How To Enable Networking In Xen Guests On Hetzner's New EQ Servers (Debian Lenny)

Version 1.0
Author: Falko Timme
Follow me on Twitter

This tutorial shows how you can enable networking in Xen guests (domU) on Hetzner's new EQ servers. With the new EQ servers, you can get up to three additional IPs that are in the same subnet as the server's main IP. The problem is that these additional IPs are bound to the MAC address of the host system (dom0) - Hetzner's routers will dump IP packets if they come from an unknown MAC address. This means we cannot use Xen's bridged mode, but must switch to Xen's routed mode where the host system (dom0) acts as the gateway for the guests.

I do not issue any guarantee that this will work for you!

 

1 Preliminary Note

I'm assuming that you set up Xen on the EQ server (running Debian Lenny) according to this tutorial: Virtualization With Xen On Debian Lenny (AMD64).

I have an existing Xen guest on the server, vm.example.com. I've moved it over from another server where it was running in bridged mode. Now I need to configure the routed mode.

  • IP of the EQ server (dom0): 188.40.103.70
  • Gateway: 188.40.103.65
  • Netmask: 255.255.255.192
  • Additonal IP that will be used for vm.example.com (domU): 188.40.103.103

 

2 Configure The Host System (dom0)

dom0:

Open /etc/sysctl.conf and make sure you have the following lines in it:

vi /etc/sysctl.conf
[...]
net.ipv4.conf.all.rp_filter=1
net.ipv4.icmp_echo_ignore_broadcasts=1

net.ipv4.ip_forward=1
net.ipv6.conf.all.forwarding=1
net.ipv4.conf.default.proxy_arp=1
[...]

Run

sysctl -p

to read in the new configuration.

Now open /etc/xen/xend-config.sxp and comment out the (network-script network-bridge) and (vif-script vif-bridge) lines and add (network-script network-route) and (vif-script vif-route) instead:

vi /etc/xen/xend-config.sxp
[...]
#(network-script network-bridge)
#(vif-script vif-bridge)
(network-script network-route)
(vif-script     vif-route)
[...]

Open the configuration file of your Xen guest (in this example it's /etc/xen/vm.example.com.cfg) and make sure it has the correct IP address in it (188.40.103.103 in this example):

vi /etc/xen/vm.example.com.cfg
[...]
#
#  Networking
#
vif  = [ 'ip=188.40.103.103' ]
[...]

Next edit /etc/network/interfaces. Comment out the up route add -net line at the end - this isn't needed. The file should look similar to this one:

vi /etc/network/interfaces
### Hetzner Online AG - installimage
# Loopback device:
auto lo
iface lo inet loopback

# device: eth0
auto  eth0
iface eth0 inet static
  address   188.40.103.70
  broadcast 188.40.103.127
  netmask   255.255.255.192
  gateway   188.40.103.65

# default route to access subnet
#up route add -net 188.40.103.64 netmask 255.255.255.192 gw 188.40.103.65 eth0

Now reboot the server:

reboot

 

3 Configure The Guest System

dom0:

After the reboot, please start the guest system, e.g. as follows:

xm create /etc/xen/vm.example.com.cfg

Then connect to its console:

xm console vm.example.com

domU:

Now in the guest system, open /etc/network/interfaces...

vi /etc/network/interfaces

... and make it look as follows:

# This file describes the network interfaces available on your system
# and how to activate them. For more information, see interfaces(5).

# The loopback network interface
auto lo
iface lo inet loopback

# The primary network interface
auto eth0
iface eth0 inet static
 address 188.40.103.103
 gateway 188.40.103.70
 netmask 255.255.255.192

The address line contains the IP of the guest; the gateway line must contain the IP address of the host system (dom0) (188.40.103.70), not the host system's gateway (188.40.103.65)! The netmask is the same that is used by the host system.

That's it! now we can restart the guest from the host system:

dom0:

xm reboot vm.example.com

Afterwards you should be able to connect to the guest and to ping it, and you should also be able to ping other hosts from inside the guest.

 

4 Links

Share this page:

5 Comment(s)