is connected to the external world.
5. Make 192.168.3.* Accessible from 192.168.1.*
Now we need to add a routing entry such that we are able to ping 192.168.3. series ip-addresses from 192.168.1. series. The common point we have is the GATEWAY machine.
So, on each machine in 192.168.1.* network a default gateway will be added as shown below.
$ route add default gw 192.168.1.10
Now when 192.168.1.1 pings 192.168.3.1, it will go to the GATEWAY via 192.168.1.10.
In GATEWAY, add the following routing entry.
$ route add -net 192.168.3.0 netmask 255.255.255.0 gw 192.168.3.10
Now all the packets addressed to 192.168.3.* network will be forwarded via the 192.168.3.10 interface, which then delivers the packets to the addressed machine.
6. Make 192.168.1.* Accessible from 192.168.3.*
It is very similar to what we did earlier.
So, on each machine in 192.168.3.* network a default gateway will be added as shown below.
$ route add default gw 192.168.3.10
In GATEWAY, add the following routing entry.
$ route add -net 192.168.1.0 netmask 255.255.255.0 gw 192.168.1.10
Now 192.168.3.* machines can ping 192.168.1.* machines.
7. Allow Internet Access ( External World )
In the previous two example, we have interconnected the 2 different networks.
Now we need to access the internet from these 2 different networks. For that, we can add a default routing ( when no routing rule matches ) to the 125.250.60.59 which is connected to the external world as follows.
$ route add default gw 125.250.60.59
This is how it works:
- Now when you try to access the internet (for example: ping google.com) from any of these machines (for example, from 192.168.3.2), the following is the sequence of events that happens.
- Since the destination (google.com) is not within 3.* series, it will be forwarded to GATEWAY via 3.10 interface
- In GATEWAY, it checks whether the destination is within 1.* range. In this example, it is not.
- It then checks whether the destination is within 2.* range. IN this example, it is not
- Finally, it takes the default route to forward the packets (i.e using the 125.250.60.59 interface, which is connected to the external world).
If you enjoyed this article, you might also like..
 |  |  |  |
- April 30, 2012, 4:12 amGreat work
- April 30, 2012, 6:29 amI don’t know how much time will take to deprecate the ifconfig+route with iproute2, but will not be so difficult to people learn iproute2 methods of creating routes, since the logic is basically the same, changing some “words” on the command sintax.
- April 30, 2012, 7:32 amthank you. learnt something today.
- April 30, 2012, 7:39 amHi,Useful article…thanks a lot
- April 30, 2012, 9:14 amWell written. One typo – in point 4 at the end, “is within 2.* range” should be “is within 3.* range”
- April 30, 2012, 1:53 pmI prefer iproute2, its more flexible and powerfull..
- April 30, 2012, 8:37 pmgreat series of articles.
another option: ip route [add|change|replace] -
Yep! TGS strikes again!Thanks for this tuto, and for the comments about iproute2, i need to learn this one too apparently.
- May 1, 2012, 9:39 amGreat thanks a lot ….
-
A little summary of Iproute2:Instead of “route add -net IP netmask MASk gw IP” you should enter
“ip route add IP/MASk via IP”.
Another command that can be used to replace “route -n” is “ip route show”.
To set a default gateway use: “ip route add default via IP”, and finally to delete a route use: “ip route del IP/MASK”.Good luck
- May 2, 2012, 12:50 amIts really a good one to create a more than one gateway and route the same.
- May 2, 2012, 6:02 amThnx buddy for introducing new commands…
- May 2, 2012, 8:05 amA reminder that adding these static routes does not make them persistent across system reboots. Make sure to commit these changes to the relevant files within your distribution to make these persistent.
- May 2, 2012, 8:31 amgood one, but after linux reboot all the routing table gone, to solved that follow this instraction:1. Create call “route-eth0″ file in nano -w /etc/sysconfig/network-scripts/route-eth0
2. save the following lines to the file:
ADDRESS0=10.0.0.0
NETMASK0=255.255.0.0
GATEWAY0=192.168.0.1
if there is more then one route change the extention of the ADD, NET, GAT, to 1 and etc….
sample:
route 1
ADDRESS0=10.100.0.0
NETMASK0=255.255.0.0
GATEWAY0=192.168.0.1route 2
ADDRESS1=10.200.0.0
NETMASK1=255.255.0.0
GATEWAY1= 192.168.0.1reboot and route saved successfully. -
Thanks Assi, nice tip!
Anyway you can edit your /etc/rc.local and insert the command “ip route …”, it will load your routes at start. - May 2, 2012, 9:58 amThanks Ivan
i try to add this line (“ip route …”, ) to production servers that have RH / CentOS, from some reason its not working for me.
then i create the file “route-eth0″ and its working like a magic. -
Try “apt-get install iproute” (DEB/UBUNTU) or “yum install iproute”(CENTOS). Maybe your distro does not have the package installed.
- May 4, 2012, 8:23 amin the example for the “reject”, you might want to show the dump of the route command so that we can see how the entries look like.in the sample network above, once you have configured everything, you might want to show dump of “route -n” at each of the 3 nodes, so that we can see at a glance how everything looks like.
- May 15, 2012, 7:46 pmIn step 7, where do we add the default route? in GATEWAY only?
$ route add default gw 125.250.60.59 - October 15, 2012, 3:13 amawesome and thanks very much
- October 25, 2012, 11:46 pmGreat article !!!
- November 1, 2012, 10:09 amSuprb Article!!!
- November 6, 2012, 9:13 amHi
I dont understand this part :
——–
4. It then checks whether the destination is within 2.* range. IN this example, it is not
——–
why it should check fore 2.* range ? is 2.* should be 3.* ? - November 25, 2012, 3:59 pm@alieblice: It’s a typo. It IS 3
- November 29, 2012, 3:29 amGreat work Thanks for the info
- February 3, 2013, 10:26 pmNice work, clear and concise!
- February 10, 2013, 2:23 pmI think this the thing from which I had a routing fobia.
Which is now vanished.
Thanks for explaining step by step which helps beginners alot. - February 19, 2013, 4:36 amnicely explained!
thx. - February 27, 2013, 11:02 pmIn the above example:
4. Reject Routing to a Particular Host or NetworkHow do i undo the block? i mean later if the IP which is rejected,needs to be accepted,then what command we need to use? - April 30, 2013, 8:59 amip route del
- May 22, 2013, 11:08 amIn steps 5 and 6, why are routes being added on the Gateway to the local subnets (.1 and .3). Is that necessary?
- June 2, 2013, 2:25 am@Shamso: yes , so that the two different sub networks are able to communicate to each other.
- June 20, 2013, 9:15 pmwhy are you specifying step #7
$ route add default gw 125.250.60.59
??This can only be true if you are assigned a static IP from your ISP and using that, otherwise your modem interface (whatever that may be, i like to use eth0), should be set to DHCP and you have to masquerade out from the GATEWAY machine, which should be a firewall/router/DHCP/DNS server all in one to secure and solidify your whole LAN. make it easier. - July 15, 2013, 5:14 amNice explanation. Good job!
- August 7, 2013, 1:02 amhii want to add one virtual gateway in the centos , i have two nic card and assigned one static ip with gateway on the eth1 but second local ip with out gateway on the eth0i have created one file route-eth0 (/etc/sysconfig/network-scripts)
added three lines for the route
ADDRESS0=192.168.3.3
NETMASK0=255.255.255.0
GATEWAY0=192.168.3.51
when i staring the service i am getting error Bringing up interface eth0: RTNETLINK answers: Invalid argument and it is not showing gateway thorugh this command route -nPlease help me for the same -
Hi vinay kumar,I think you should use on CentOS:
[root@corporativo ~]# cat /etc/sysconfig/network-scripts/ifcfg-eth0
DEVICE=eth0
BOOTPROTO=none
ONBOOT=yes
IPADDR=192.168.3.3
NETMASK=255.255.255.0
GATEWAY=192.168.3.51Anyway, I recommend you first try your config with float addresses/gateways.
# ip addr add 192.168.3.3/24 dev eth0
# ip route add default via 192.168.3.51You can load it into /etc/rc.local
What do you want to do?Best regards,
Iván Carrasco Quiroz. - August 14, 2013, 5:56 amHi, really great work, i was trying to implement the sample network using VMs in Openstack, but can seem to ping the networks from each other, though they can both ping the VM which i was using as the gateway, any help on what might be the reason i can implement it in an all VM situation
- September 17, 2013, 2:15 amThanks a lot though i used route often but was filled up with some doubt.
Required a detailed information part 1 was full of basics and part 2 was well supported by example thanks a lot - January 8, 2014, 10:51 amhi Laxmanan
Nice Explaination, it not working in my situation,
Can you figure out where is the mistakefirewall(ISP 101.202.100.201 and local 192.168.0.0 ) gateway 192.168.0.1
|
Gateway node(network 10.3.61.0 and 192.168.0.0)
|
Internal network(10.3.61.0) with gateway 10.3.61.1I am able to access internet at gateway node by using proxy ip that is 192.168.0.1I am not able to ping 192.168.0.1 from internal network. I did the setting as you specified in your architecture diagram.
I am able to ping gateway node on 10.1.1.1 gw from internal network.I want to access internet from internal network and want all the traffic from internal network will pass through gateway node.Please let me know if same can be achieved in some other way too.
Thanks in advance…. - January 31, 2014, 2:33 pmOk, so I’m trying to do this exact same setup except using ipv6 and I just can’t seem to get Lan A to talk to Lan BHere’s my setupLAN A Host: 2001::2Gateway NicA: 2001::1
NicB 2000::1Lan B Host: 2000::2I’ve got the hosts’s gateway’d to my gateway. And i’ve been able to pink the nics on the gateway, but can not seem to get traffic to pass to the other network. - April 16, 2014, 5:39 pmHi, ive been reading a lot of comments and docs regarding nullrouting. I am actually interested to nullroute one of my own IPs, and add 1 exemption to it. For example, I have a VPS with 3 IPs and I want 1 IP address to be null routed, while the other 2 working normal like before. As far as I read around i can only null route a specific address to my IP. What i want is my IP address to be totally null routed to any other external IP address, and adding only 1 IP exemption. Being said, I have 3 IPs, I want 2 of them to work normally like before, but one to be nullrouted to the internet, excepting 1 ip to be allowed to reach it.
Thanks,Chris - May 22, 2014, 4:48 amThe screenshot shown for point 1 is actually that of point 2 and vice versa. Kindly check.
-
Ramesh – can you include the following notes under the sections for #5 and #6 of this article?** In some Linux versions, IP-Forwarding will be switched OFF by default so you will need to enable it in addition to the “route add” to make the “ping” work.Here is how you enable the IP-Forwarding (on the GATEWAY box):
# Edit /etc/sysctl.conf and set the following to a “1”
net.ipv4.ip_forward = 1 #used to be a zero
# Reboot the gateway box.
After you reboot if you tried pinging an IP on the other network and you now get “Destination Host Prohibited”, then you need to either turn off iptables or firewall rules (or add rules to allow those ports) on the Gateway box.
# If you wish to toggle that same ip_forward feature in real-time without restarting the gateway box, you can do this the following way:
echo 1 > /proc/sys/net/ipv4/ip_forward
# This turns the ip_forward switch ON but if you reboot, it will revert back to the default state of OFF (unless you change it in the /etc/sysctl.conf) file. - February 7, 2015, 10:11 amI’m figuring out if I could set multiple IPs on a Single NIC, each from different subnet with its own default gateway.To run Postfix and Dovecot for multiple domains, each with OWN public IP and FQDN and OWN MXDoes this make any sense to you? Assuming routing is already taken care of on the FW, routers, etcServer A has 2 separate NICsNIC1 is physically connected to LAN switch
eth0 on DHCP (Private IP)
This is working fineNIC2 is physically connected to core switch
eth1 to have 3 PUBLIC IP*Catch: Public IP are from TWO different subnets, each with different gatewayauto eth1
iface eth1 inet static
address 119.73.132.98
netmask 255.255.255.248
post-up ip route add 119.73.132.96/29 via 119.73.132.97
post-up ip route add default via 119.73.132.97auto eth1:1
iface eth1:1 inet static
address 203.126.43.134
netmask 255.255.255.240
post-up ip route add 203.126.43.128/28 via 203.126.43.129
post-up ip route add default via 203.126.43.129auto eth1:2
iface eth1:1 inet static
address 203.126.43.131
netmask 255.255.255.240Assuming FW rules allow access, will all three public IP addresses be accessible from the internet?I’m figuring out if I could set multiple IPs on a Single NIC, each from different subnet with its own default gateway. - February 7, 2015, 10:20 amSorry for the last message. I wasn’t clear.Here’s what I wish to achieve.I’m figuring out if I could set multiple IPs on a Single NIC, each from different subnet with its own default gateway.The purpose is to run Postfix and Dovecot for multiple domains, each with OWN public IP and FQDN and OWN MXDoes this make any sense to you? Assuming routing is already taken care of on the FW, routers, etcServer A has 2 separate NICsNIC1 is physically connected to LAN switch
eth0 on DHCP (Private IP)
This is working fineNIC2 is physically connected to core switch
eth1 to have 3 PUBLIC IP*Catch: Public IP are from TWO different subnets, each with different gatewayAt the end of /etc/iproute2/rt_tables
I add the following1 rt2
1 rt3Then in /etc/network/interfaces…auto eth0
iface eth0 inet dhcpauto eth1
iface eth1 inet static
address 119.73.132.98
netmask 255.255.255.248
post-up ip route add 119.73.132.96/29 dev eth1 src 119.73.132.98 table rt2
post-up ip route add default via 119.73.132.97 dev eth1 table rt2
post-up ip rule add from 119.73.132.96/29 table rt2
post-up ip rule add to 119.73.132.96/29 table rt2auto eth1:1
iface eth1:1 inet static
address 203.126.43.134
netmask 255.255.255.240
post-up ip route add 203.126.43.128/28 dev eth1:1 src 203.126.43.134 table rt3
post-up ip route add default via 203.126.43.129 dev eth1:1 table rt3
post-up ip rule add from 203.126.43.128/28 table rt3
post-up ip rule add to 203.126.43.128/28 table rt3 - April 17, 2015, 6:59 amtnx for useful information
- January 8, 2016, 3:41 amVery Useful Article, Thanks
Next post: Top 7 Ubuntu Desktop Backup Software
Linux 101 Hacks 2nd Edition eBook - Practical Examples to Build a Strong Foundation in Linux
- Bash 101 Hacks eBook - Take Control of Your Bash Command Line and Shell Scripting
- Sed and Awk 101 Hacks eBook - Enhance Your UNIX / Linux Life with Sed and Awk
- Vim 101 Hacks eBook - Practical Examples for Becoming Fast and Productive in Vim Editor
- Nagios Core 3 eBook - Monitor Everything, Be Proactive, and Sleep Well
About The Geek Stuff
My name is Ramesh Natarajan. I will be posting instruction guides, how-to, troubleshooting tips and tricks on Linux, database, hardware, security and web. My focus is to write articles that will either teach you or help you resolve a problem. Read more aboutRamesh Natarajan and the blog.
Copyright © 2008–2015 Ramesh Natarajan. All rights reserved | Terms of Service
ReplyDeleteDue to shortage of time most of the peoples dont have too much time to go to the market and shop some goods or other things. Online shopping is one of the solution of this problem. But when you are shopping on online store from any other country you still have to face shipping problems like most of the store dont ship to all countries, Here's the point where our company can help you in your shipping. sign up, get us address, shop any store and ship to our US address we will reship it to you at low cost. For more follow the link.
globalshopaholics.com
shop and ship
myus
us forwarding address
WebnWays is a company providing professional-level website design and development solution, Web development, Brand designs, Mobile apps Development Full-featured online stores, Software development, SEO Services ,etc.
ReplyDeleteSeo experts Islamabad Pakistan
Seo services Islamabad Pakistan
Mobile apps development Islamabad Pakistan
Website development Islamabad Pakistan
Digital marketing Islamabad Pakistan
Customs Clearance agent Felixstowe
ReplyDeleteCustoms Clearance agent Heathrow
Customs Clearance agent Birmingham
Customs broker UK - IMPORTANT
Freight Forwarder UK