How to Configure Static and Persistent Routes on Linux for Dual‑NIC Environments

Basic route commands

Use the route utility to add or delete host and network routes.

route add -host 192.168.1.11 dev eth0
route add -host 192.168.1.12 gw 192.168.1.1
route add -net 192.168.1.0/24 dev eth0
route add -net 192.168.1.0/24 gw 192.168.1.1
route add default gw 192.168.1.1
route del -host 192.168.1.11 dev eth0
route del default gw 192.168.1.1

Making routes persistent

rc.local : add the route add … lines directly.

route add -net 192.168.1.0/24 dev eth0
# or
route add -net 192.168.1.0 netmask 255.255.255.0 gw 192.168.1.1

/etc/sysconfig/network : set the default gateway. GATEWAY=192.168.1.1 /etc/sysconfig/static-routes : define static routes.

any net 192.168.1.0/24 gw 192.168.1.1
# or
any net 192.168.1.0 netmask 255.255.255.0 gw 192.168.1.1

IP forwarding (temporary): echo "1" > /proc/sys/net/ipv4/ip_forward Permanent: add net.ipv4.ip_forward=1 to /etc/sysctl.conf .

Experiment: Dual‑NIC host accessing both internal and external networks

Problem background

A Linux host with two NICs—one connected to an external ISP‑like network (10.0.0.0/16) and another to an internal network (172.16.2.0/24)—needs to reach the Internet and internal subnets (172.16.3.0/24, 172.16.4.0/24) simultaneously. With only one default gateway, placing it on the external NIC provides Internet access but blocks the other internal subnets; placing it on the internal NIC does the opposite.

Environment

VMware Workstation Pro

Four minimal CentOS 7.3 VMs

Huawei eNSP simulator

Topology

Network ranges used in the lab:

External (ISP) network: 10.0.0.0/16 Internal network: 172.16.0.0/16 Client NICs: 10.0.0.101/16 (eth0) and 172.16.2.101/24 (eth1)

Servers: 172.16.2.11, 172.16.3.11,

172.16.4.11

Configuring the eNSP router

<huawei>system-view
[int]g0/0/0
[Huawei-GigabitEthernet0/0/0]ip address 172.16.2.254 255.255.255.0
quit
[int]g0/0/1
[Huawei-GigabitEthernet0/0/1]ip address 172.16.3.254 255.255.255.0
quit
[int]g0/0/2
[Huawei-GigabitEthernet0/0/2]ip address 172.16.4.254 255.255.255.0
quit

VM IP configuration

client (eth0): 10.0.0.101/16, gateway 10.0.0.1 client (eth1): 172.16.2.101/24, no gateway (internal NIC)

server2 : 172.16.2.11/24, gateway 172.16.2.254 server3 : 172.16.3.11/24, gateway 172.16.3.254 server4 : 172.16.4.11/24, gateway

172.16.4.254

Running a simple HTTP service on server2

cd ~
echo "server2" > index.html
python -m SimpleHTTPServer 8080

Verification tests

Ping external site: ping www.baidu.com -c 4 Ping each internal server:

ping 172.16.2.11 -c 4
ping 172.16.3.11 -c 4
ping 172.16.4.11 -c 4

Access HTTP pages:

curl http://www.baidu.com/
curl http://172.16.2.11:8080/index.html
curl http://172.16.3.11:8080/index.html
curl http://172.16.4.11:8080/index.html

Observations

When the default gateway is set on the external NIC, the client can reach the Internet and the 172.16.2.0/24 subnet (its own internal network) but cannot reach 172.16.3.0/24 or 172.16.4.0/24. Packets for those subnets are sent to the external default gateway, which has no route to them, resulting in “network unreachable”.

Routing fix

Add a static route that covers the whole internal range via the internal router: route add -net 172.16.0.0/16 gw 172.16.2.254 For persistence, place the same line in /etc/rc.local. After adding the route, the client can ping and curl all internal servers while still accessing the external Internet.

Key takeaway

A single static route directing all internal subnets to the internal router is sufficient to enable a dual‑NIC Linux host to communicate with both its internal and external networks. Understanding how the routing table selects the default gateway versus specific routes is essential for correct network design.