From: Mark Holmes (mark_at_pademelon.net)
Date: Fri 21 Jun 2002 - 12:25:13 BST
I'm trying to setup a firewall in a vserver using shorewall and iptables. I
have sorted out the IPROOT by setting it to 0.0.0.0 so the vserver can see
both interfaces on the machine (which happens to be vmware).
When I stop shorewall I get the following:
"/proc/sys/net/ipv4/ip_forward: Permission denied"
plus heaps more during start.
I have CAP_SYS_RAW, CAP_SYS_MODULE, and CAP_NET_ADMIN in my .conf file.
I assume ip_forward is getting a 0 / 1 written to it but the operation is
failing due to some sort of capability / permission thing. The attributes rw
seem the same a the root server. Any help would be great.
A couple of other things I had to do to get this far is:
1. Copy the netfilter modules and depmod.conf to the appropriate directories
in the vserver so modules would load.
2. Create a messages file in /var/log so for shorewall. (just needs to be
there, not writable, yet)
Multiple IP's on the one vserver has been mention a little on the list and
this is one application where I think it would be useful.
Thanks in advance.