Yep certainly you can.

Our main firewall has a routing table like this:

[root@shaggy /root]# route -n
Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface   UG    0      0        0 eth1   U     0      0        0 eth1   U     0      0        0 eth0       U     0      0        0 lo         UG    0      0        0 eth0

The first rule says anything for 192.168.1.* should be sent to the router at (our internal firewall).

The middle three routes are for each of the ip addresses on the machine, all

machines will have a route like this, on for each ip. They just tell the box

which networks are attached to which network card. So in this case 217.158.83.*

is attached to eth0.

The last line ( is the default route, so anything that hasn’t matched

a rule above this in the table gets sent to And it already knows

how to find because of the previous line.