Using a /32 Netmask on Linux

Despite what some simple Googling might imply, it's entirely possible to use a /32 as a netmask for an IP address on Linux. The important detail is that it can't be the primary IP address. That primary can be an RFC1918 address (i.e. nonrouteable on the Internet) but your default gateway needs to be able to route to you via something other than the /32.

Here's the setup. Assume a Cisco router on and a Linux server on The /32 we'll use is

On the server:

ip addr add dev eth0
ip addr add dev eth0

On the router:

interface FastEthernet0/1
ip address
ip route

At this point, you should be able to ping both and from the router.

The other step you may need to take is to add some routing on the Linux server to source from the address. Normally traffic that is received on that IP will reply with that IP, so that's fine, but for new traffic if you want the source to be the /32, you'll need a special route:

ip route add via src

See, I told you it was easy.



/etc/network/interfaces equivalent?

Thanks for this! But it would be brilliant if you could also say what the /etc/network/interfaces entry equivalent to those two ip commands is. ifupdown complains about "duplicate interface" if I have two iface eth0 entries, and "duplicate option" if I just put two address entries under the same iface eth0 stanza.

/etc/network/interfaces - like this?

Having searched around and fiddled with /etc/network/interfaces,

auto eth0
iface eth0 inet static

auto eth0:1
iface eth0:1 inet static

would seem to be the right thing for Debian/Ubuntu?

Subscribe to Comments for "Using a /32 Netmask on Linux" Subscribe to - All comments