Static Routing with Linux
Overview
Note: The NetFoundry zLAN firewall does not manage static routing. Customers must configure and manage their own routes using standard Linux tools. This guide provides step-by-step instructions for managing static routes with the
ipcommand.
What is a Static Route?
A static route is a manually configured network route that tells the system how to reach a specific network or IP address using a designated path (gateway). Static routes do not change automatically, and are commonly used when:
- Connecting to remote networks via a specific gateway
- Isolating traffic through certain interfaces
- Working with networks not reachable via the default route
Viewing Existing Routes
To view the current routing table:
ip route show
Example output:
default via 192.168.1.1 dev eth0
192.168.1.0/24 dev eth0 proto kernel scope link src 192.168.1.100
Explanation:
default via 192.168.1.1 dev eth0: All traffic not matched by more specific rules will go through 192.168.1.1 oneth0.192.168.1.0/24 dev eth0: Traffic to the 192.168.1.0/24 network is sent directly via the local interfaceeth0.
Adding a Static Route
To add a static route:
sudo ip route add <destination> via <gateway> dev <interface>
Examples:
- Add a route to a remote network:
sudo ip route add 10.0.2.0/24 via 192.168.1.1 dev eth0 - Add a route to a single host:
sudo ip route add 203.0.113.50 via 192.168.1.1 dev eth0 - Use a specific source IP:
sudo ip route add 10.10.20.0/24 via 192.168.1.1 dev eth0 src 192.168.1.100
Deleting a Static Route
To remove a static route:
sudo ip route del <destination> via <gateway> dev <interface>
Or, if there’s only one matching route for that destination:
sudo ip route del <destination>
Making Routes Persistent
By default, routes added with ip route are not persistent—they are lost after a reboot.
- Ubuntu/Debian
- RedHat/CentOS/Rocky/AlmaLinux
Netplan
Newer Ubuntu and Debian versions use Netplan for network configuration. To create a persistent static route:
- Find your Netplan config file (e.g.
/etc/netplan/01-netcfg.yaml) - Edit it to include the static route:
network:
version: 2
ethernets:
eth0:
dhcp4: no
addresses:
- 192.168.1.100/24
gateway4: 192.168.1.1
routes:
- to: 10.0.2.0/24
via: 192.168.1.1 - Apply the changes:
sudo netplan apply
You can add multiple routes under the
routes:list.
Legacy ifupdown
If your system uses the older /etc/network/interfaces method:
iface eth0 inet static
address 192.168.1.100
netmask 255.255.255.0
gateway 192.168.1.1
up ip route add 10.0.2.0/24 via 192.168.1.1 dev eth0
Create or edit the file /etc/sysconfig/network-scripts/route-eth0:
10.0.2.0/24 via 192.168.1.1 dev eth0
Restart networking:
sudo systemctl restart network
Summary of Commands
| Action | Command Example |
|---|---|
| View routes | ip route show |
| Add route to network | sudo ip route add 10.0.2.0/24 via 192.168.1.1 dev eth0 |
| Add route to host | sudo ip route add 203.0.113.50 via 192.168.1.1 dev eth0 |
| Delete a route | sudo ip route del 10.0.2.0/24 via 192.168.1.1 dev eth0 |
| Persistent (Ubuntu/Debian) | Add route to routes: section in /etc/netplan/*.yaml or use up ip route add ... in /etc/network/interfaces |
| Persistent (RedHat/CentOS/Rocky/AlmaLinux) | Use /etc/sysconfig/network-scripts/route-<interface> |
Troubleshooting Tips
- Use
ip route get <IP>to see which path a packet will take:ip route get 10.0.2.10 - Check available interfaces:
ip link show - Confirm that the gateway is reachable:
ping <gateway-ip> - Use
traceroute <ip>to see the path packets are taking:sudo apt install traceroute # Debian/Ubuntu
sudo yum install traceroute # RHEL/CentOS
traceroute 10.0.2.10