Linux Commands Examples

A great documentation place for Linux commands


show / manipulate the IP routing table

see also : ifconfig - netstat - arp - rarp


route [-CFvnee]


[-v] [-A family] add [-net|-host] target [netmask Nm] [gw Gw] [metric N] [mss M] [window W] [irtt I] [reject] [mod] [dyn] [reinstate] [[dev] If]


[-v] [-A family] del [-net|-host] target [gw Gw] [netmask Nm] [metric N] [[dev] If]


[-V] [--version] [-h] [--help]

add an example, a script, a trick and tips

: email address (won't be displayed)
: name

Step 2

Thanks for this example ! - It will be moderated and published shortly.

Feel free to post other examples
Oops ! There is a tiny cockup. A damn 404 cockup. Please contact the loosy team who maintains and develops this wonderful site by clicking in the mighty feedback button on the side of the page. Say what happened. Thanks!



route add -net netmask dev lo

adds the normal loopback entry, using netmask and associated with the "lo" device (assuming this device was previously set up correctly with ifconfig(8)).

route add -net netmask dev eth0

adds a route to the local network 192.56.76.x via "eth0". The word "dev" can be omitted here.

route del default

deletes the current default route, which is labeled "default" or in the destination field of the current routing table.

route add default gw mango-gw

adds a default route (which will be used if no other route matches). All packets using this route will be gatewayed through "mango-gw". The device which will actually be used for that route depends on how we can reach "mango-gw" - the static route to "mango-gw" will have to be set up before.

route add ipx4 sl0

Adds the route to the "ipx4" host via the SLIP interface (assuming that "ipx4" is the SLIP host).

route add -net netmask gw ipx4

This command adds the net "192.57.66.x" to be gatewayed through the former route to the SLIP interface.

route add -net netmask dev eth0

This is an obscure one documented so people know how to do it. This sets all of the class D (multicast) IP routes to go via "eth0". This is the correct normal configuration line with a multicasting kernel.

route add -net netmask reject

This installs a rejecting route for the private network "10.x.x.x."

echo "route -n"
route -n
init_route() {
echo route: Plugin loaded
newif_route() {
route() {
ROUTE_CMDS="$ROUTE_CMDS ; ip route add $*"

How can I ping via an alternate gateway?

Sorry, you can only have one default gateway. You can have multiple gateways, but only one for every network.

The problem is, that both mentioned IPs are in the same network. Also you specified your CIDRs wrongly: You meant as having a subnet of; or even have a bigger subnet e.g. as being

You can therefore ping any host inside your network ( or any host reachable via a (or the) gateway. But having two gateways for the same network is not possible.


How do I setup Ubuntu/Linux's Network manager to selectively route network traffic through the VPN?

I'm assuming the pptp software is setting your default route to ppp0.

You can either tweak your routes after your connection


you could try removing the 'defaultroute' directive from the pptp config file (possibly /etc/ppp/ppp.conf)


How to route somehost to other host with some port on linux?

Shorewall routes. (FAQ)

You want to redirect all local connection requests to a server running in your local zone at and listening on port 333. Your local interface is eth1.

Disclaimer; I've not done exactly this with Shorewall, so modified an example Squid server setup:

  1. Add this entry to your /etc/shorewall/providers file.

    foo     1       202     -               eth1       loose
  2. In /etc/shorewall/tcrules add:

    #MARK    SOURCE              DEST        PROTO    DEST
    #                                                 PORT(S)
    202:P   tcp      80
  3. In /etc/shorewall/interfaces :

    loc     eth1         detect       routeback          
  4. On localhost, arrange for the following command to be executed after networking has come up

    iptables -t nat -A PREROUTING -i eth0 -d ! -p tcp --dport 80 -j REDIRECT --to-ports 333          

How to route only specific subnet (source ip) to a particular interface?

You must use the route command. For example if you want to route all ip of to a particular device you have to use the following command:

route add -net netmask dev eth0

With that command you say that all the packets sent from that subnet must be sent to the eth0 interface. If you need to add also a gateway for that connection you can use that:

route add -net netmask  gw

Setup routing and iptables for new VPN connection to redirect **only** ports 80 and 443

routing per protocol is a tad complicated. Usually routing table is used to check the gateway according to destination IP and use either the openvpn or the default gateway.

It would be easier to set up e.g. Squid http proxy on the other end of the VPN and set browser to use the proxy.

You wouldn't use the iptables as it would change the destination IP of the HTTP connection and it would not work.

You could create a new routing table (/etc/iproute2/rt_tables) with default route set to the VPN endpoint, use iptables fwmark ( -j MARK ) to mark all the HTTP packets and then use ip rule to create a custom rule for the marked packages to use the new routing table.


iptables vs route

route is a command that displays, adds and deletes entries from the kernel's TCP/IP routing table (aka "Forwarding Information Base").

iptables is a command that displays, adds, and deletes entries from Netfilter, the Linux kernel's packet filtering and manipulating subsystem. It handles NAT.

Since IP forwarding, i.e. routing, is basically rewriting a packet with a different source address and shipping it out of a different network interface, I believe you could technically do static routing with the proper iptables rules in the mangle table, but I believe it's generally fastest to let the routing part of the kernel do that.

There are many diagrams that are out there that illustrate exactly how a TCP/IP packet traverses the kernel (including Netfilter and the routing facility) - an example is this:


How do I display the route to a website (eg

traceroute. See here for all the options.

EDIT: Essentially, when your computer wants to visit a web page, there is generally no direct path that you can take, and it must go through a series of hops. When you run the traceroute command, it simply prints the hops. Usually, this process takes fractions of a second, but sometimes, if there is a failure point, it may never complete.

In those cases, traceroute is used to figure out the point of failure. One will see the hops made, and can in many cases conclude that it is the fault of the last hop. Unfortunately, if there were a way around this failed node, it most probably would have been found by the routing algorithm itself, so generally you just have to wait for someone to fix the server.


Is there any alternative to virtualization for handling two different interfaces, different networks and same IP range?

If both the network address and subnet masks for the two separate networks are identical, your network is misconfigured in a way that defeats the basic intent of IP-routing.

I would renumber one of the networks.


2 gateways 1 nic Ubuntu

Connection Properties -> TCP/IP Properties -> Default Gateways -> Add (separated by metrics

ip route add default via dev eth0

but have access from two external IP addresses

Are they assigned to the router, or directly to the PC? (I'm guessing the former, in which case you have to configure the router...)

If the addresses belonged to the computer itself, you could use ip addr add.


Seting up IPTables to forward multiple GoPro cameras

You're looking for something like:

iptables -t nat -A PREROUTING -p tcp --dport 80 -j REDIRECT --to-port

However as each of your wifi adapters has the same IP this won't work because your routing table will be fubar.

To get this working you need to force each wifi adapter to have a unique address on the network and then also set up your routing appropriately:


You'd setup each interface something like so:

ifconfig wlan0 <WLAN IF ADDR> -pointopoint <CAMERA ADDR>

And that should setup the route for you, if not use the "route" command above.


Route manipulates the kernel’s IP routing tables. Its primary use is to set up static routes to specific hosts or networks via an interface after it has been configured with the ifconfig(8) program.

When the add or del options are used, route modifies the routing tables. Without these options, route displays the current contents of the routing tables.


-A family

use the specified address family (eg ’inet’; use ’route --help’ for a full list).


operate on the kernel’s FIB (Forwarding Information Base) routing table. This is the default.


operate on the kernel’s routing cache.


select verbose operation.


show numerical addresses instead of trying to determine symbolic host names. This is useful if you are trying to determine why the route to your nameserver has vanished.


use netstat(8)-format for displaying the routing table. -ee will generate a very long line with all parameters from the routing table.


delete a route.


add a new route.


the destination network or host. You can provide IP addresses in dotted decimal or host/network names.


the target is a network.


the target is a host.

netmask NM

when adding a network route, the netmask to be used.

gw GW

route packets via a gateway. NOTE: The specified gateway must be reachable first. This usually means that you have to set up a static route to the gateway beforehand. If you specify the address of one of your local interfaces, it will be used to decide about the interface to which the packets should be routed to. This is a BSDism compatibility hack.

metric M

set the metric field in the routing table (used by routing daemons) to M.

mss M

set the TCP Maximum Segment Size (MSS) for connections over this route to M bytes. The default is the device MTU minus headers, or a lower MTU when path mtu discovery occurred. This setting can be used to force smaller TCP packets on the other end when path mtu discovery does not work (usually because of misconfigured firewalls that block ICMP Fragmentation Needed)

window W

set the TCP window size for connections over this route to W bytes. This is typically only used on AX.25 networks and with drivers unable to handle back to back frames.

irtt I

set the initial round trip time (irtt) for TCP connections over this route to I milliseconds (1-12000). This is typically only used on AX.25 networks. If omitted the RFC 1122 default of 300ms is used.


install a blocking route, which will force a route lookup to fail. This is for example used to mask out networks before using the default route. This is NOT for firewalling.

mod, dyn, reinstate

install a dynamic or modified route. These flags are for diagnostic purposes, and are generally only set by routing daemons.

dev If

force the route to be associated with the specified device, as the kernel will otherwise try to determine the device on its own (by checking already existing routes and device specifications, and where the route is added to). In most normal networks you won’t need this.

If dev If is the last option on the command line, the word dev may be omitted, as it’s the default. Otherwise the order of the route modifiers (metric - netmask - gw - dev) doesn’t matter.




The output of the kernel routing table is organized in the following columns

The destination network or destination host.


The gateway address or ’*’ if none set.


The netmask for the destination net; ’’ for a host destination and ’’ for the default route.


Possible flags include

U (route is up)
(target is a host)
(use gateway)
(reinstate route for dynamic routing)
(dynamically installed by daemon or redirect)
(modified from routing daemon or redirect)
(installed by addrconf)
(cache entry)
(reject route)


The ’distance’ to the target (usually counted in hops). It is not used by recent kernels, but may be needed by routing daemons.


Number of references to this route. (Not used in the Linux kernel.)


Count of lookups for the route. Depending on the use of -F and -C this will be either route cache misses (-F) or hits (-C).


Interface to which packets for this route will be sent.


Default maximum segment size for TCP connections over this route.


Default window size for TCP connections over this route.


Initial RTT (Round Trip Time). The kernel uses this to guess about the best TCP protocol parameters without waiting on (possibly slow) answers.

HH (cached only)

The number of ARP entries and cached routes that refer to the hardware header cache for the cached route. This will be -1 if a hardware address is not needed for the interface of the cached route (e.g. lo).

Arp (cached only)

Whether or not the hardware address for the cached route is up to date.


Route for Linux was originally written by Fred N. van Kempen, <waltje[:at:][:dot:]org> and then modified by Johannes Stille and Linus Torvalds for pl15. Alan Cox added the mss and window options for Linux 1.1.22. irtt support and merged with netstat from Bernd Eckenfels.

see also

ifconfig , netstat , arp , rarp


Currently maintained by Phil Blundell <Philip.Blundell[:at:]pobox[:dot:]com> and Bernd Eckenfels <net-tools[:at:]lina.inka[:dot:]de>.

How can this site be more helpful to YOU ?

give  feedback