This is a translation of the Hetzner Dokuwiki Article “Xen mit Routing-Setup und zusätzlicher (interner) Bridge” [1] which I mentioned in my last post about XEN Networking [2]. [1] http://wiki.hetzner.de/index.php/Xen_mit_Routing_und_Bridge [2] https://www.henningweiler.de/?p=85 1. Preparation First, you copy ‘vif-route’ to ‘vif-virtual’ and ‘network-route’ to ‘network-virtual. Both are located in /etc/xen/scripts. The, you’ll have to patch the file ‘vif-virtual’ : --- vif-route 2008-04-25 15:03:45.000000000 +0200 +++ vif-virtual 2008-05-02 14:29:22.725192247 +0200 @@ -47,6 +47,11 @@ done fi +# add/remove vif to internalbridge +if [ `echo "${vif}" | grep -e ".*\-br$"` ]; then + brctl ${ipcmd}if xeninternbr0 ${vif} +fi + handle_iptable log debug "Successful vif-route $command for $vif." The host (dom0) has to have a bridge on startup, which you can create in /etc/network/interfaces and give it an internal IP. Mine looks something like this: auto xenintbr iface xenintbr inet static address 10.10.10.100 netmask 255.0.0.0 pre-up /usr/sbin/brctl addbr xenintbr post-up /usr/sbin/tunctl -t tap0 post-up /usr/sbin/brctl addif xenintbr tap0 post-down /sbin/ifconfig xenintbr down post-down /usr/sbin/brctl delbr xenintbr post-down /usr/sbin/tunctl -d tap0 # bridge_maxwait 0 # bridge_fd 0 # bridge_hello 0 # bridge_stp off post-up /sbin/ifconfig xenintbr 10.10.10.100 netmask 255.0.0.0 Now edit the file /etc/xen/xend-config.sxp and substitute the vif-route and network-route entries with the following entries: (network-script network-virtual) (vif-script vif-virtual) 2. DomU Configuration The configuration for the virtual Network Interfaces for the corresponding DomU configuration file has to be setup in the following way: vif = [ 'ip=xx.xx.xx.xx,mac=aa:bb:cc:dd:ee:ff,vifname=domUname-vif', 'mac=aa:bb:cc:dd:ee:ff,vifname=domUname-vif-br'] The first line describes the public IP(v4) address in your providers subnet. The second line describes the internal interface. Remember to change the MAC Adresses for both interfaces since those have to be different! The extension ‘-vif’ or ‘-vif-br’ determines if the interface is connected to the external interface or to the internal bridge, whereby the ‘-vif-br’ resembles the bridge. With the configuration shown above, the domU will have two interfaces (eth0 and eth1) where eth0 points to the external interface and eth1 to the internal bridge. 3. Finishing Touches To be able to use the network, the domU internal network configuration in /etc/network/interfaces has to be changed to hold an internal IP address on eth1 (which corresponds to an IP address in the subnet you specified in the bridge configuration).