--You may need to remove the interface and re-add it.
--Here's what I did for host-only net; Centos 5--64 host and Debian 4 VE:
' vzctl set 101 --netif_add eth0,00:12:34:56:78:9D,veth101.0,00:12:34:56:78:01 --save '
-- ' dhclient eth0 ' did not work in guest; ** NOTE: it may be worthwhile for openvz to implement a VE DHCP server for guests
' ifconfig veth101.0 172.16.0.3 netmask 255.255.0.0 up '
(( guest:
' ifconfig eth0 172.16.1.3 netmask 255.255.0.0 up '
' ping 172.16.0.3 '
))
' ping 172.16.1.3 '
' nmap 172.16.1.3 ' # Revealed ssh
--I ssh'd to another local box on my net and configged it for 172.16 access, and it was *not* able to see the VE--host-only net -- which is what we want.
--Back on the openvz box:
((
' time nmap -F -v -r 172.16.0.3 '
Starting Nmap 4.11 ( http://www.insecure.org/nmap/ ) at 2007-05-26 04:15 CDT
Initiating ARP Ping Scan against 172.16.0.3 [1 port] at 04:15
The ARP Ping Scan took 0.00s to scan 1 total hosts.
DNS resolution of 1 IPs took 0.02s.
Initiating SYN Stealth Scan against 172.16.0.3 [1239 ports] at 04:15
Discovered open port 21/tcp on 172.16.0.3
Discovered open port 22/tcp on 172.16.0.3
The SYN Stealth Scan took 35.76s to scan 1239 total ports.
Host 172.16.0.3 appears to be up ... good.
Interesting ports on 172.16.0.3:
Not shown: 1192 filtered ports, 45 closed ports
PORT STATE SERVICE
21/tcp open ftp
22/tcp open ssh
MAC Address: 00:12:34:56:78:01 (Camille Bauer)
Nmap finished: 1 IP address (1 host up) scanned in 36.122 seconds
Raw packets sent: 2439 (107.314KB) | Rcvd: 48 (1930B)
real 0m36.131s
user 0m0.349s
sys 0m0.021s
))
--Compare this to scan run on the host:
[[
' time nmap 172.16.1.3 '
Starting Nmap 4.20 ( http://insecure.org ) at 2007-05-26 04:20 CDT
Interesting ports on 172.16.1.3:
Not shown: 1696 closed ports
PORT STATE SERVICE
22/tcp open ssh
MAC Address: 00:12:34:56:78:9D (Camille Bauer)
Nmap finished: 1 IP address (1 host up) scanned in 1.303 seconds
real 0m1.315s
user 0m0.153s
sys 0m0.044s
]]