Is there any mechanism that prevents NAT setup in host-only networks?
Due to security reasons Parallels Server does not allow outgoing traffic from non-allowed IPs from VMs.
Network filtering is managed by the following values in VM configuration file:
<PktFilter> <PreventPromisc>1</PreventPromisc> <PreventMacSpoof>1</PreventMacSpoof> <PreventIpSpoof>1</PreventIpSpoof> </PktFilter>
PreventIpSpoof -- if it is enabled outgoing packets are dropped if its source IP is not one of IPs assigned to this VM;
PreventMacSpoof -- if its is enabled outgoing packets are dropped if its source MAC is not VM's MAC;
PreventPromisc -- if it is enabled incoming packets addressed to non-VMs MAC are dropped.
For nested installations:
For Parallels Virtuozzo Containers installed inside of a Virtual Machines it is recommended to disable all these filters in order to provide full network connectivity.
To allow host-routed containers have network connectivity with servers that reside outside of Parallels Server host it is necessary to disable
To enable bridged networking for containers running in the VM you should disable
All filters can be disabled using following command:
# prlctl set VMNAME --ifname IFACE_NAME --preventpromisc no --ipfilter no --macfilter no
Reboot of VM is required to apply the changes.
3518 Configuring VE bridged mode on Virtuozzo installed on VMware ESX system.