How To Enable Networking In Xen Guests On Hetzner's New EQ Servers (Debian Lenny)
Author: Falko Timme
Follow me on Twitter
This tutorial shows how you can enable networking in Xen guests (domU) on Hetzner's new EQ servers. With the new EQ servers, you can get up to three additional IPs that are in the same subnet as the server's main IP. The problem is that these additional IPs are bound to the MAC address of the host system (dom0) - Hetzner's routers will dump IP packets if they come from an unknown MAC address. This means we cannot use Xen's bridged mode, but must switch to Xen's routed mode where the host system (dom0) acts as the gateway for the guests.
I do not issue any guarantee that this will work for you!
1 Preliminary Note
I'm assuming that you set up Xen on the EQ server (running Debian Lenny) according to this tutorial: Virtualization With Xen On Debian Lenny (AMD64).
I have an existing Xen guest on the server, vm.example.com. I've moved it over from another server where it was running in bridged mode. Now I need to configure the routed mode.
- IP of the EQ server (dom0): 126.96.36.199
- Gateway: 188.8.131.52
- Netmask: 255.255.255.192
- Additonal IP that will be used for vm.example.com (domU): 184.108.40.206
2 Configure The Host System (dom0)
Open /etc/sysctl.conf and make sure you have the following lines in it:
[...] net.ipv4.conf.all.rp_filter=1 net.ipv4.icmp_echo_ignore_broadcasts=1 net.ipv4.ip_forward=1 net.ipv6.conf.all.forwarding=1 net.ipv4.conf.default.proxy_arp=1 [...]
to read in the new configuration.
Now open /etc/xen/xend-config.sxp and comment out the (network-script network-bridge) and (vif-script vif-bridge) lines and add (network-script network-route) and (vif-script vif-route) instead:
[...] #(network-script network-bridge) #(vif-script vif-bridge) (network-script network-route) (vif-script vif-route) [...]
Open the configuration file of your Xen guest (in this example it's /etc/xen/vm.example.com.cfg) and make sure it has the correct IP address in it (220.127.116.11 in this example):
[...] # # Networking # vif = [ 'ip=18.104.22.168' ] [...]
Next edit /etc/network/interfaces. Comment out the up route add -net line at the end - this isn't needed. The file should look similar to this one:
### Hetzner Online AG - installimage # Loopback device: auto lo iface lo inet loopback # device: eth0 auto eth0 iface eth0 inet static address 22.214.171.124 broadcast 126.96.36.199 netmask 255.255.255.192 gateway 188.8.131.52 # default route to access subnet #up route add -net 184.108.40.206 netmask 255.255.255.192 gw 220.127.116.11 eth0
Now reboot the server:
3 Configure The Guest System
After the reboot, please start the guest system, e.g. as follows:
xm create /etc/xen/vm.example.com.cfg
Then connect to its console:
xm console vm.example.com
Now in the guest system, open /etc/network/interfaces...
... and make it look as follows:
# This file describes the network interfaces available on your system # and how to activate them. For more information, see interfaces(5). # The loopback network interface auto lo iface lo inet loopback # The primary network interface auto eth0 iface eth0 inet static address 18.104.22.168 gateway 22.214.171.124 netmask 255.255.255.192
The address line contains the IP of the guest; the gateway line must contain the IP address of the host system (dom0) (126.96.36.199), not the host system's gateway (188.8.131.52)! The netmask is the same that is used by the host system.
That's it! now we can restart the guest from the host system:
xm reboot vm.example.com
Afterwards you should be able to connect to the guest and to ping it, and you should also be able to ping other hosts from inside the guest.
- Xen: http://www.xensource.com/xen/
- Hetzner's EQ Servers: http://www.hetzner.de/en/hosting/produktmatrix/rootserver-produktmatrix/