Yep certainly you can.

Our main firewall has a routing table like this:

[root@shaggy /root]# route -n
Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
192.168.1.0     172.16.1.254    255.255.255.0   UG    0      0        0 eth1
172.16.1.0      0.0.0.0         255.255.255.0   U     0      0        0 eth1
217.158.83.0    0.0.0.0         255.255.255.0   U     0      0        0 eth0
127.0.0.0       0.0.0.0         255.0.0.0       U     0      0        0 lo
0.0.0.0         217.158.83.1    0.0.0.0         UG    0      0        0 eth0

The first rule says anything for 192.168.1.* should be sent to the router at

172.16.1.254 (our internal firewall).

The middle three routes are for each of the ip addresses on the machine, all

machines will have a route like this, on for each ip. They just tell the box

which networks are attached to which network card. So in this case 217.158.83.*

is attached to eth0.

The last line (0.0.0.0) is the default route, so anything that hasn’t matched

a rule above this in the table gets sent to 217.158.83.1. And it already knows

how to find 217.158.83.1 because of the previous 217.158.83.0 line.