≡ Menu

How to Add Multiple Routes in Linux Using ip Command Examples

Apart from the default route, you can also configure additional routes.

For example, your server you might have 2 interfaces (eth0 and eth1). By default, all the traffic is routed through interface eth0 irrespective of what IP address you have configured on eth1.

To route the incoming and outgoing traffic through eth1, other than the default route (eth0), you also need to add additional routes for eth1 .

In this tutorial, let us use the following example:

  • eth0 has been configured with IP address with netmask and default gateway of
  • eth1 has been configured with IP address with netmask and it’s gateway IP address is

You can view your current ip-address of your interface cards using ifconfig command as shown below.

# ifconfig -a
eth0      Link encap:Ethernet  HWaddr 00:50:56:8E:0B:EC
          inet addr:  Bcast:  Mask:
          RX packets:3735 errors:0 dropped:0 overruns:0 frame:0
          TX packets:336 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000
          RX bytes:295679 (288.7 Kb)  TX bytes:50312 (49.1 Kb)

eth1      Link encap:Ethernet  HWaddr 00:50:56:8E:27:0D
          inet addr:  Bcast:  Mask:
          RX packets:14 errors:0 dropped:0 overruns:0 frame:0
          TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000
          RX bytes:840 (840.0 b)  TX bytes:0 (0.0 b)

Also, the netstat command output indicates that the default gateway is pointing to eth0,

# netstat -rn
Kernel IP routing table
Destination     Gateway         Genmask         Flags   MSS Window  irtt Iface         UG        0 0          0 eth0   U         0 0          0 eth1   U         0 0          0 eth0       U         0 0          0 lo     U         0 0          0 eth0

With the above settings, you may be able to ping both the gateways and communicate with other devices without any issues. But, remember that all the traffic is routed through eth0 by default.

When you ping the IP address from outside your network you may notice that it will not be pingable.

In order to implement this, you need a create a new policy in the routing table. The routing table is located at /etc/iproute2/rt_tables. The initial rule file before configuration may look like the one shown below.

# cat /etc/iproute2/rt_tables
# reserved values
255     local
254     main
253     default
0       unspec
# local
#1      inr.ruhep

To view all the current rules, use the ip command as shown below:

# ip rule show
0:      from all lookup local
32766:  from all lookup main
32767:  from all lookup default

First, take a backup of the rt_Tables before making any changes.

cd /etc/iproute2
cp rt_tables rt_tables.orig

Next, create a new policy routing table entry in /etc/iproute2/rt_tables file:

echo "1 admin" >> /etc/iproute2/rt_tables

Now add the routing entries in the admin table.

ip route add dev eth1 src table admin
ip route add default via dev eth1 table admin

In the above example:

  • In the first ip command, we are adding subnet with a netmask with the source IP address & device eth1 to the admin table.
  • In the second ip command, we are adding the route to the admin table. This way all the rules defined in admin table routes traffic through device eth1.

Once the above commands are executed successfully, you need to instruct the OS how to use this table.

In the “ip rule show” you may noticed the line “32766: from all lookup main”. This is the line that instructs the OS to route all the traffic defined in “main” table which is the default gateway.

All the rules are executed in the ascending order. So, we will add rule entries above the “main” table.

ip rule add from table admin
ip rule add to table admin
ip route flush cache

In the above example:

  • The first command adds the rule that all the traffic going to eth1’s IP needs to use the “admin” routing table instead of “main” one.
  • The second command adds the rule that all the outgoing traffic from eth1’s IP needs to use the “admin” routing table instead of “main” one.
  • The third command is used to commit all these changes in the previous commands

Finally, verify that your changes are made appropriately using the following command:

# ip rule show
0:      from all lookup local
32764:  from all to lookup admin
32765:  from lookup admin
32766:  from all lookup main
32767:  from all lookup default

At this point, you should be able to ping the IP address from the outside network and view all the traffic that is supposed to be using eth1 is working as expected.

To make these changes persistent across reboot, you can add these commands to /etc/init.d/boot.local (for SUSE Linux), or /etc/rc.d/rc.local (for Redhat, CentOS).

If you want to configure one more IP address on a different subnet, repeat all of the above steps, but use a different table name. Instead of “admin” table, use “admin-new” table.

Add your comment

If you enjoyed this article, you might also like..

  1. 50 Linux Sysadmin Tutorials
  2. 50 Most Frequently Used Linux Commands (With Examples)
  3. Top 25 Best Linux Performance Monitoring and Debugging Tools
  4. Mommy, I found it! – 15 Practical Linux Find Command Examples
  5. Linux 101 Hacks 2nd Edition eBook Linux 101 Hacks Book

Bash 101 Hacks Book Sed and Awk 101 Hacks Book Nagios Core 3 Book Vim 101 Hacks Book

Comments on this entry are closed.

  • Jalal Hajigholamali August 24, 2014, 10:25 pm


    Thanks a lot for very nice and useful article

  • prakash September 4, 2014, 9:28 pm

    you had taken eth0 and eth1 interface example, How its going to work with wlan0 interface? can we apply same concept here???

  • Steve September 11, 2014, 1:42 pm

    Can you show the rt_tables in it’s final state? I am getting “Database /etc/iproute2/rt_tables is corrupted at ip route add” after modifying the file when I run “ip rule show”.

    I am not sure it this will work for what I am trying to do. I have a virtual interface (virbr0) which I am trying to expose.

    Love your tips!

  • Mahesh September 16, 2014, 9:31 am

    Thanks for the article. Is it possible to accept the traffic to specified network interface from particular source IP/network?

  • Trempest Humphries February 11, 2015, 1:16 am

    Hi. I managed to achieve a different routing gateway over a second NIC for a different subnet. So thanks first of all for your valuable advice.

    I’m curious of another adventure.

    If my server has only TWO NICs with ETH0 running on a private IP ( with default gateway No problem here.

    And I achieved setting up a second default gateway over ETH1 using your guide for a second PUBLIC subnet. No problem here.

    Is it possible to add a virtual interface to ETH1? Such as ETH1:0, ETH1:2, ETH1:2?

    My aim as follows:

    1. To have the server managed through a private IP from the LAN
    2. To host multiple domain names/public IPs using Postfix and Dovecot. Each with its own public IP but note the public IPs are NOT from the same range so each of the 4 public IP address would have its own default gateway.

    Note: A vendor has the FW setup in such a way that allows/recognizes/routes all so there will be no issues related to the FW or routers.

    Its the limitation that my server can only add ONE additional NIC (ETH1). I would consider a quad port add-on NIC but if what I need can be acheived on a development system to test Postfix and Dovecot and server performance then I’ll have an easier time getting support from my boss to invest in a near USD1000.00 NIC with 4 ports.

  • Sam March 25, 2015, 7:48 pm

    Why not to just edit the file “/etc/sysctl.conf”:
    edit net.ipv4.conf.default.rp_filter = 2
    add net.ipv4.conf.all.rp_filter = 2
    sysctl -p

  • mohammad hadi tabarzad January 17, 2016, 5:45 am

    Thanks a lot!

  • Hugo May 20, 2016, 5:08 pm

    Great article! You save my day!
    While I was configuring this in a bunch of servers I was thinking: Why do not implement this on the eth0?

  • Hugo May 20, 2016, 5:13 pm

    To make this settings permanent in Centos/RedHat just add the commands in route-eth1 and rule-eth1 files in /etc/sysconfig/network-scripts/