How to add a static route in Linux

Static routes direct traffic for specific networks through chosen gateways, enabling access to additional internal subnets, VPNs, or separate WAN links without changing the default route. Using targeted routes keeps latency low and prevents all traffic from being forced through a single exit path.

On Linux, the kernel maintains a routing table that matches each packet’s destination address against configured prefixes. The iproute2 tools, particularly ip, manage these entries at runtime, while network configuration frameworks such as NetworkManager store routes that should be recreated automatically when interfaces come up.

Misconfigured routes can silently redirect traffic to the wrong gateway, break connectivity to certain networks, or override preferred paths. Changes typically require root or sudo privileges, and persistent configuration depends on the networking stack in use; the following procedure assumes a system using iproute2 and NetworkManager for IPv4 routing.

Steps to add a static route:

Open a terminal on the Linux host with access to an account that can use sudo.
```
$ whoami
root
```
View the current IPv4 routing table to understand existing routes and default gateways.
```
$ ip route
default via 172.17.0.1 dev eth0 
172.17.0.0/16 dev eth0 proto kernel scope link src 172.17.0.3 
192.0.2.0/24 dev eth0 proto kernel scope link src 192.0.2.40
```
The routing table decides where packets go based on the most specific matching prefix.
Determine the destination network, gateway address, and outgoing interface for the new static route.

Example values used below: destination 203.0.113.0/24 via gateway 192.0.2.1 on interface eth0.
Add the static route for the destination network using the chosen gateway and interface.
```
$ sudo ip route add 203.0.113.0/24 via 192.0.2.1 dev eth0
```
A route pointing at an unreachable or incorrect gateway can cause timeouts and make some networks appear down.
Confirm that the new static route appears in the routing table.
```
$ ip route show 203.0.113.0/24
203.0.113.0/24 via 192.0.2.1 dev eth0
```
The ip route show <prefix> form filters the table to only the route of interest.

Test connectivity to an IP address inside the destination network.

$ ping -c 2 203.0.113.50
PING 203.0.113.50 (203.0.113.50) 56(84) bytes of data.
64 bytes from 203.0.113.50: icmp_seq=1 ttl=64 time=0.022 ms
64 bytes from 203.0.113.50: icmp_seq=2 ttl=64 time=0.036 ms

--- 203.0.113.50 ping statistics ---
2 packets transmitted, 2 received, 0% packet loss, time 1047ms
rtt min/avg/max/mdev = 0.022/0.029/0.036/0.007 ms

Successful replies indicate that the static route is functioning for at least one host in the target network.

List NetworkManager connections to find the profile name associated with the interface that should carry the static route.
```
$ nmcli connection show
NAME                UUID                                  TYPE      DEVICE 
Wired connection 1  cb1575a0-534c-452f-9e47-fc813c7c5adf  ethernet  --
```
The NAME column contains the connection profile used later when persisting the route.
Add the static route to the IPv4 settings of the chosen NetworkManager connection so it is recreated on interface up.
```
$ sudo nmcli connection modify "Wired connection 1" +ipv4.routes "203.0.113.0/24 192.0.2.1"
```
The ipv4.routes property expects entries in the form <prefix> <gateway> and supports multiple routes.
Reactivate the NetworkManager connection so the persistent static route configuration is applied.
```
$ sudo nmcli connection up "Wired connection 1"
Error: Connection activation failed: No suitable device found for this connection (device lo not available because device is strictly unmanaged).
```
In containers or environments where NetworkManager does not manage the interface, enable management for the device before activating the profile.
Verify that the connection profile now lists the configured static route and that it appears in the routing table.
```
$ nmcli connection show "Wired connection 1" | grep ipv4.routes
ipv4.routes:                            { ip = 203.0.113.0/24, nh = 192.0.2.1 }

$ ip route show 203.0.113.0/24
203.0.113.0/24 via 192.0.2.1 dev eth0
```
The NetworkManager profile ensures the route survives reboots and interface flaps as long as the connection is active.
Remove the static route if it was added with incorrect parameters or is no longer required.
```
$ sudo ip route del 203.0.113.0/24 via 192.0.2.1 dev eth0
```
Removing the route immediately stops traffic from using that path, which can disrupt access to networks that rely on it.

Author: Mohd Shakir Zakaria
Mohd Shakir Zakaria is a cloud architect with deep roots in software development and open-source advocacy. Certified in AWS, Red Hat, VMware, ITIL, and Linux, he specializes in designing and managing robust cloud and on-premises infrastructures.