How to Set Up Static Routes on FreeBSD

This article covers everything you need to know about configuring static routes on FreeBSD systems, from basic concepts to advanced configurations, troubleshooting, and maintenance.
by İbrahim Korucuoğlu ( @siberoloji) |
Tags:
Categories:

  7 minute read  

Static routes are fundamental components of network configuration that direct traffic between different network segments. Unlike dynamic routing protocols that automatically adjust to network changes, static routes provide administrators with precise control over network traffic paths. On FreeBSD, an operating system known for its networking capabilities, setting up static routes is straightforward but requires careful planning and implementation.

This guide covers everything you need to know about configuring static routes on FreeBSD systems, from basic concepts to advanced configurations, troubleshooting, and maintenance.

Understanding Static Routes

Before diving into configuration, it’s important to understand what static routes are and when to use them.

What is a Static Route?

A static route is a manually configured path that tells the operating system how to reach a specific network destination. Each static route consists of:

  • A destination network (expressed as an IP address and subnet mask)
  • A gateway (the next hop router’s IP address)
  • Optional metrics (such as interface or preference values)

When to Use Static Routes

Static routes are ideal for:

  • Small networks with simple, rarely changing topologies
  • Connections to specific networks not advertised by dynamic routing protocols
  • Creating backup routes for critical connections
  • Overriding dynamic routing decisions for specific traffic
  • Security-sensitive environments where route predictability is preferred

Static vs. Dynamic Routing

While dynamic routing protocols like OSPF or BGP automatically discover and adapt to network changes, static routes:

  • Require manual configuration
  • Don’t adapt automatically to network topology changes
  • Have lower CPU and memory overhead
  • Provide better control over exact traffic paths
  • Are simpler to implement and troubleshoot in small networks

Prerequisites

Before configuring static routes on FreeBSD, ensure you have:

  • Root access to the FreeBSD system
  • Network connectivity to your gateway
  • Knowledge of your network topology, including IP addresses and subnet masks
  • Basic understanding of networking concepts

Viewing Current Routing Table

Before adding new routes, examine your current routing configuration:

netstat -rn

Or, using the more modern replacement:

route -n show

These commands display the routing table, including the default gateway and any existing static routes. The output will look similar to:

Routing tables

Internet:
Destination        Gateway            Flags     Netif   Expire
default            192.168.1.1        UGS       em0
127.0.0.1          link#2             UH        lo0
192.168.1.0/24     link#1             U         em0
192.168.1.10       link#1             UHS       lo0

Adding Static Routes Temporarily

To add a static route that persists until the next reboot:

route add -net 10.0.0.0/24 192.168.1.254

This command routes traffic destined for the 10.0.0.0/24 network through the gateway at 192.168.1.254.

You can also specify an interface rather than a gateway IP:

route add -net 10.0.0.0/24 -interface em1

For IPv6 routes:

route add -inet6 2001:db8::/64 fe80::1%em0

To add a host-specific route (for a single IP address):

route add 10.0.0.5 192.168.1.254

Adding Static Routes Permanently

For routes to persist across system reboots, you need to add them to the FreeBSD configuration files.

Method 1: Using /etc/rc.conf

The most common method is to add routes to /etc/rc.conf:

ee /etc/rc.conf

Add the following lines:

# Static routes
static_routes="net1 net2 host1"
route_net1="-net 10.0.0.0/24 192.168.1.254"
route_net2="-net 172.16.0.0/16 192.168.1.253"
route_host1="10.0.0.5 192.168.1.254"

This configuration:

  1. Defines a space-separated list of route names (net1, net2, host1)
  2. For each name, defines the route using standard route command syntax

Method 2: Using /etc/rc.d/routing start

You can manually trigger the routes defined in /etc/rc.conf without rebooting:

service routing restart

For simpler configurations, you can add route commands directly to /etc/rc.local:

ee /etc/rc.local

Add the route commands:

#!/bin/sh
route add -net 10.0.0.0/24 192.168.1.254
route add -net 172.16.0.0/16 192.168.1.253

Note: This method is generally less preferred as it can be harder to manage.

Setting Up the Default Route

The default route (also called the default gateway) handles traffic to destinations not explicitly defined in the routing table:

# Temporary default route
route add default 192.168.1.1

# Permanent default route in /etc/rc.conf
defaultrouter="192.168.1.1"

For IPv6:

# Temporary IPv6 default route
route add -inet6 default fe80::1%em0

# Permanent IPv6 default route in /etc/rc.conf
ipv6_defaultrouter="fe80::1%em0"

Advanced Static Route Configurations

Adding Routes with Metrics

You can set a metric (hop count) to indicate route preference:

route add -net 10.0.0.0/24 192.168.1.254 2

The above adds a route with a metric of 2. Lower metrics are preferred.

In /etc/rc.conf:

route_net1="-net 10.0.0.0/24 192.168.1.254 2"

Configuring Multiple Routes to the Same Destination

For simple failover or load balancing, you can add multiple routes to the same destination with different metrics:

route_primary="-net 10.0.0.0/24 192.168.1.254 1"
route_backup="-net 10.0.0.0/24 192.168.1.253 10"

The route with the lower metric (primary) will be used until it becomes unavailable.

Setting Up Null Routes

Null routes (blackhole routes) drop traffic to specific destinations:

route add -net 10.0.0.0/24 -blackhole

In /etc/rc.conf:

route_block="-net 10.0.0.0/24 -blackhole"

Creating Routes via Point-to-Point Interfaces

For point-to-point interfaces like PPP:

route add -net 10.0.0.0/24 -interface tun0

In /etc/rc.conf:

route_vpn="-net 10.0.0.0/24 -interface tun0"

Setting Up Routes for VLANs

If your FreeBSD system uses VLANs:

route add -net 10.0.0.0/24 192.168.1.254 -ifp vlan100

In /etc/rc.conf:

route_vlan="-net 10.0.0.0/24 192.168.1.254 -ifp vlan100"

Using Multiple Routing Tables (FIBs)

FreeBSD supports multiple routing tables (called FIBs - Forwarding Information Bases) for advanced routing scenarios:

  1. Enable multiple FIBs in the kernel configuration or loader.conf:
# In /boot/loader.conf
net.fibs=4         # Support for 4 routing tables (0-3)
net.add_addr_allfibs=0  # Don't add addresses to all FIBs
  1. Use the setfib command to execute commands in the context of a specific FIB:
setfib 1 route add -net 10.0.0.0/24 192.168.1.254
  1. Configure permanent routes for different FIBs in /etc/rc.conf:
static_routes_fib1="net1 net2"
route_fib1_net1="-net 10.0.0.0/24 192.168.1.254"
route_fib1_net2="-net 172.16.0.0/16 192.168.1.253"

Deleting Static Routes

To remove a static route temporarily:

route delete -net 10.0.0.0/24

To remove a host route:

route delete 10.0.0.5

For permanent removal, edit /etc/rc.conf and remove or comment out the corresponding route entries.

Verifying Route Configuration

After adding routes, verify they’ve been properly applied:

netstat -rn

For a specific network:

route -n get 10.0.0.1

This shows the exact path traffic will take to reach 10.0.0.1.

Testing Routes

Test your routes with ping to verify connectivity:

ping -c 3 10.0.0.1

For more advanced testing, traceroute shows the complete path:

traceroute 10.0.0.1

Troubleshooting Static Routes

Common Issues and Solutions

  1. Route not appearing in routing table:

    • Check syntax in /etc/rc.conf
    • Ensure the route name is included in static_routes
    • Restart the routing service: service routing restart

  2. Unable to reach destination despite route:

    • Verify the gateway is reachable: ping 192.168.1.254
    • Check interface status: ifconfig em0
    • Confirm the remote network allows return traffic

  3. Route works temporarily but disappears:

    • Ensure routes are properly configured in /etc/rc.conf
    • Check if any services or scripts are modifying routes
    • Verify DHCP isn’t overwriting your routes

  4. Multiple default routes causing issues:

    • FreeBSD uses the most specific route first
    • For multiple default routes, the first one added is used
    • Use metrics to control preference

Diagnostic Commands

These commands help diagnose routing problems:

# View detailed interface status
ifconfig -a

# View ARP table (Layer 2 address resolution)
arp -a

# Check connectivity to gateway
ping -c 3 192.168.1.254

# Trace packet path
traceroute 10.0.0.1

# Watch routing table changes in real-time
route -n monitor

# View socket statistics
netstat -s

# View detailed route information
route -n get 10.0.0.1

Routing with PF (Packet Filter)

FreeBSD’s firewall, PF, can interact with routing through policy-based routing rules:

# In /etc/pf.conf
table <internal> { 192.168.1.0/24 }
pass in on em0 from <internal> route-to (em1 10.0.0.1)

This rule routes traffic from the internal network through a specific interface and gateway.

Best Practices for Static Routes

  1. Document your routing configuration: Keep detailed documentation of routes, their purpose, and when they were added.

  2. Use meaningful route names: In /etc/rc.conf, use descriptive names like route_customer_network instead of route_net1.

  3. Test before implementation: Always test routing changes on non-production systems first.

  4. Monitor routing changes: Use monitoring tools to detect unexpected routing changes.

  5. Implement route security: Consider using PF rules to restrict which traffic can use specific routes.

  6. Regular maintenance: Periodically review routes to remove obsolete entries.

  7. Consider automation: For complex environments, use scripts to verify and update routes.

Integration with Network Management Tools

Consider using FreeBSD’s network management tools to help manage routes:

  • Netgraph: For complex routing scenarios
  • CARP: For redundant routing configurations
  • Monitoring tools like Nagios, Zabbix, or Prometheus to monitor route status

Conclusion

Static routes on FreeBSD provide a powerful way to control network traffic flow. From basic routing to complex multi-homed configurations, FreeBSD’s robust networking stack offers the flexibility and performance needed for a wide range of networking scenarios.

By following the procedures outlined in this guide, you can implement reliable static routing configurations that meet your network’s specific requirements. Remember that while static routes provide stability and control, they require manual updates when network topology changes occur.

For more complex routing needs, consider supplementing static routes with dynamic routing protocols like OSPF or BGP, which FreeBSD supports through packages like OpenOSPFD or OpenBGPD.

With proper planning, implementation, and maintenance, static routes can significantly enhance your FreeBSD system’s networking capabilities and provide the foundation for a robust network infrastructure.


< How to Optimize Network Performance with `sysctl` TuningHow to Use `pfctl` to Manage Firewall Rules >