≡ Menu

7 Linux Route Command Examples (How to Add Route in Linux)

In the 1st part of the IP Routing series, we learned the fundamentals of Linux IP Routing.

Route command is used to show/manipulate the IP routing table. It is primarily used to setup static routes to specific host or networks via an interface.

In this article we will see how to manipulate the routing tables in Linux using route command.

We’ll first explain how routing is done with some basic route command examples, and then we’ll explain using a sample network architecture about how to setup routes in your network.

I. How Routing is Done?

1. Display Existing Routes

route command by default will show the details of the kernel routing table entries. In this example, the ip-address of the system where the route command is being executed is

$ route
Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface     *        U     0      0        0 eth0

The above command shows that if the destination is within the network range –, then the gateway is *, which is

When packets are sent within this IP range, then the MAC address of the destination is found through ARP Protocol and the packet will be sent to the MAC address.

If you don’t know what ARP is, you should first understand how ARP protocol works.

In order to send packets to destination which is not within this ip range, the packets will be forwarded to a default gateway, which decides further routing for that packet. We will see this shortly.

By default route command displays the host name in its output. We can request it to display the numerical IP address using -n option as shown below.

$ route -n
Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface   U     0      0        0 eth0         UG    0      0        0 eth0

2. Adding a Default Gateway

We can specify that the packets that are not within the network has to be forwarded to a Gateway address.

The following route add command will set the default gateway as

$ route add default gw

Now the route command will display the following entries.

$ route
Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface     *        U     0      0        0 eth0
default         gateway.co.in         UG    0      0        0 eth0

Now we have just added a default gateway to our machine. To verify whether it is working properly, ping some external host (for example, google.com) to send ICMP packet.

$ ping www.google.com

The following is the sequences of evets that happens when the above ping command is executed.

  1. First it will query the DNS server to obtain the ip-address of google.com ( for example: )
  2. The destination address ( ) is not within the network range.
  3. So, in Layer-3 (IP header) the DESTINATION IP will be set as “”.
  4. In Layer-2, the DESTINATION MAC address will be the filled in as the MAC address of the default gateway (’s MAC ). The MAC will be found by using ARP as described earlier.
  5. When the packet is sent out, the network switch ( which works on Layer-2 ), send the packet to the default gateway since the destination MAC is that of the gateway.
  6. Once the gateway receives the packet, based on its routing table, it will forward the packets further.

The above 2 examples would have given a good idea about how routing is done within a network. Now we will see other command line options available with route command.

3. List Kernel’s Routing Cache Information

Kernel maintains the routing cache information to route the packets faster. We can list the kernel’s routing cache information by using the -C flag.

$ route -Cn
Kernel IP routing cache
Source          Destination     Gateway         Flags Metric Ref    Use Iface          0      0        1 eth0          0      0        0 eth0

4. Reject Routing to a Particular Host or Network

Sometimes we may want to reject routing the packets to a particular host/network. To do that, add the following entry.

$ route add -host reject

As you see below, we cannot access that particular host (i.e .51 host that we just rejected).

$ ping
connect: Network is unreachable

However we can still access other hosts in the network (for example, .52 host is still accessible).

$ ping
PING ( 56(84) bytes of data.
64 bytes from icmp_seq=1 ttl=64 time=7.77 ms

If you want to reject an entire network ( – ), then add the following entry.

$ route add -net netmask reject

Now, you cannot access any of the host in that network (for example: .51, .52, .53, etc.)

$ ping
connect: Network is unreachable

$ ping
connect: Network is unreachable

$ ping
connect: Network is unreachable

II. A Sample Network Architecture (to understand routing)

Let us use the following sample network architecture for the rest of the examples.

In the diagram below, we have 2 individual networks ( and, with subnet mask of ).

We also have a “GATEWAY” machine with 3 network cards. 1st card is connected to, 2nd card is connected to, and the 3rd card is connected to the external world.

5. Make 192.168.3.* Accessible from 192.168.1.*

Now we need to add a routing entry such that we are able to ping 192.168.3. series ip-addresses from 192.168.1. series. The common point we have is the GATEWAY machine.

So, on each machine in 192.168.1.* network a default gateway will be added as shown below.

$ route add default gw

Now when pings, it will go to the GATEWAY via

In GATEWAY, add the following routing entry.

$ route add -net netmask gw

Now all the packets addressed to 192.168.3.* network will be forwarded via the interface, which then delivers the packets to the addressed machine.

6. Make 192.168.1.* Accessible from 192.168.3.*

It is very similar to what we did earlier.

So, on each machine in 192.168.3.* network a default gateway will be added as shown below.

$ route add default gw

In GATEWAY, add the following routing entry.

$ route add -net netmask gw

Now 192.168.3.* machines can ping 192.168.1.* machines.

7. Allow Internet Access ( External World )

In the previous two example, we have interconnected the 2 different networks.

Now we need to access the internet from these 2 different networks. For that, we can add a default routing ( when no routing rule matches ) to the which is connected to the external world as follows.

$ route add default gw

This is how it works:

  1. Now when you try to access the internet (for example: ping google.com) from any of these machines (for example, from, the following is the sequence of events that happens.
  2. Since the destination (google.com) is not within 3.* series, it will be forwarded to GATEWAY via 3.10 interface
  3. In GATEWAY, it checks whether the destination is within 1.* range. In this example, it is not.
  4. It then checks whether the destination is within 2.* range. IN this example, it is not
  5. Finally, it takes the default route to forward the packets (i.e using the interface, which is connected to the external world).

If you enjoyed this article, you might also like..

  1. 50 Linux Sysadmin Tutorials
  2. 50 Most Frequently Used Linux Commands (With Examples)
  3. Top 25 Best Linux Performance Monitoring and Debugging Tools
  4. Mommy, I found it! – 15 Practical Linux Find Command Examples
  5. Linux 101 Hacks 2nd Edition eBook Linux 101 Hacks Book

Bash 101 Hacks Book Sed and Awk 101 Hacks Book Nagios Core 3 Book Vim 101 Hacks Book

{ 44 comments… add one }

  • rinku April 30, 2012, 4:12 am

    Great work

  • Ironmaniaco April 30, 2012, 6:29 am

    I don’t know how much time will take to deprecate the ifconfig+route with iproute2, but will not be so difficult to people learn iproute2 methods of creating routes, since the logic is basically the same, changing some “words” on the command sintax. :)

  • bob April 30, 2012, 7:32 am

    thank you. learnt something today.

  • Jalal Hajigholamali April 30, 2012, 7:39 am


    Useful article…

    thanks a lot

  • yakup April 30, 2012, 9:14 am

    Well written. One typo – in point 4 at the end, “is within 2.* range” should be “is within 3.* range”

  • dexcript April 30, 2012, 1:53 pm

    I prefer iproute2, its more flexible and powerfull..

  • clay April 30, 2012, 8:37 pm

    great series of articles.
    another option: ip route [add|change|replace]

  • Pierre B. May 1, 2012, 1:04 am

    Yep! TGS strikes again!

    Thanks for this tuto, and for the comments about iproute2, i need to learn this one too apparently.

  • Sudharshan May 1, 2012, 9:39 am

    Great thanks a lot ….

  • Iván Carrasco quiroz May 1, 2012, 11:19 pm

    A little summary of Iproute2:

    Instead of “route add -net IP netmask MASk gw IP” you should enter
    “ip route add IP/MASk via IP”.
    Another command that can be used to replace “route -n” is “ip route show”.
    To set a default gateway use: “ip route add default via IP”, and finally to delete a route use: “ip route del IP/MASK”.

    Good luck

  • niraj May 2, 2012, 12:50 am

    Its really a good one to create a more than one gateway and route the same.

  • Shashank Gosavi May 2, 2012, 6:02 am

    Thnx buddy for introducing new commands…

  • TedSki May 2, 2012, 8:05 am

    A reminder that adding these static routes does not make them persistent across system reboots. Make sure to commit these changes to the relevant files within your distribution to make these persistent.

  • Assi May 2, 2012, 8:31 am

    good one, but after linux reboot all the routing table gone, to solved that follow this instraction:

    1. Create call “route-eth0″ file in nano -w /etc/sysconfig/network-scripts/route-eth0
    2. save the following lines to the file:
    if there is more then one route change the extention of the ADD, NET, GAT, to 1 and etc….
    route 1

    route 2

    reboot and route saved successfully.

  • Ivan Carrasco Quiroz May 2, 2012, 8:56 am

    Thanks Assi, nice tip!
    Anyway you can edit your /etc/rc.local and insert the command “ip route …”, it will load your routes at start.


  • Assi May 2, 2012, 9:58 am

    Thanks Ivan :-)
    i try to add this line (“ip route …”, ) to production servers that have RH / CentOS, from some reason its not working for me.
    then i create the file “route-eth0″ and its working like a magic.

  • Ivan Carrasco Quiroz May 2, 2012, 4:50 pm

    Try “apt-get install iproute” (DEB/UBUNTU) or “yum install iproute”(CENTOS). Maybe your distro does not have the package installed.


  • bob May 4, 2012, 8:23 am

    in the example for the “reject”, you might want to show the dump of the route command so that we can see how the entries look like.

    in the sample network above, once you have configured everything, you might want to show dump of “route -n” at each of the 3 nodes, so that we can see at a glance how everything looks like.

  • ramsse May 15, 2012, 7:46 pm

    In step 7, where do we add the default route? in GATEWAY only?
    $ route add default gw

  • Lakshmanan Ganapathy October 12, 2012, 9:59 am


    That is done, to ensure that we can access the outside world. ( Internet ).

    If the destination is not within the 1.* and 3.* series, it will reach out to outside world.

  • Anonymous October 15, 2012, 3:13 am

    awesome and thanks very much

  • pria October 25, 2012, 11:46 pm

    Great article !!!

  • Nargunam November 1, 2012, 10:09 am

    Suprb Article!!!

  • alieblice November 6, 2012, 9:13 am

    I dont understand this part :
    4. It then checks whether the destination is within 2.* range. IN this example, it is not
    why it should check fore 2.* range ? is 2.* should be 3.* ?

  • obvious November 25, 2012, 3:59 pm

    @alieblice: It’s a typo. It IS 3

  • Girish November 29, 2012, 3:29 am

    Great work Thanks for the info

  • marikhu February 3, 2013, 10:26 pm

    Nice work, clear and concise!

  • Bilal Ali February 10, 2013, 2:23 pm

    I think this the thing from which I had a routing fobia.
    Which is now vanished.
    Thanks for explaining step by step which helps beginners alot.

  • santosh loke February 19, 2013, 4:36 am

    nicely explained!

  • giri February 27, 2013, 11:02 pm

    In the above example:
    4. Reject Routing to a Particular Host or Network

    How do i undo the block? i mean later if the IP which is rejected,needs to be accepted,then what command we need to use?

  • Anonymous April 30, 2013, 8:59 am

    ip route del

  • Shamsoo May 22, 2013, 11:08 am

    In steps 5 and 6, why are routes being added on the Gateway to the local subnets (.1 and .3). Is that necessary?

  • bechesa June 2, 2013, 2:25 am

    @Shamso: yes , so that the two different sub networks are able to communicate to each other.

  • shawn June 20, 2013, 9:15 pm

    why are you specifying step #7
    $ route add default gw

    This can only be true if you are assigned a static IP from your ISP and using that, otherwise your modem interface (whatever that may be, i like to use eth0), should be set to DHCP and you have to masquerade out from the GATEWAY machine, which should be a firewall/router/DHCP/DNS server all in one to secure and solidify your whole LAN. make it easier.

  • Javier Talens July 15, 2013, 5:14 am

    Nice explanation. Good job! :)

  • vinay kumar August 7, 2013, 1:02 am


    i want to add one virtual gateway in the centos , i have two nic card and assigned one static ip with gateway on the eth1 but second local ip with out gateway on the eth0

    i have created one file route-eth0 (/etc/sysconfig/network-scripts)
    added three lines for the route
    when i staring the service i am getting error Bringing up interface eth0: RTNETLINK answers: Invalid argument and it is not showing gateway thorugh this command route -n

    Please help me for the same

  • ivancarrascoq August 8, 2013, 10:39 am

    Hi vinay kumar,

    I think you should use on CentOS:
    [root@corporativo ~]# cat /etc/sysconfig/network-scripts/ifcfg-eth0

    Anyway, I recommend you first try your config with float addresses/gateways.
    # ip addr add dev eth0
    # ip route add default via

    You can load it into /etc/rc.local
    What do you want to do?

    Best regards,
    Iván Carrasco Quiroz.

  • nino August 14, 2013, 5:56 am

    Hi, really great work, i was trying to implement the sample network using VMs in Openstack, but can seem to ping the networks from each other, though they can both ping the VM which i was using as the gateway, any help on what might be the reason i can implement it in an all VM situation

  • abhi September 17, 2013, 2:15 am

    Thanks a lot though i used route often but was filled up with some doubt.
    Required a detailed information part 1 was full of basics and part 2 was well supported by example thanks a lot

  • shiv January 8, 2014, 10:51 am

    hi Laxmanan
    Nice Explaination, it not working in my situation,
    Can you figure out where is the mistake

    firewall(ISP and local ) gateway
    Gateway node(network and
    Internal network( with gateway

    I am able to access internet at gateway node by using proxy ip that is

    I am not able to ping from internal network. I did the setting as you specified in your architecture diagram.
    I am able to ping gateway node on gw from internal network.

    I want to access internet from internal network and want all the traffic from internal network will pass through gateway node.

    Please let me know if same can be achieved in some other way too.
    Thanks in advance….

  • MikeS January 31, 2014, 2:33 pm

    Ok, so I’m trying to do this exact same setup except using ipv6 and I just can’t seem to get Lan A to talk to Lan B

    Here’s my setup

    LAN A Host: 2001::2

    Gateway NicA: 2001::1
    NicB 2000::1

    Lan B Host: 2000::2

    I’ve got the hosts’s gateway’d to my gateway. And i’ve been able to pink the nics on the gateway, but can not seem to get traffic to pass to the other network.

  • chris April 16, 2014, 5:39 pm

    Hi, ive been reading a lot of comments and docs regarding nullrouting. I am actually interested to nullroute one of my own IPs, and add 1 exemption to it. For example, I have a VPS with 3 IPs and I want 1 IP address to be null routed, while the other 2 working normal like before. As far as I read around i can only null route a specific address to my IP. What i want is my IP address to be totally null routed to any other external IP address, and adding only 1 IP exemption. Being said, I have 3 IPs, I want 2 of them to work normally like before, but one to be nullrouted to the internet, excepting 1 ip to be allowed to reach it.


  • Arun May 22, 2014, 4:48 am

    The screenshot shown for point 1 is actually that of point 2 and vice versa. Kindly check.

  • Venkatt Guhesan June 24, 2014, 9:00 am

    Ramesh – can you include the following notes under the sections for #5 and #6 of this article?

    ** In some Linux versions, IP-Forwarding will be switched OFF by default so you will need to enable it in addition to the “route add” to make the “ping” work.

    Here is how you enable the IP-Forwarding (on the GATEWAY box):
    # Edit /etc/sysctl.conf and set the following to a “1”
    net.ipv4.ip_forward = 1 #used to be a zero
    # Reboot the gateway box.
    After you reboot if you tried pinging an IP on the other network and you now get “Destination Host Prohibited”, then you need to either turn off iptables or firewall rules (or add rules to allow those ports) on the Gateway box.
    # If you wish to toggle that same ip_forward feature in real-time without restarting the gateway box, you can do this the following way:
    echo 1 > /proc/sys/net/ipv4/ip_forward
    # This turns the ip_forward switch ON but if you reboot, it will revert back to the default state of OFF (unless you change it in the /etc/sysctl.conf) file.

Leave a Comment