How to Configure Persistent Static Routes and Dual‑NIC Routing on Linux

Linux routing configuration commands

1. Add host route

route add -host 192.168.1.11 dev eth0
route add -host 192.168.1.12 gw 192.168.1.1

2. Add network route

route add -net 192.168.1.11 netmask 255.255.255.0 eth0
route add -net 192.168.1.11 netmask 255.255.255.0 gw 192.168.1.1
route add -net 192.168.1.0/24 eth0
route add -net 192.168.1.0/24 gw 192.168.1.1

3. Add default gateway

route add default gw 192.168.1.1

4. Delete route

route del -host 192.168.1.11 dev eth0

5. Delete default route

route del default gw 192.168.1.1

Ways to configure permanent routes in Linux

1. Add routes to /etc/rc.local

route add -net 192.168.1.0/24 dev eth0
# or
route add -net 192.168.1.0 netmask 255.255.255.0 gw 192.168.1.1

2. Append to /etc/sysconfig/network

GATEWAY=[gateway IP or interface name]

3. Use /etc/sysconfig/static-routes

any net 192.168.1.0/24 gw 192.168.1.1
# or
any net 192.168.1.0 netmask 255.255.255.0 gw 192.168.1.1

4. Enable IP forwarding

Temporary echo "1" > /proc/sys/net/ipv4/ip_forward Permanent vim /etc/sysctl.conf Edit or add the line:

net.ipv4.ip_forward=1

Experiment: Dual‑NIC host using both internal and external networks

The experiment reproduces a scenario where a client with two NICs must access both an external ISP network (10.0.0.0/16) and an internal protected network (172.16.0.0/16). VMware Workstation Pro provides the virtual machines and Huawei eNSP supplies the internal routers.

Problem background

When the client’s default gateway is set on the external NIC, it can reach the external Internet and the 172.16.2.0/24 subnet, but other internal subnets (172.16.3.0/24, 172.16.4.0/24) are unreachable. When the default gateway is set on the internal NIC, the client can reach all internal subnets but cannot access the Internet.

Experimental environment

VMware Workstation Pro

Four minimal CentOS 7.3 VMs

Huawei eNSP simulator

Network topology

The client has two NICs: ens33 (10.0.0.101/16, gateway 10.0.0.1) for the external network and ens37 (172.16.2.101/24) for the internal network. Three internal servers (server2, server3, server4) reside in subnets 172.16.2.0/24, 172.16.3.0/24 and 172.16.4.0/24 respectively, each with its own gateway (172.16.x.254).

Configuring the internal network

In eNSP, configure a router with three interfaces:

G0/0/0 ip address 172.16.2.254 255.255.255.0
G0/0/1 ip address 172.16.3.254 255.255.255.0
G0/0/2 ip address 172.16.4.254 255.255.255.0

On each server, set the appropriate IP address and default gateway (e.g., server2: 172.16.2.11, gw 172.16.2.254).

Deploy a simple HTTP service on server2

cd ~
echo "server2" > index.html
python -m SimpleHTTPServer 8080

Verification tests

Ping external site: ping www.baidu.com -c 4 Ping each internal server:

ping 172.16.2.11 -c 4
ping 172.16.3.11 -c 4
ping 172.16.4.11 -c 4

Access HTTP services with curl:

curl http://www.baidu.com/
curl http://172.16.2.11:8080/index.html
curl http://172.16.3.11:8080/index.html
curl http://172.16.4.11:8080/index.html

Routing fix

On the client, add a route covering the whole internal network via the internal router: route add -net 172.16.0.0/16 gw 172.16.2.254 For a permanent solution, append the same command to /etc/rc.local. After adding the route, the client can reach both the Internet and all internal subnets.

The key insight is that a single default gateway cannot satisfy both external and internal traffic; an additional static route directs internal‑only traffic to the appropriate internal router.