Help With Routing Question.

Home » CentOS » Help With Routing Question.
CentOS 8 Comments


We have a host that has multiple IPv4 addresses aliased to eth0. The primary address is 216.185.71.x and the alias is 192.168.6.x.

This host connects to devices on both netblocks without problems. Only default routing is used and it looks like this:

#ip route dev eth0 proto kernel scope link src 192.168.6.x dev eth0 proto kernel scope link src 216.185.71.x dev eth0 scope link metric 1002
default via dev eth0 src 192.168.6.x default via dev eth0

When the system connects to internal systems via SSH it uses the src
216.185.71.x for devices on that netblock and 192.168.6.x for devices on the other.

The problem is that when we try to establish an SSH connection off-site to another netblock altogether the host uses 192.168.6.x as the source and the destination gets the public side IP address of our gateway router as the point of origin due to masquerading.

I have solved this by explicitly binding SSH to the public ipv4 when connecting using the –bind!6.185.71.x parameter. But I have two questions I would like to find answers for

1. Why is SSH using the private IP in preference to the public IP when connecting to off-site addresses?

2. How does one configure the routing table on network startup to specifically detail the route particular addresses are supposed to take?

For diagnosis here are the ifcfg scripts used for both interfaces:



8 thoughts on - Help With Routing Question.

  • Because you have a default route for it.

    Not exactly sure how routing works with aliases on the same interface but the first thing I would try is the same as you would use on different interfaces. That is, leave the ‘GATEWAY=’ on your internet-facing etho, but remove the entry from the private eth0:192.
    Then add a route-eth0:192 file containing the network(s) and gateway for the private side. The source address it picks should be the one appropriate to reach the next-hop router specified in your routes.

  • Hi James,

    Antonio is correct. The default address is used when the destination address is not on a subnet that is on one of your local interfaces.

    Any packet destined for an address on the subnet will automatically be sent with a source address of

    Same with any packet destined for an address on the subnet will be sent with a source address of

    The kernel uses the first address on an interface as the primary address. You can see this if you just do ifconfig ifname, you will only see the first address you assign to the interface.

    Hope this helps, Steve

  • I created a file called /etc/sysconfig/network-scripts/route-eth0:192
    and in accordance with the instructions obtained at:

    I added these directives to the route-eth0:192 file:


    However, when I restart the network service I see this:

    service network restart Shutting down interface eth0: [ OK ]
    Shutting down loopback interface: [ OK ]
    Bringing up loopback interface: [ OK ]
    Bringing up interface eth0: Determining if ip address is already in use for device eth0… Determining if ip address 216.185.71.Y is already in use for device eth0… Determining if ip address is already in use for device eth0… RTNETLINK answers: Invalid argument
    [ OK ]

    If I comment out all the directives in route-eth0:192 then the Invalid argument error disappears so it is definitely the contents of the new file that is triggering the error. But I cannot see any obvious error and the syntax seems rather limited to hide any. Switching to the ip route syntax gives the same error: via dev eth0

    The ifcfg-eth0:192 file now contains:

    # Also see route-eth0:192

    Can anyone see what it is that I have done that is incorrect?

  • You don’t need an extra route for the range covered by your netmask. Your own interface can reach them directly and the route is implicit. I was assuming you had a more complicated private side with additional subnets behind the If that is not the case, you don’t need the route-* file at all or any GATEWAY mentioned for the private range.

  • But it still doesn’t matter. Your netmask in the ifcfg- file already covers that range and you don’t need another route/GATEWAY for it. You don’t need the route- file at all.

  • Thank you. I was grasping at straws in this case to solve a strange routing problem that turned out to be a misconfigured gateway firewall. It was a very odd error because it only affected one of our off-site net-blocks. So tracking it down cause a little more hair-pulling than usual.

    Fixed for now.

  • If you were to use ip route syntax, I believe you could set a Metric so you have a floating default route out the network. via metric 10

    There may be a way (though not mentioned in the docs below) to accomplish the same thing using network/netmask syntax you used in your example.

    Agreed, no need for a route file. Just pull the gateway line from the ifcfg file for the internal network.
    ( I’m just posting the syntax/alternatives for anybody else’s sake. )