- The container is not reachable on the newly assigned IP address.
- The container uses Bridged networking mode.
- The new IP address was assigned to container either from PVA Management node or using
- The interface has "configure=all" in the "NETIF" veriable in the container's configuration file.
The problem is solved after the container is restarted.
Starting with PCS 6.0, the Dispatcher process configures Ethernet bridges filtering rules for containers in the bridged mode to protect other environments from IP spoofing.
vzctl does not send notifications to Dispatcher on adding a new IP address to a container in the bridged mode.
The issue is recognized as a product bug with the internal ID PSBM-24952.
The fix is included in Parallels Cloud Server 6.0 Update 6 (6.0.6-1992).
In case the node cannot be updated right away, there is a number of workarounds to try:
Re-assign the new IP address with
~# vzctl set CTID --ifname eth0 --ipdel xx.xx.xx.xx ~# prlctl set CTID --device-set net0 --ipadd xx.xx.xx.xx/mask
Note: use the proper interface name for
vzctl set- this is the Ethernet interface name in the container as returned by
ip link; use the network interface for
prlctl setas it is shown by
prlctl list CTID -i.
If the IP address has already been assigned from PVA or via
vzctl, it's possible to modify
ebtablesrules accordingly. Real-life example:
[root@vz ~]# vzlist 821 -Ho ip 10.39.81.16 [root@vz ~]# vzctl set 821 --ifname eth0 --ipadd 10.39.81.227 --save Configure virtual adapters: veth821.0 Saved parameters for Container 821 [root@vz ~]# ebtables-save | grep 10.39.81.16 -A ip-filter-veth821-0 --among-src 0:18:51:5f:f9:4f=10.39.81.16, -j ACCEPT [root@vz ~]# ebtables -D ip-filter-veth821-0 --among-src 0:18:51:5f:f9:4f=10.39.81.16, -j ACCEPT [root@vz ~]# ebtables -A ip-filter-veth821-0 --among-src 0:18:51:5f:f9:4f=10.39.81.16,0:18:51:5f:f9:4f=10.39.81.227, -j ACCEPT
- Restart the container.