A wrong default route makes a Linux host send outbound traffic through the wrong gateway or interface when no more specific route matches the destination. Confirming the fallback path is a fast check before blaming DNS, firewalls, package repositories, or remote services.
The ip route show default command reads the default entry from the main routing table. The ip route get command asks the kernel route lookup for one destination and returns the chosen next hop, outgoing interface, and source address.
VPN clients, multiple uplinks, VRFs, and source-based rules can steer traffic before the main table's default route is used. When the route returned for a destination does not match the expected gateway or interface, list ip rule entries next and check IPv6 separately with ip -6 route show default if the affected traffic is dual-stack.
Related: How to show routes in Linux
Related: How to troubleshoot a Linux network outage
Related: How to add a static route in Linux
Steps to check the default route in Linux:
- Display the IPv4 default route from the main routing table.
$ ip route show default default via 192.0.2.1 dev eth0 proto dhcp src 192.0.2.40 metric 100
Read via as the next-hop gateway and dev as the outgoing interface. If several default routes appear in the same table, the lower metric is usually preferred, but policy rules can choose another table first.
- Ask the kernel which route it would use for an external destination.
$ ip route get 203.0.113.50 203.0.113.50 via 192.0.2.1 dev eth0 src 192.0.2.40 uid 1000 cacheUse a numeric destination so DNS lookup delays or resolver failures do not hide the route decision. The via, dev, and src fields show the gateway, interface, and source address selected for that destination.
Tool: Route Table Longest Match Checker - List routing policy rules when the selected route does not match the expected default path.
$ ip rule show 0: from all lookup local 32766: from all lookup main 32767: from all lookup default
Rules run from lower priority numbers to higher priority numbers. A custom rule with a number lower than 32766 can direct matching traffic to another routing table before the main table is checked. Run ip -6 route show default separately when IPv6 traffic matters because IPv4 and IPv6 default routes are maintained independently.
Mohd Shakir Zakaria is a cloud architect with deep roots in software development and open-source advocacy. Certified in AWS, Red Hat, VMware, ITIL, and Linux, he specializes in designing and managing robust cloud and on-premises infrastructures.
