route
show / manipulate the IP routing table
see also :
ifconfig - netstat - arp - rarp
Synopsis
route
[-CFvnee]
route
[-v] [-A family] add
[-net|-host] target
[netmask Nm] [gw Gw] [metric N]
[mss M] [window W] [irtt I]
[reject] [mod] [dyn] [reinstate]
[[dev] If]
route
[-v] [-A family] del
[-net|-host] target [gw Gw]
[netmask Nm] [metric N] [[dev] If]
route
[-V] [--version]
[-h] [--help]
add an example, a script, a trick and tips
examples
route add -net 127.0.0.0 netmask 255.0.0.0 dev lo
adds the normal loopback entry, using netmask 255.0.0.0 and
associated with the "lo" device (assuming this device was
previously set up correctly with ifconfig(8)).
route add -net 192.56.76.0 netmask 255.255.255.0 dev eth0
adds a route to the local network 192.56.76.x via "eth0". The
word "dev" can be omitted here.
route del default
deletes the current default route, which is labeled "default" or
0.0.0.0 in the destination field of the current routing table.
route add default gw mango-gw
adds a default route (which will be used if no other route
matches). All packets using this route will be gatewayed through
"mango-gw". The device which will actually be used for that route
depends on how we can reach "mango-gw" - the static route to
"mango-gw" will have to be set up before.
route add ipx4 sl0
Adds the route to the "ipx4" host via the SLIP interface
(assuming that "ipx4" is the SLIP host).
route add -net 192.57.66.0 netmask 255.255.255.0 gw ipx4
This command adds the net "192.57.66.x" to be gatewayed through
the former route to the SLIP interface.
route add -net 224.0.0.0 netmask 240.0.0.0 dev eth0
This is an obscure one documented so people know how to do it.
This sets all of the class D (multicast) IP routes to go via
"eth0". This is the correct normal configuration line with a
multicasting kernel.
route add -net 10.0.0.0 netmask 255.0.0.0 reject
This installs a rejecting route for the private network
"10.x.x.x."
source
init_route() {
echo route: Plugin loaded
}
newif_route() {
ROUTE_CMDS=true
ROUTE_CLEANUP=
ROUTE_CLEANUP=
}
route() {
ROUTE_CMDS="$ROUTE_CMDS ; ip
route add $*"
ROUTE_CLEANUP="ip route del $*;
$ROUTE_CLEANUP"
source
How can I ping via an alternate gateway?
Sorry, you can only have one default gateway.
You can have multiple gateways, but only one for every network.
The problem is, that both mentioned IPs are in the same network.
Also you specified your CIDRs wrongly: You meant 10.1.1.0/24 as
having a subnet of 255.255.255.0; or even have a bigger subnet
e.g. 10.0.0.0/8 as being 255.0.0.0.
You can therefore ping any host inside your network (10.0.0.0/8)
or any host reachable via a (or the) gateway. But having two
gateways for the same network is not possible.
source
How do I setup Ubuntu/Linux's Network manager to selectively route network traffic through the VPN?
I'm assuming the pptp software is setting your default route to
ppp0.
You can either tweak your routes after your connection
or
you could try removing the 'defaultroute' directive from the pptp
config file (possibly /etc/ppp/ppp.conf)
source
How to route somehost to other host with some port on linux?
Shorewall routes. (FAQ)
You want to redirect all local google.com connection requests to
a server running in your local zone at 127.0.0.1 and listening on
port 333. Your local interface is eth1.
Disclaimer; I've not done exactly this with Shorewall, so
modified an example Squid server setup:
-
Add this entry to your /etc/shorewall/providers file.
#NAME NUMBER MARK DUPLICATE INTERFACE GATEWAY OPTIONS
foo 1 202 - eth1 127.0.0.1 loose
-
In /etc/shorewall/tcrules add:
#MARK SOURCE DEST PROTO DEST
# PORT(S)
202:P net:google.com 0.0.0.0/0 tcp 80
-
In /etc/shorewall/interfaces :
#ZONE INTERFACE BROADCAST OPTIONS
loc eth1 detect routeback
-
On localhost, arrange for the following command to be
executed after networking has come up
iptables -t nat -A PREROUTING -i eth0 -d ! 127.0.0.1 -p tcp --dport 80 -j REDIRECT --to-ports 333
source
How to route only specific subnet (source ip) to a particular interface?
You must use the route command. For example if you want to route
all ip of 192.168.1.xxx to a particular device you have to use
the following command:
route add -net 192.168.1.0 netmask 255.255.255.0 dev eth0
With that command you say that all the packets sent from that
subnet must be sent to the eth0 interface. If you need to add
also a gateway for that connection you can use that:
route add -net 192.168.1.0 netmask 255.255.255.0 gw 192.168.1.1
source
Setup routing and iptables for new VPN connection to redirect **only** ports 80 and 443
routing per protocol is a tad complicated. Usually routing table
is used to check the gateway according to destination IP and use
either the openvpn or the 192.168.0.1 default gateway.
It would be easier to set up e.g. Squid http proxy on the other
end of the VPN and set browser to use the proxy.
You wouldn't use the iptables as it would change the destination
IP of the HTTP connection and it would not work.
You could create a new routing table (/etc/iproute2/rt_tables)
with default route set to the VPN endpoint, use iptables fwmark (
-j MARK ) to mark all the HTTP packets and then use ip
rule to create a custom rule for the marked packages to use
the new routing table.
source
iptables vs route
route is a command that displays, adds and deletes
entries from the kernel's TCP/IP routing table (aka "Forwarding
Information Base").
iptables is a command that displays, adds, and
deletes entries from Netfilter, the Linux kernel's packet
filtering and manipulating subsystem. It handles NAT.
Since IP forwarding, i.e. routing, is basically rewriting a
packet with a different source address and shipping it out of a
different network interface, I believe you could technically do
static routing with the proper iptables rules in the
mangle table, but I believe it's generally fastest
to let the routing part of the kernel do that.
There are many diagrams that are out there that illustrate
exactly how a TCP/IP packet traverses the kernel (including
Netfilter and the routing facility) - an example is this:
http://www.adminsehow.com/2011/09/iptables-packet-traverse-map/
source
How do I display the route to a website (eg www.google.com)?
traceroute. See here for all the options.
EDIT: Essentially, when your computer wants to
visit a web page, there is generally no direct path that you can
take, and it must go through a series of hops. When you run the
traceroute command, it simply prints the hops. Usually, this
process takes fractions of a second, but sometimes, if there is a
failure point, it may never complete.
In those cases, traceroute is used to figure out the point of
failure. One will see the hops made, and can in many cases
conclude that it is the fault of the last hop. Unfortunately, if
there were a way around this failed node, it most probably would
have been found by the routing algorithm itself, so generally you
just have to wait for someone to fix the server.
source
Is there any alternative to virtualization for handling two different interfaces, different networks and same IP range?
If both the network address and subnet masks for the two separate
networks are identical, your network is misconfigured in a way
that defeats the basic intent of IP-routing.
I would renumber one of the networks.
source
2 gateways 1 nic Ubuntu
Connection Properties -> TCP/IP Properties -> Default
Gateways -> Add (separated by metrics
ip route add default via 192.168.192.253 dev eth0
but have access from two external IP addresses
Are they assigned to the router, or directly to the PC? (I'm
guessing the former, in which case you have to configure the
router...)
If the addresses belonged to the computer itself, you could use
ip addr add.
source
Seting up IPTables to forward multiple GoPro cameras
You're looking for something like:
iptables -t nat -A PREROUTING -p tcp --dport 80 -j REDIRECT --to-port 10.5.5.9:80
However as each of your wifi adapters has the same IP this won't
work because your routing table will be fubar.
To get this working you need to force each wifi adapter to have a
unique address on the 10.5.5.0 network and then also set up your
routing appropriately:
route add -host <CAMERA IP> gw <WLAN INTERFACE ADDRESS> dev <WLAN INTERFACE DEV>
You'd setup each interface something like so:
ifconfig wlan0 <WLAN IF ADDR> -pointopoint <CAMERA ADDR>
And that should setup the route for you, if not use the "route"
command above.
description
Route
manipulates the kernel’s IP routing tables. Its
primary use is to set up static routes to specific hosts or
networks via an interface after it has been configured with
the ifconfig(8) program.
When the
add or del options are used, route
modifies the routing tables. Without these options,
route displays the current contents of the routing
tables.
options
-A
family
use the specified address
family (eg ’inet’; use ’route
--help’ for a full list).
-F
operate on the kernel’s FIB (Forwarding
Information Base) routing table. This is the default.
-C
operate on the kernel’s routing cache.
-v
select verbose operation.
-n
show numerical addresses instead of trying to determine
symbolic host names. This is useful if you are trying to
determine why the route to your nameserver has vanished.
-e
use netstat(8)-format for displaying the
routing table. -ee will generate a very long
line with all parameters from the routing table.
del
delete a route.
add
add a new route.
target
the destination network or host. You can provide IP
addresses in dotted decimal or host/network names.
-net
the target is a network.
-host
the target is a host.
netmask NM
when adding a network route,
the netmask to be used.
gw GW
route packets via a gateway. NOTE: The specified
gateway must be reachable first. This usually means that you
have to set up a static route to the gateway beforehand. If
you specify the address of one of your local interfaces, it
will be used to decide about the interface to which the
packets should be routed to. This is a BSDism compatibility
hack.
metric M
set the metric field in the
routing table (used by routing daemons) to M.
mss M
set the TCP Maximum Segment Size (MSS) for connections
over this route to M bytes. The default is the device MTU
minus headers, or a lower MTU when path mtu discovery
occurred. This setting can be used to force smaller TCP
packets on the other end when path mtu discovery does not
work (usually because of misconfigured firewalls that block
ICMP Fragmentation Needed)
window W
set the TCP window size for
connections over this route to W bytes. This is typically
only used on AX.25 networks and with drivers unable to
handle back to back frames.
irtt I
set the initial round trip time (irtt) for TCP
connections over this route to I milliseconds (1-12000).
This is typically only used on AX.25 networks. If omitted
the RFC 1122 default of 300ms is used.
reject
install a blocking route, which will force a route
lookup to fail. This is for example used to mask out
networks before using the default route. This is NOT for
firewalling.
mod, dyn, reinstate
install a dynamic or modified
route. These flags are for diagnostic purposes, and are
generally only set by routing daemons.
dev If
force the route to be associated with the specified
device, as the kernel will otherwise try to determine the
device on its own (by checking already existing routes and
device specifications, and where the route is added to). In
most normal networks you won’t need this.
If dev
If is the last option on the command line, the word
dev may be omitted, as it’s the default.
Otherwise the order of the route modifiers (metric - netmask
- gw - dev) doesn’t matter.
files
/proc/net/ipv6_route
/proc/net/route
/proc/net/rt_cache
output
The output of the kernel routing table is organized in the
following columns
Destination
The destination network or destination host.
Gateway
The gateway address or ’*’ if none set.
Genmask
The netmask for the destination net; ’255.255.255.255’ for a host
destination and ’0.0.0.0’ for the default route.
Flags
Possible flags include
U (route is up)
H (target is a host)
G (use gateway)
R (reinstate route for dynamic routing)
D (dynamically installed by daemon or redirect)
M (modified from routing daemon or redirect)
A (installed by addrconf)
C (cache entry)
! (reject route)
Metric
The ’distance’ to the target (usually counted in hops). It is not
used by recent kernels, but may be needed by routing daemons.
Ref
Number of references to this route. (Not used in the Linux
kernel.)
Use
Count of lookups for the route. Depending on the use of -F and -C
this will be either route cache misses (-F) or hits (-C).
Iface
Interface to which packets for this route will be sent.
MSS
Default maximum segment size for TCP connections over this route.
Window
Default window size for TCP connections over this route.
irtt
Initial RTT (Round Trip Time). The kernel uses this to guess
about the best TCP protocol parameters without waiting on
(possibly slow) answers.
HH (cached only)
The number of ARP entries and cached routes that refer to the
hardware header cache for the cached route. This will be -1 if a
hardware address is not needed for the interface of the cached
route (e.g. lo).
Arp (cached only)
Whether or not the hardware address for the cached route is up to
date.
history
Route
for Linux was originally written by Fred N. van Kempen,
<waltje[:at:]uwalt.nl.mugnet[:dot:]org> and then modified by
Johannes Stille and Linus Torvalds for pl15. Alan Cox added
the mss and window options for Linux 1.1.22. irtt support
and merged with netstat from Bernd Eckenfels.
see also
ifconfig ,
netstat , arp , rarp
author
Currently
maintained by Phil Blundell
<Philip.Blundell[:at:]pobox[:dot:]com> and Bernd Eckenfels
<net-tools[:at:]lina.inka[:dot:]de>.