How To Enable Networking In Xen Guests On Hetzner's New EQ Servers (Debian Lenny)

Version 1.0
Author: Falko Timme
This tutorial shows how you can enable networking in Xen guests (domU) on Hetzner's new EQ servers. With the new EQ servers, you can get up to three additional IPs that are in the same subnet as the server's main IP. The problem is that these additional IPs are bound to the MAC address of the host system (dom0) - Hetzner's routers will dump IP packets if they come from an unknown MAC address. This means we cannot use Xen's bridged mode, but must switch to Xen's routed mode where the host system (dom0) acts as the gateway for the guests.

I do not issue any guarantee that this will work for you!


1 Preliminary Note

I'm assuming that you set up Xen on the EQ server (running Debian Lenny) according to this tutorial: Virtualization With Xen On Debian Lenny (AMD64).

I have an existing Xen guest on the server, I've moved it over from another server where it was running in bridged mode. Now I need to configure the routed mode.

  • IP of the EQ server (dom0):
  • Gateway:
  • Netmask:
  • Additonal IP that will be used for (domU):


2 Configure The Host System (dom0)


Open /etc/sysctl.conf and make sure you have the following lines in it:

vi /etc/sysctl.conf



sysctl -p

to read in the new configuration.

Now open /etc/xen/xend-config.sxp and comment out the (network-script network-bridge) and (vif-script vif-bridge) lines and add (network-script network-route) and (vif-script vif-route) instead:

vi /etc/xen/xend-config.sxp
#(network-script network-bridge)
#(vif-script vif-bridge)
(network-script network-route)
(vif-script     vif-route)

Open the configuration file of your Xen guest (in this example it's /etc/xen/ and make sure it has the correct IP address in it ( in this example):

vi /etc/xen/
#  Networking
vif  = [ 'ip=' ]

Next edit /etc/network/interfaces. Comment out the up route add -net line at the end - this isn't needed. The file should look similar to this one:

vi /etc/network/interfaces
### Hetzner Online AG - installimage
# Loopback device:
auto lo
iface lo inet loopback

# device: eth0
auto  eth0
iface eth0 inet static

# default route to access subnet
#up route add -net netmask gw eth0

Now reboot the server:



3 Configure The Guest System


After the reboot, please start the guest system, e.g. as follows:

xm create /etc/xen/

Then connect to its console:

xm console


Now in the guest system, open /etc/network/interfaces...

vi /etc/network/interfaces

... and make it look as follows:

# This file describes the network interfaces available on your system
# and how to activate them. For more information, see interfaces(5).

# The loopback network interface
auto lo
iface lo inet loopback

# The primary network interface
auto eth0
iface eth0 inet static

The address line contains the IP of the guest; the gateway line must contain the IP address of the host system (dom0) (, not the host system's gateway (! The netmask is the same that is used by the host system.

That's it! now we can restart the guest from the host system:


xm reboot

Afterwards you should be able to connect to the guest and to ping it, and you should also be able to ping other hosts from inside the guest.


5 Comment(s)

hello my friend i have a dedicated on hetzner  i have same problem with virtualbox bridget conection i have 2 virtualbox work only in nat mode nat mode is bad . statics ip can you help me please with a tutorial for virtualbox in hetzner thank you ..

By: df

thank you, after hours of trying to set it all up it finally worked!

By: Piero Ottuzzi


I just bought a EX4 root server from Hetzner[1] and you can ask for additional IPs with different MAC for each one so this tutorial does not apply anymore.

Thanks for your work,


By: Kevin Blake

Thanks for this - this was invaluable to me when setting up a xen server on 4.2... Do you have any tips for 4.6?  I don't believe network-bridge or network-route are supported any more.

By: Nishit



I have installed Xen4Centos on Centos7 on hetzner server, having single NIC card with bridged network and have two VMs on that.


In one VM, I want to add two static IP one for webserver and one for mail server.


So I have created IP alias in guest VM, it was created but it was not pinging from outside public network or from the host.


So if you have any idea on how to add second IP in the guest VM then please let me know.


I have searched on Google but most of the tutorials had given example for one IP only.



Nishit Shah