7 Linux Route Command Examples (How to Add Route in Linux)

by Lakshmanan Ganapathy on April 30, 2012

In the 1st part of the IP Routing series, we learned the fundamentals of Linux IP Routing.

Route command is used to show/manipulate the IP routing table. It is primarily used to setup static routes to specific host or networks via an interface.

In this article we will see how to manipulate the routing tables in Linux using route command.

We’ll first explain how routing is done with some basic route command examples, and then we’ll explain using a sample network architecture about how to setup routes in your network.

I. How Routing is Done?

1. Display Existing Routes

route command by default will show the details of the kernel routing table entries. In this example, the ip-address of the system where the route command is being executed is 192.168.1.157

$ route
Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
192.168.1.0     *               255.255.255.0   U     0      0        0 eth0

The above command shows that if the destination is within the network range 192.168.1.0 – 192.168.1.255, then the gateway is *, which is 0.0.0.0.

When packets are sent within this IP range, then the MAC address of the destination is found through ARP Protocol and the packet will be sent to the MAC address.

If you don’t know what ARP is, you should first understand how ARP protocol works.

In order to send packets to destination which is not within this ip range, the packets will be forwarded to a default gateway, which decides further routing for that packet. We will see this shortly.

By default route command displays the host name in its output. We can request it to display the numerical IP address using -n option as shown below.

$ route -n
Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
192.168.1.0     0.0.0.0         255.255.255.0   U     0      0        0 eth0
0.0.0.0         192.168.1.10    0.0.0.0         UG    0      0        0 eth0

2. Adding a Default Gateway

We can specify that the packets that are not within the network has to be forwarded to a Gateway address.

The following route add command will set the default gateway as 192.168.1.10.

$ route add default gw 192.168.1.10

Now the route command will display the following entries.

$ route
Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
192.168.1.0     *               255.255.255.0   U     0      0        0 eth0
default         gateway.co.in   0.0.0.0         UG    0      0        0 eth0

Now we have just added a default gateway to our machine. To verify whether it is working properly, ping some external host (for example, google.com) to send ICMP packet.

$ ping www.google.com

The following is the sequences of evets that happens when the above ping command is executed.

  1. First it will query the DNS server to obtain the ip-address of google.com ( for example: 74.125.236.34 )
  2. The destination address ( 74.125.236.34 ) is not within the network range.
  3. So, in Layer-3 (IP header) the DESTINATION IP will be set as “74.125.236.34″.
  4. In Layer-2, the DESTINATION MAC address will be the filled in as the MAC address of the default gateway ( 192.168.1.10′s MAC ). The MAC will be found by using ARP as described earlier.
  5. When the packet is sent out, the network switch ( which works on Layer-2 ), send the packet to the default gateway since the destination MAC is that of the gateway.
  6. Once the gateway receives the packet, based on its routing table, it will forward the packets further.

The above 2 examples would have given a good idea about how routing is done within a network. Now we will see other command line options available with route command.

3. List Kernel’s Routing Cache Information

Kernel maintains the routing cache information to route the packets faster. We can list the kernel’s routing cache information by using the -C flag.

$ route -Cn
Kernel IP routing cache
Source          Destination     Gateway         Flags Metric Ref    Use Iface
192.168.1.157   192.168.1.51    192.168.1.51          0      0        1 eth0
192.168.1.157   74.125.236.69   192.168.1.10          0      0        0 eth0
.
.
.

4. Reject Routing to a Particular Host or Network

Sometimes we may want to reject routing the packets to a particular host/network. To do that, add the following entry.

$ route add -host 192.168.1.51 reject

As you see below, we cannot access that particular host (i.e .51 host that we just rejected).

$ ping 192.168.1.51
connect: Network is unreachable

However we can still access other hosts in the network (for example, .52 host is still accessible).

$ ping 192.168.1.53
PING 192.168.1.53 (192.168.1.53) 56(84) bytes of data.
64 bytes from 192.168.1.53: icmp_seq=1 ttl=64 time=7.77 ms

If you want to reject an entire network ( 192.168.1.1 – 192.168.1.255 ), then add the following entry.

$ route add -net 192.168.1.0 netmask 255.255.255.0 reject

Now, you cannot access any of the host in that network (for example: .51, .52, .53, etc.)

$ ping 192.168.1.51
connect: Network is unreachable

$ ping 192.168.1.52
connect: Network is unreachable

$ ping 192.168.1.53
connect: Network is unreachable

II. A Sample Network Architecture (to understand routing)

Let us use the following sample network architecture for the rest of the examples.

In the diagram below, we have 2 individual networks ( 192.168.1.0 and 192.168.3.0, with subnet mask of 255.255.255.0 ).

We also have a “GATEWAY” machine with 3 network cards. 1st card is connected to 192.168.1.0, 2nd card is connected to 192.168.3.0, and the 3rd card is connected to the external world.

5. Make 192.168.3.* Accessible from 192.168.1.*

Now we need to add a routing entry such that we are able to ping 192.168.3. series ip-addresses from 192.168.1. series. The common point we have is the GATEWAY machine.

So, on each machine in 192.168.1.* network a default gateway will be added as shown below.

$ route add default gw 192.168.1.10

Now when 192.168.1.1 pings 192.168.3.1, it will go to the GATEWAY via 192.168.1.10.

In GATEWAY, add the following routing entry.

$ route add -net 192.168.3.0 netmask 255.255.255.0 gw 192.168.3.10

Now all the packets addressed to 192.168.3.* network will be forwarded via the 192.168.3.10 interface, which then delivers the packets to the addressed machine.

6. Make 192.168.1.* Accessible from 192.168.3.*

It is very similar to what we did earlier.

So, on each machine in 192.168.3.* network a default gateway will be added as shown below.

$ route add default gw 192.168.3.10

In GATEWAY, add the following routing entry.

$ route add -net 192.168.1.0 netmask 255.255.255.0 gw 192.168.1.10

Now 192.168.3.* machines can ping 192.168.1.* machines.

7. Allow Internet Access ( External World )

In the previous two example, we have interconnected the 2 different networks.

Now we need to access the internet from these 2 different networks. For that, we can add a default routing ( when no routing rule matches ) to the 125.250.60.59 which is connected to the external world as follows.

$ route add default gw 125.250.60.59

This is how it works:

  1. Now when you try to access the internet (for example: ping google.com) from any of these machines (for example, from 192.168.3.2), the following is the sequence of events that happens.
  2. Since the destination (google.com) is not within 3.* series, it will be forwarded to GATEWAY via 3.10 interface
  3. In GATEWAY, it checks whether the destination is within 1.* range. In this example, it is not.
  4. It then checks whether the destination is within 2.* range. IN this example, it is not
  5. Finally, it takes the default route to forward the packets (i.e using the 125.250.60.59 interface, which is connected to the external world).

Linux Sysadmin Course Linux provides several powerful administrative tools and utilities which will help you to manage your systems effectively. If you don’t know what these tools are and how to use them, you could be spending lot of time trying to perform even the basic administrative tasks. The focus of this course is to help you understand system administration tools, which will help you to become an effective Linux system administrator.
Get the Linux Sysadmin Course Now!

If you enjoyed this article, you might also like..

  1. 50 Linux Sysadmin Tutorials
  2. 50 Most Frequently Used Linux Commands (With Examples)
  3. Top 25 Best Linux Performance Monitoring and Debugging Tools
  4. Mommy, I found it! – 15 Practical Linux Find Command Examples
  5. Linux 101 Hacks 2nd Edition eBook Linux 101 Hacks Book

Bash 101 Hacks Book Sed and Awk 101 Hacks Book Nagios Core 3 Book Vim 101 Hacks Book

{ 44 comments… read them below or add one }

1 rinku April 30, 2012 at 4:12 am

Great work

2 Ironmaniaco April 30, 2012 at 6:29 am

I don’t know how much time will take to deprecate the ifconfig+route with iproute2, but will not be so difficult to people learn iproute2 methods of creating routes, since the logic is basically the same, changing some “words” on the command sintax. :)

3 bob April 30, 2012 at 7:32 am

thank you. learnt something today.

4 Jalal Hajigholamali April 30, 2012 at 7:39 am

Hi,

Useful article…

thanks a lot

5 yakup April 30, 2012 at 9:14 am

Well written. One typo – in point 4 at the end, “is within 2.* range” should be “is within 3.* range”

6 dexcript April 30, 2012 at 1:53 pm

I prefer iproute2, its more flexible and powerfull..

7 clay April 30, 2012 at 8:37 pm

great series of articles.
another option: ip route [add|change|replace]

8 Pierre B. May 1, 2012 at 1:04 am

Yep! TGS strikes again!

Thanks for this tuto, and for the comments about iproute2, i need to learn this one too apparently.

9 Sudharshan May 1, 2012 at 9:39 am

Great thanks a lot ….

10 Iván Carrasco quiroz May 1, 2012 at 11:19 pm

A little summary of Iproute2:

Instead of “route add -net IP netmask MASk gw IP” you should enter
“ip route add IP/MASk via IP”.
Another command that can be used to replace “route -n” is “ip route show”.
To set a default gateway use: “ip route add default via IP”, and finally to delete a route use: “ip route del IP/MASK”.

Good luck
:-)

11 niraj May 2, 2012 at 12:50 am

Its really a good one to create a more than one gateway and route the same.

12 Shashank Gosavi May 2, 2012 at 6:02 am

Thnx buddy for introducing new commands…

13 TedSki May 2, 2012 at 8:05 am

A reminder that adding these static routes does not make them persistent across system reboots. Make sure to commit these changes to the relevant files within your distribution to make these persistent.

14 Assi May 2, 2012 at 8:31 am

good one, but after linux reboot all the routing table gone, to solved that follow this instraction:

1. Create call “route-eth0″ file in nano -w /etc/sysconfig/network-scripts/route-eth0
2. save the following lines to the file:
ADDRESS0=10.0.0.0
NETMASK0=255.255.0.0
GATEWAY0=192.168.0.1
if there is more then one route change the extention of the ADD, NET, GAT, to 1 and etc….
sample:
route 1
ADDRESS0=10.100.0.0
NETMASK0=255.255.0.0
GATEWAY0=192.168.0.1

route 2
ADDRESS1=10.200.0.0
NETMASK1=255.255.0.0
GATEWAY1= 192.168.0.1

reboot and route saved successfully.

15 Ivan Carrasco Quiroz May 2, 2012 at 8:56 am

Thanks Assi, nice tip!
Anyway you can edit your /etc/rc.local and insert the command “ip route …”, it will load your routes at start.

:-)

16 Assi May 2, 2012 at 9:58 am

Thanks Ivan :-)
i try to add this line (“ip route …”, ) to production servers that have RH / CentOS, from some reason its not working for me.
then i create the file “route-eth0″ and its working like a magic.

17 Ivan Carrasco Quiroz May 2, 2012 at 4:50 pm

Try “apt-get install iproute” (DEB/UBUNTU) or “yum install iproute”(CENTOS). Maybe your distro does not have the package installed.

:-)

18 bob May 4, 2012 at 8:23 am

in the example for the “reject”, you might want to show the dump of the route command so that we can see how the entries look like.

in the sample network above, once you have configured everything, you might want to show dump of “route -n” at each of the 3 nodes, so that we can see at a glance how everything looks like.

19 ramsse May 15, 2012 at 7:46 pm

In step 7, where do we add the default route? in GATEWAY only?
$ route add default gw 125.250.60.59

20 Lakshmanan Ganapathy October 12, 2012 at 9:59 am

@ramsee,

That is done, to ensure that we can access the outside world. ( Internet ).

If the destination is not within the 1.* and 3.* series, it will reach out to outside world.

21 Anonymous October 15, 2012 at 3:13 am

awesome and thanks very much

22 pria October 25, 2012 at 11:46 pm

Great article !!!

23 Nargunam November 1, 2012 at 10:09 am

Suprb Article!!!

24 alieblice November 6, 2012 at 9:13 am

Hi
I dont understand this part :
——–
4. It then checks whether the destination is within 2.* range. IN this example, it is not
——–
why it should check fore 2.* range ? is 2.* should be 3.* ?

25 obvious November 25, 2012 at 3:59 pm

@alieblice: It’s a typo. It IS 3

26 Girish November 29, 2012 at 3:29 am

Great work Thanks for the info

27 marikhu February 3, 2013 at 10:26 pm

Nice work, clear and concise!

28 Bilal Ali February 10, 2013 at 2:23 pm

I think this the thing from which I had a routing fobia.
Which is now vanished.
Thanks for explaining step by step which helps beginners alot.

29 santosh loke February 19, 2013 at 4:36 am

nicely explained!
thx.

30 giri February 27, 2013 at 11:02 pm

In the above example:
4. Reject Routing to a Particular Host or Network

How do i undo the block? i mean later if the IP which is rejected,needs to be accepted,then what command we need to use?

31 Anonymous April 30, 2013 at 8:59 am

ip route del

32 Shamsoo May 22, 2013 at 11:08 am

In steps 5 and 6, why are routes being added on the Gateway to the local subnets (.1 and .3). Is that necessary?

33 bechesa June 2, 2013 at 2:25 am

@Shamso: yes , so that the two different sub networks are able to communicate to each other.

34 shawn June 20, 2013 at 9:15 pm

why are you specifying step #7
$ route add default gw 125.250.60.59
??

This can only be true if you are assigned a static IP from your ISP and using that, otherwise your modem interface (whatever that may be, i like to use eth0), should be set to DHCP and you have to masquerade out from the GATEWAY machine, which should be a firewall/router/DHCP/DNS server all in one to secure and solidify your whole LAN. make it easier.

35 Javier Talens July 15, 2013 at 5:14 am

Nice explanation. Good job! :)

36 vinay kumar August 7, 2013 at 1:02 am

hi

i want to add one virtual gateway in the centos , i have two nic card and assigned one static ip with gateway on the eth1 but second local ip with out gateway on the eth0

i have created one file route-eth0 (/etc/sysconfig/network-scripts)
added three lines for the route
ADDRESS0=192.168.3.3
NETMASK0=255.255.255.0
GATEWAY0=192.168.3.51
when i staring the service i am getting error Bringing up interface eth0: RTNETLINK answers: Invalid argument and it is not showing gateway thorugh this command route -n

Please help me for the same

37 ivancarrascoq August 8, 2013 at 10:39 am

Hi vinay kumar,

I think you should use on CentOS:
[root@corporativo ~]# cat /etc/sysconfig/network-scripts/ifcfg-eth0
DEVICE=eth0
BOOTPROTO=none
ONBOOT=yes
IPADDR=192.168.3.3
NETMASK=255.255.255.0
GATEWAY=192.168.3.51

Anyway, I recommend you first try your config with float addresses/gateways.
# ip addr add 192.168.3.3/24 dev eth0
# ip route add default via 192.168.3.51

You can load it into /etc/rc.local
What do you want to do?

Best regards,
Iván Carrasco Quiroz.

38 nino August 14, 2013 at 5:56 am

Hi, really great work, i was trying to implement the sample network using VMs in Openstack, but can seem to ping the networks from each other, though they can both ping the VM which i was using as the gateway, any help on what might be the reason i can implement it in an all VM situation

39 abhi September 17, 2013 at 2:15 am

Thanks a lot though i used route often but was filled up with some doubt.
Required a detailed information part 1 was full of basics and part 2 was well supported by example thanks a lot

40 shiv January 8, 2014 at 10:51 am

hi Laxmanan
Nice Explaination, it not working in my situation,
Can you figure out where is the mistake

firewall(ISP 101.202.100.201 and local 192.168.0.0 ) gateway 192.168.0.1
|
Gateway node(network 10.3.61.0 and 192.168.0.0)
|
Internal network(10.3.61.0) with gateway 10.3.61.1

I am able to access internet at gateway node by using proxy ip that is 192.168.0.1

I am not able to ping 192.168.0.1 from internal network. I did the setting as you specified in your architecture diagram.
I am able to ping gateway node on 10.1.1.1 gw from internal network.

I want to access internet from internal network and want all the traffic from internal network will pass through gateway node.

Please let me know if same can be achieved in some other way too.
Thanks in advance….

41 MikeS January 31, 2014 at 2:33 pm

Ok, so I’m trying to do this exact same setup except using ipv6 and I just can’t seem to get Lan A to talk to Lan B

Here’s my setup

LAN A Host: 2001::2

Gateway NicA: 2001::1
NicB 2000::1

Lan B Host: 2000::2

I’ve got the hosts’s gateway’d to my gateway. And i’ve been able to pink the nics on the gateway, but can not seem to get traffic to pass to the other network.

42 chris April 16, 2014 at 5:39 pm

Hi, ive been reading a lot of comments and docs regarding nullrouting. I am actually interested to nullroute one of my own IPs, and add 1 exemption to it. For example, I have a VPS with 3 IPs and I want 1 IP address to be null routed, while the other 2 working normal like before. As far as I read around i can only null route a specific address to my IP. What i want is my IP address to be totally null routed to any other external IP address, and adding only 1 IP exemption. Being said, I have 3 IPs, I want 2 of them to work normally like before, but one to be nullrouted to the internet, excepting 1 ip to be allowed to reach it.
Thanks,

Chris

43 Arun May 22, 2014 at 4:48 am

The screenshot shown for point 1 is actually that of point 2 and vice versa. Kindly check.

44 Venkatt Guhesan June 24, 2014 at 9:00 am

Ramesh – can you include the following notes under the sections for #5 and #6 of this article?

** In some Linux versions, IP-Forwarding will be switched OFF by default so you will need to enable it in addition to the “route add” to make the “ping” work.

Here is how you enable the IP-Forwarding (on the GATEWAY box):
# Edit /etc/sysctl.conf and set the following to a “1″
net.ipv4.ip_forward = 1 #used to be a zero
# Reboot the gateway box.
After you reboot if you tried pinging an IP on the other network and you now get “Destination Host Prohibited”, then you need to either turn off iptables or firewall rules (or add rules to allow those ports) on the Gateway box.
# If you wish to toggle that same ip_forward feature in real-time without restarting the gateway box, you can do this the following way:
echo 1 > /proc/sys/net/ipv4/ip_forward
# This turns the ip_forward switch ON but if you reboot, it will revert back to the default state of OFF (unless you change it in the /etc/sysctl.conf) file.

Leave a Comment

Previous post:

Next post: