Article ID: 7994, created on Jan 22, 2010, last review on Jun 17, 2016

  • Applies to:
  • Virtuozzo 6.0
  • Virtuozzo containers for Linux
  • Virtuozzo containers for Windows
  • Virtuozzo hypervisor


Is there any mechanism that prevents NAT setup in host-only networks?


Due to security reasons Parallels Server does not allow outgoing traffic from non-allowed IPs from VMs.

Network filtering is managed by the following values in VM configuration file:


PreventIpSpoof -- if it is enabled outgoing packets are dropped if its source IP is not one of IPs assigned to this VM;

PreventMacSpoof -- if its is enabled outgoing packets are dropped if its source MAC is not VM's MAC;

PreventPromisc -- if it is enabled incoming packets addressed to non-VMs MAC are dropped.

For nested installations:

For Parallels Virtuozzo Containers installed inside of a Virtual Machines it is recommended to disable all these filters in order to provide full network connectivity.

To allow host-routed containers have network connectivity with servers that reside outside of Parallels Server host it is necessary to disable PreventIpSpoof.

To enable bridged networking for containers running in the VM you should disable PreventPromisc and PreventMacSpoof.

All filters can be disabled using following command:

# prlctl set VMNAME --ifname IFACE_NAME --preventpromisc no --ipfilter no --macfilter no

Reboot of VM is required to apply the changes.

Related topics

3518 Configuring VE bridged mode on Virtuozzo installed on VMware ESX system.

Search Words


virtuozzo inside cloud

Add IP addresses to containers inside a VM

Access a container from 172.

nested installation

Packet loss between virtual machines

vm inside cloud

a26b38f94253cdfbf1028d72cf3a498b 0dd5b9380c7d4884d77587f3eb0fa8ef 2897d76d56d2010f4e3a28f864d69223 c62e8726973f80975db0531f1ed5c6a2 e8e50b42231236b82df27684e7ec0beb d02f9caf3e11b191a38179103495106f 965b49118115a610e93635d21c5694a8

Email subscription for changes to this article
Save as PDF