Red Hat Training
A Red Hat training course is available for Red Hat Enterprise Linux
4.5. Configuring Static Routes in ifcfg files
Static routes set using ip commands at the command prompt will be lost if the system is shutdown or restarted. To configure static routes to be persistent after a system restart, they must be placed in per-interface configuration files in the
/etc/sysconfig/network-scripts/
directory. The file name should be of the format route-interface
. There are two types of commands to use in the configuration files:
Static Routes Using the IP Command Arguments Format
If required in a per-interface configuration file, for example
/etc/sysconfig/network-scripts/route-enp1s0
, define a route to a default gateway on the first line. This is only required if the gateway is not set through DHCP
and is not set globally in the /etc/sysconfig/network
file:
default via 192.168.1.1 dev
interface
where 192.168.1.1 is the
IP
address of the default gateway. The interface is the interface that is connected to, or can reach, the default gateway. The dev
option can be omitted, it is optional. Note that this setting takes precedence over a setting in the /etc/sysconfig/network
file.
If a route to a remote network is required, a static route can be specified as follows. Each line is parsed as an individual route:
10.10.10.0/24 via 192.168.1.1 [dev
interface]
where 10.10.10.0/24 is the network address and prefix length of the remote or destination network. The address 192.168.1.1 is the
IP
address leading to the remote network. It is preferably the next hop address but the address of the exit interface will work. The “next hop” means the remote end of a link, for example a gateway or router. The dev
option can be used to specify the exit interface interface but it is not required. Add as many static routes as required.
The following is an example of a
route-interface
file using the ip command arguments format. The default gateway is 192.168.0.1
, interface enp1s0 and a leased line or WAN connection is available at 192.168.0.10
. The two static routes are for reaching the 10.10.10.0/24
network and the 172.16.1.10/32
host:
default via 192.168.0.1 dev enp1s0 10.10.10.0/24 via 192.168.0.10 dev enp1s0 172.16.1.10/32 via 192.168.0.10 dev enp1s0
In the above example, packets going to the local
192.168.0.0/24
network will be directed out the interface attached to that network. Packets going to the 10.10.10.0/24
network and 172.16.1.10/32
host will be directed to 192.168.0.10
. Packets to unknown, remote, networks will use the default gateway therefore static routes should only be configured for remote networks or hosts if the default route is not suitable. Remote in this context means any networks or hosts that are not directly attached to the system.
For
IPv6
configuration, an example of a route6-interface
file in ip route
format:
2001:db8:1::/48 via 2001:db8::1 metric 2048 2001:db8:2::/48
Specifying an exit interface is optional. It can be useful if you want to force traffic out of a specific interface. For example, in the case of a VPN, you can force traffic to a remote network to pass through a tun0 interface even when the interface is in a different subnet to the destination network.
The
ip route
format can be used to specify a source address. For example:
10.10.10.0/24 via 192.168.0.10 src 192.168.0.2
To define an existing policy-based routing configuration, which specifies multiple routing tables, see Section 4.5.1, “Understanding Policy-routing”.
Important
If the default gateway is already assigned by
DHCP
and if the same gateway with the same metric is specified in a configuration file, an error during start-up, or when bringing up an interface, will occur. The follow error message may be shown: "RTNETLINK answers: File exists". This error may be ignored.
Static Routes Using the Network/Netmask Directives Format
You can also use the network/netmask directives format for
route-interface
files. The following is a template for the network/netmask format, with instructions following afterwards:
ADDRESS0=10.10.10.0 NETMASK0=255.255.255.0 GATEWAY0=192.168.1.1
ADDRESS0=10.10.10.0
is the network address of the remote network or host to be reached.NETMASK0=255.255.255.0
is the netmask for the network address defined withADDRESS0=10.10.10.0
.GATEWAY0=192.168.1.1
is the default gateway, or anIP
address that can be used to reachADDRESS0=10.10.10.0
The following is an example of a
route-interface
file using the network/netmask directives format. The default gateway is 192.168.0.1
but a leased line or WAN connection is available at 192.168.0.10
. The two static routes are for reaching the 10.10.10.0/24
and 172.16.1.0/24
networks:
ADDRESS0=10.10.10.0 NETMASK0=255.255.255.0 GATEWAY0=192.168.0.10 ADDRESS1=172.16.1.10 NETMASK1=255.255.255.0 GATEWAY1=192.168.0.10
Subsequent static routes must be numbered sequentially, and must not skip any values. For example,
ADDRESS0
, ADDRESS1
, ADDRESS2
, and so on.
By default, forwarding packets from one interface to another, or out of the same interface, is disabled for security reasons.
This prevents the system acting as a router for external traffic. If you need the system to route external traffic, such as when sharing a connection or configuring a VPN server, you will need to enable IP forwarding. See the Red Hat Enterprise Linux 7 Security Guide for more details.
4.5.1. Understanding Policy-routing
Policy-routing
also known as source-routing, is a mechanism for more flexible routing configurations. Routing decisions are commonly made based on the destination IP address of a package. Policy-routing
allows more flexibility to select routes based on other routing properties, such as source IP address, source port, protocol type. Routing tables stores route information about networks. They are identified by either numeric values or names, which can be configured in the /etc/iproute2/rt_tables
file. The default table is identified with 254
. Using policy-routing
, you also need rules. Rules are used to select a routing table, based on certain properties of packets.
For initscripts, the routing table is a property of the route that can be configured through the table argument. The
ip route
format can be used to define an existing policy-based routing configuration, which specifies multiple routing tables:
10.10.10.0/24 via 192.168.0.10 table 1 10.10.10.0/24 via 192.168.0.10 table 2
To specify routing rules in initscripts, edit them to the
/etc/sysconfig/network-scripts/rule-enp1s0
file for IPv4
or to the /etc/sysconfig/network-scripts/rule6-enp1s0
file for IPv6
.
NetworkManager supports policy-routing, but rules are not supported yet. The rules must be configured by the user running a custom script. For each manual static route, a routing table can be selected:
ipv4.route-table
forIPv4
andipv6.route-table
forIPv6
.
By setting routes to a particular table, all routes from
DHCP
, autoconf6
, DHCP6
are placed in that specific table. In addition, all routes for subnets that have already configured addresses, are placed in the corresponding routing table. For example, if you configure the 192.168.1.10/24 address, the 192.168.1.0/24 subnet is contained in ipv4.route-table.
For more details about
policy-routing
rules, see the ip-rule(8)
man page. For routing tables, see the ip-route(8)
man page.