Routing Table
To display the routing table in numerical addresses, one would use the “route -n” command:
$ route -n
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
10.0.2.0 0.0.0.0 255.255.255.0 U 1 0 0 eth0
With iproute, the equivalent command is “ip route show”:
$ ip route show
10.0.2.0/24 dev eth0 proto kernel scope link src 10.0.2.15 metric 1
default via 10.0.2.2 dev eth0 proto static
Add or delete static routes from the Linux IP routing table.
You need to know the network/subnet you wish to reach, also the interface you wish this route to be added to, i.e., which interface to use to reach the subnet.
How to reach another network, 10.20.30.0/24, that is reachable via a router on the 192.168.1.0/24 network, 192.168.1.254.
The following ip route command would add the desired route to the kernel routing table:
ip route add 10.20.30.0/24 via 192.168.1.254 dev eth1
Note: eth1 is connected to 192.168.1.0/24
iptables rule for routing outside the range of the LAN.
LAN range - 192.168.1.0/24
Outside LAN IP - 10.0.4.2
To set a rule for routing incoming HTTP requests to a dedicated HTTP server at 10.0.4.2 (outside of the 192.168.1.0/24 range of the LAN), NAT calls a PREROUTING table to forward the packets to their proper destination:
iptables -t nat -A PREROUTING -i eth0 -p tcp –dport 80 -j DNAT –to-destination 10.0.4.2:80
iptables rules can be set to route traffic to certain machines, such as a dedicated HTTP or FTP server, in a demilitarized zone (DMZ) — a special local subnetwork dedicated to providing services on a public carrier such as the Internet.
With this command, all HTTP connections to port 80 from the outside of the LAN are routed to the HTTP server on a separate network from the rest of the internal network. This form of net work segmentation can prove safer than allowing HTTP connections to a machine on the network. If the HTTP server is configured to accept secure connections, then port 443 must be forwarded as well.
