For a virtual machine in xen server to work in pass-by filtering, you need to allow "Promiscuous Mode" for both the physical network interface and the virtual interface. Please check this link for the official document from citrix.
Required steps are listed in below.
1). Run the following command on the XenServer host to grab the PIF UUID:
xe pif-list network-name-label="name_of_network"
Where "name_of_network" is the common name for the network as it appears in XenCenter (Network 0, for example).
Note the UUID for the PIF because you need it for the next command.
2). To enable promiscuous mode for the PIF, run the following command on the XenServer host:
xe pif-param-set uuid="uuid_of_pif" other-config:promiscuous="true"
Where "uuid_of_pif" is the UUID for the PIF copied from Step 1.
1). Run the following command on the XenServer host to get the VIF UUID:
xe vif-list vm-name-label="name_of_vm"
Where "name_of_vm" is the common name of the virtual machine as it appears in XenCenter.
Note the UUID for the VIF because you need it for the next command.
2). To enable promiscuous mode for the VIF, run the following command on the XenServer host:
xe vif-param-set uuid="uuid_of_vif" other-config:promiscuous="true"
Where "uuid_of_vif" is the UUID for the VIF copied from Step 1.
1). Run the following commands to activate the preceding changes:
xe vif-unplug uuid="uuid_of_vif"
xe vif-plug uuid= "uuid_of_vif"
Please notice: since version 6, XenServer is using OpenVSwitch as its core network component, which makes the above solution no longer working. To make it work, you need to run the following command:
xe-switch-network-backend bridge
This command will break switch back to the old bridge mode.