Route Parallels VMs through Mac host Clash:
Shared networking, SOCKS, and listener hardening

1 Mental model: host TUN is not a Parallels default gateway

If you arrived here after reading our VMware Workstation plus host Clash guide on Windows, reuse the same abstraction—virtual NIC, private subnet, explicit hop to the host listener—while discarding Windows-only details such as VMnet8 naming. On a Mac, Parallels Desktop implements its own virtual switch for shared networking. Traffic originating inside the guest leaves the guest kernel, crosses Parallels’ hypervisor boundary, and is translated before it hits your Wi-Fi or Ethernet interface. That path does not automatically traverse the TUN stack you might enable for Safari or Terminal on the host unless you build non-trivial bridging and policy routing you can still explain six months later.

The boring, supportable approach is therefore unchanged: configure the guest (or individual applications) to use an HTTP or SOCKS5 proxy aimed at the Mac’s address on the Parallels virtual segment and the port where Clash Verge Rev listens—typically the mixed port that accepts both schemes. You still enable Allow LAN (or the equivalent allow-lan: true in merged YAML) so the listener binds beyond 127.0.0.1, because the VM’s source address is not loopback. Skipping that toggle is the single most common reason newcomers see instant timeouts despite “the same port works on the Mac itself.”

Compared with Hyper-V on Windows, the ergonomics differ: macOS exposes fewer knobs in the UI for per-subnet firewall rules, yet Application Firewall prompts and SIP still matter when you test from a fresh VM image. Expect to verify both “Clash accepts the SYN” and “macOS allows the inbound flow” before you tune rule providers for the guest’s traffic.

2 Shared networking: discover the Mac’s address your guest can reach

In Parallels Desktop, set the virtual machine’s network adapter to Shared Network (wording may appear as “Shared” or “NAT” depending on version). Boot the guest, open a shell, and inspect the default route. On many default installs the guest sits on 10.211.55.0/24 (or a closely related Parallels-managed range) with a gateway such as 10.211.55.1 that represents the Mac side of the virtual router. Treat that gateway address as your first candidate for HTTP_PROXY and ALL_PROXY targets—but verify rather than memorize: corporate templates, older Parallels builds, or custom network profiles can shift the prefix.

From macOS, confirm the host’s interface address on the same segment. System Settings → Network sometimes lists the Parallels virtual interface; alternatively, use ifconfig in Terminal and look for an interface whose IPv4 sits in the same /24 as the guest. The value you need is the one the guest should dial for 7890 (or whichever mixed port you configured), not the guest’s own DHCP lease and not your public coffee-shop IP. If ping from the guest to that host address succeeds but TCP to the mixed port fails, you are already past “wrong IP” and into listener binding or firewall scope.

When you run multiple VMs concurrently, they share that virtual wire. That is fine for Clash: one host listener can serve many guests provided you understand the security trade-off—any machine on that virtual segment could attempt to use your proxy if you leave it wide open. On lab laptops, binding to the specific Parallels subnet in your head is enough; on shared machines, pair Allow LAN with conservative profiles and rotate ports if you rotate lab images frequently.

# Replace HOST with the Mac IPv4 on the Parallels shared segment and PORT with your mixed port
export HTTP_PROXY="http://HOST:PORT"
export HTTPS_PROXY="http://HOST:PORT"
export ALL_PROXY="socks5://HOST:PORT"

3 Clash Verge Rev on macOS: mixed port, SOCKS, and where to click

Clash Verge Rev wraps the Mihomo core with a GUI suited to subscription merges, provider toggles, and connection logs. For Parallels guests you care about two surfaces: the inbound listeners declared in your effective profile (often port, socks-port, and mixed-port after merges), and the Verge settings that expose those listeners to other devices on your machine’s interfaces. Enable Allow LAN so connections sourced from the Parallels subnet are accepted. If you prefer SOCKS-only exposure, set an explicit socks-port and point ALL_PROXY at it while keeping HTTP traffic on the mixed listener—some automation stacks behave better with split schemes.

Keep ports stable across reboots. Randomizing the mixed port might look “safer,” yet it guarantees broken guest profiles the next morning. Pick a high, unused port if 7890 collides with another developer tool, then document the change in the same note where you store the Parallels host IP. After edits, restart the core from Verge and watch the log pane: a bind error on startup is easier to fix before you open ten Windows tabs blaming Microsoft Edge.

For a clean host install first, follow Install Clash Verge Rev on macOS so permissions, helper components, and subscription paths are settled before you layer virtualization. Migrating profiles from another machine has subtleties—see migration and backup guidance if you pasted YAML from a Windows box and wonder why listener blocks differ.

4 Allow LAN plus macOS Application Firewall: when SYN packets die quietly

macOS ships with an Application Firewall that can block incoming connections to signed apps depending on your global toggle and per-app entries. After enabling Allow LAN in Verge, attempt a TCP connection from the guest to HOST:PORT. If ping works but the port test fails, open System Settings → Network → Firewall (or Security preferences on older releases) and either temporarily disable the firewall for a controlled test or add an explicit allow rule for the Clash core binary. Re-enable protection once you confirm behavior; leaving the firewall off on portable hardware is a poor trade for a few minutes saved in triage.

Little Snitch, LuLu, and other third-party filters supersede Apple’s UI. If you run them, create a narrow allow path from the Parallels virtual interface (or from “any local RFC1918 source” if the product phrases it that way) to the Mihomo listener. Broad “allow any inbound to this port from anywhere” rules survive travel worse than scoped ones. Remember that UDP-based QUIC flows may bypass simplistic HTTP-only proxy settings in browsers even when TCP-based HTTPS succeeds through Clash—symptoms then look like “YouTube works in Firefox but not Chrome” when the real split is transport selection, not Parallels itself.

Corporate MDM profiles sometimes enforce firewall defaults you cannot relax. In that environment, prefer bridged networking (covered later) with documented IT approval, or run a dedicated outbound chain entirely inside the guest. There is no magical YAML keyword that overrides enterprise device policy; network operators should escalate to whoever owns the MDM baseline instead of endlessly toggling external-controller.

5 Windows inside Parallels: system proxy, WinHTTP, and store apps

Windows 10 and 11 honor Settings → Network & Internet → Proxy for many WinHTTP consumers, yet long-running services, legacy installers, and certain Microsoft Store stacks may ignore those toggles unless you also import proxy settings into the WinHTTP layer via netsh winhttp import proxy source=ie after aligning Internet Options. That sentence is tedious because Windows is tedious: expect a phase where curl.exe works through environment variables while the Xbox app stubbornly uses a direct path until you unify system and WinHTTP configuration.

PowerShell’s Test-NetConnection HOST -Port PORT remains the fastest proof of TCP from guest to host listener. Follow with Invoke-WebRequest https://www.gstatic.com/generate_204 -Proxy http://HOST:PORT (adapt URL to something your ruleset actually permits) to confirm TLS succeeds end-to-end through Clash rather than through a split tunnel you did not intend. When Office or Edge misbehave, capture whether the process respects the system proxy; if not, route that workload through a browser that does, or consider running Mihomo inside the guest—a heavier option outside today’s scope.

Windows Update and device encryption flows sometimes demand DIRECT paths to Microsoft CDNs. If your Clash profile aggressively sends all microsoft.com traffic through a congested node, expect large downloads to stall unrelated to Parallels. Keep a pragmatic split: route what you must, leave bulky trusted update payloads on faster paths when policy allows. Logs beat ideology—filter Mihomo by source IP if the UI exposes it, or infer from timing windows.

6 Linux guests: per-shell exports, APT, Docker, and GUI apps

Debian- and Ubuntu-derived guests usually respect /etc/environment or per-user shell rc files for http_proxy lowercase variables. Package managers such as APT additionally read /etc/apt/apt.conf.d/ snippets when you need proxy-aware apt update during lab builds. Container engines introduce another layer: Docker daemon JSON supports proxies distinct from the host, and forgetting that split produces images that build “direct” while your interactive shell was proxied—confusing until you watch build logs from the daemon’s perspective.

GUI toolkits on Linux may not inherit shell exports. GNOME and KDE each expose their own proxy dialogs; Electron apps sometimes read Chromium’s proxy flags instead. When “only Firefox works,” you are usually comparing an app that respects ALL_PROXY with one that does not. Standardize on one mechanism per VM image and bake it into cloud-init or a post-install script so snapshots roll forward predictably.

SSH through the host proxy is rarely necessary for day-to-day browsing, but developers often combine ProxyJump with local forwarding. Keep keys and tokens out of shared lab snapshots; Parallels’ snapshot feature is convenient until an old image accidentally contains a static API key in ~/.bashrc history.

7 Bridged networking: when the guest should sit on the real LAN

Switch the VM adapter to Bridged when you want the guest to obtain a DHCP lease from the same router as the Mac—useful on networks where NAT-in-NAT breaks captive portals, or when IT mandates visibility of each device MAC address. In bridged mode, aim your proxy settings at the Mac’s ordinary LAN IPv4 (again with Allow LAN), not the Parallels-only address from shared mode. Roaming between Ethernet and Wi-Fi may require revisiting which physical interface Parallels bridges to; stale selections mirror the VMware footguns we described earlier.

Bridged mode increases exposure: the guest is a first-class citizen on the LAN segment, which can complicate compliance reviews but simplifies discovery when you already know the Mac’s hostname from your router’s client table. Choose shared versus bridged based on environment, not superstition—neither mode automatically improves throughput if your bottleneck is the remote proxy node quality.

8 DNS, FakeIP, and resolver mismatches across two operating systems

Many Clash profiles enable FakeIP or custom DNS listeners on the host. The guest still runs its own stub resolver unless you explicitly re-point it. If HTTPS works when you type an IP literal but hostnames fail, you are almost certainly observing DNS divergence rather than “Parallels broke TLS.” Align strategies: either configure the guest to use a resolver consistent with your Clash DNS pipeline (sometimes your upstream DoH endpoint or a trusted public resolver allowed by rules), or accept that some apps perform DNS over HTTPS independently of OS settings—Chrome’s secure DNS toggle is a frequent culprit.

IPv6 adds the same dual-stack surprises we outlined for VMware: if the guest prefers AAAA records while your proxy path is IPv4-only, failures look intermittent. Test with IPv6 temporarily disabled on the guest NIC, then either carry IPv6 consistently or document the preference. Our Meta core DNS leak prevention article explains FakeIP versus redir-host trade-offs that apply whenever two kernels participate in one policy story.

Split DNS inside the guest—common when VPN clients run both on the Mac and inside Windows—can send corporate hostnames to internal resolvers while public names bypass Clash. Log resolver choices during reproduction instead of guessing from a single failed ping.

9 Verification checklist before you touch rule providers

• TCP reachability: From the guest, test the host IP and mixed or SOCKS port; success must precede TLS or HTTP debugging.
• Listener binding: On the Mac, confirm Verge shows the inbound on 0.0.0.0 or the expected interface after Allow LAN—not only 127.0.0.1.
• Firewall prompts: Resolve any macOS or third-party deny rules, then retest before editing YAML.
• DNS spot check: Compare dig or nslookup answers inside the guest with Clash DNS expectations.
• Rule isolation: Temporarily use a simple global proxy group to separate profile mistakes from networking mistakes.
• Adapter mode: Reconfirm Shared versus Bridged in Parallels hardware settings when symptoms change after suspend or travel.

10 Wrap-up

Parallels Desktop on macOS pairs naturally with Clash Verge Rev when you treat the guest like any other LAN client that needs an explicit hop: enable Allow LAN, aim HTTP and SOCKS settings at the Mac’s address on the shared networking segment, open the listener through macOS firewall prompts, and align DNS with your Mihomo mode so FakeIP does not fight the guest resolver. TUN on the host remains a convenience for Mac-native apps—not a substitute for documented guest proxy configuration. Compared with juggling one-off VPN clients per VM, a single maintained profile on the host plus repeatable guest environment variables scales to multiple lab images without silent drift.

When installers and platform notes are what you need—not raw upstream release pages as the default path—use this site’s download page for curated builds, finish host-side setup, then return to Parallels and walk the verification list while watching Mihomo logs for the first successful guest flows.

Among open proxy stacks, Mihomo’s structured logging and Verge’s approachable UI reward operators who split lab traffic from personal browsing without giving up observability—especially when package managers and IDEs open parallel HTTPS sessions you still want to correlate in one log pane.

→ Download Clash for free and experience the difference