Routed Xen setup

Yesterday i needed to setup a Xen machine where only the MAC address of the host (dom0) was allowed by the firewall. Because of this, a bridged setup could not be used since all domU’s will be using their own MAC address.

So i needed a routed setup instead. That way the host (dom0) will be used as a “router” for the domU’s and the firewall would only see the MAC of the dom0 host when communicating.

Configuration is quite easy. Edit /etc/xen/xend-config.sxp and comment out the bridge related stuff. Then uncomment or add the following lines to enable routing:

(network-script network-route)
(vif-script     vif-route)

Then in /etc/sysctl.conf make sure you’ve these 2 lines to enable routing. The Proxy arp is needed if you have domU’s on differend networks.

net.ipv4.ip_forward = 1
net.ipv4.conf.all.proxy_arp = 1</pre>
Restart xend, reboot the domU's and you're done (you can also just reboot the host).