Is there any mechanism that prevents NAT setup in host-only networks?

Questo mi ha salvato.

 

https://kb.plesk.com/en/7994

 

Answer

Due to security reasons Parallels Server does not allow outgoing traffic from non-allowed IPs from VMs.

Network filtering is managed by the following values in VM configuration file:

     <PktFilter>
        <PreventPromisc>1</PreventPromisc>
        <PreventMacSpoof>1</PreventMacSpoof>
        <PreventIpSpoof>1</PreventIpSpoof>
     </PktFilter>

PreventIpSpoof — if it is enabled outgoing packets are dropped if its source IP is not one of IPs assigned to this VM;

PreventMacSpoof — if its is enabled outgoing packets are dropped if its source MAC is not VM’s MAC;

PreventPromisc — if it is enabled incoming packets addressed to non-VMs MAC are dropped.

For nested installations:

For Parallels Virtuozzo Containers installed inside of a Virtual Machines it is recommended to disable all these filters in order to provide full network connectivity.

To allow host-routed containers have network connectivity with servers that reside outside of Parallels Server host it is necessary to disable PreventIpSpoof.

To enable bridged networking for containers running in the VM you should disable PreventPromisc and PreventMacSpoof.

All filters can be disabled using following command:

# prlctl set VMNAME --ifname IFACE_NAME --preventpromisc no --ipfilter no --macfilter no

Reboot of VM is required to apply the changes.

Comments are closed.