There are some limitations of NAT mode which users should be aware of, as follows:

• ICMP protocol limitations. Some frequently used network debugging tools, such as ping or traceroute, rely on the ICMP protocol for sending and receiving messages. ICMP support has some limitations, meaning ping should work but some other tools may not work reliably.

• Receiving of UDP broadcasts. The guest does not reliably receive UDP broadcasts. In order to save resources, it only listens for a certain amount of time after the guest has sent UDP data on a particular port. As a consequence, NetBios name resolution based on broadcasts does not always work, but WINS always works. As a workaround, you can use the numeric IP of the required server in the \\server\share notation.

• Some protocols are not supported. Protocols other than TCP and UDP are not supported. GRE is not supported. This means some VPN products, such as PPTP from Microsoft, cannot be used. There are other VPN products which use only TCP and UDP.

• Forwarding host ports below 1024. On UNIX-based hosts, such as Linux, Oracle Solaris, and macOS, it is not possible to bind to ports below 1024 from applications that are not run by root. As a result, if you try to configure such a port forwarding, the VM will refuse to start.

These limitations normally do not affect standard network use. But the presence of NAT has also subtle effects that may interfere with protocols that are normally working. One example is NFS, where the server is often configured to refuse connections from non-privileged ports, which are those ports above 1024.