Shorewall users - Aug 2007 - Shorewall-4.0.2 & OpenVZ

Hello List!
    I have some trouble with using Shorewall-4.0.2 under OpenVZ 
environment.
When i try to use shorewall in virtual server i can''t use iptables
modules
loading Shorewall feature. I create empty /etc/shorewall/modules file and
''shorewall check'' command runs fine. But when i start
''shorewall'' i get
follow error (at the end of list):

gate / # shorewall start
Compiling...
Compiling /etc/shorewall/zones...
Compiling /etc/shorewall/interfaces...
Determining Hosts in Zones...
Preprocessing Action Files...
    Pre-processing /usr/share/shorewall/action.Drop...
    Pre-processing /usr/share/shorewall/action.Reject...
Compiling /etc/shorewall/policy...
Compiling /etc/shorewall/routestopped for critical hosts...
Compiling /etc/shorewall/routestopped...
Adding Anti-smurf Rules
Compiling TCP Flags filtering...
Compiling Kernel Route Filtering...
Compiling Martian Logging...
Compiling /etc/shorewall/masq...
Compiling MAC Filtration -- Phase 1...
Compiling /etc/shorewall/rules...
Generating Transitive Closure of Used-action List...
Processing /usr/share/shorewall/action.Reject for chain Reject...
Processing /usr/share/shorewall/action.Drop for chain Drop...
Compiling MAC Filtration -- Phase 2...
Applying Policies...
Generating Rule Matrix...
Creating iptables-restore input...
Shorewall configuration compiled to /var/lib/shorewall/.start
Starting Shorewall....
Initializing...
Processing /etc/shorewall/init ...
Setting up ARP filtering...
Setting up Route Filtering...
Setting up Martian Logging...
Setting up Accept Source Routing...
IP Forwarding Enabled
Setting up Proxy ARP...
Setting up Traffic Control...
Preparing iptables-restore input...
Running iptables-restore...
WARNING: Error inserting x_tables 
(/lib/modules/2.6.18-028stab035/kernel/net/netfilter/x_tables.ko): 
Operation not permitted
FATAL: Error inserting ip_tables 
(/lib/modules/2.6.18-028stab035/kernel/net/ipv4/netfilter/ip_tables.ko): 
Operation not permitted
WARNING: Error inserting x_tables 
(/lib/modules/2.6.18-028stab035/kernel/net/netfilter/x_tables.ko): 
Operation not permitted
FATAL: Error inserting ip_tables 
(/lib/modules/2.6.18-028stab035/kernel/net/ipv4/netfilter/ip_tables.ko): 
Operation not permitted
Processing /etc/shorewall/start ...
Processing /etc/shorewall/started ...
done.


     In virtual server Shorewall can''t found iptables modules but it 
loaded and working (''x_tables'' and
''ip_tables'' also). How i can disable
this check of modules presence (when shorewall ''Running 
iptables-restore...'').

     Thank you very much.
     Aleksandr Shubik
  


-------------------------------------------------------------------------
This SF.net email is sponsored by: Splunk Inc.
Still grepping through log files to find problems?  Stop.
Now Search log events and configuration files using AJAX and a browser.
Download your FREE copy of Splunk now >>  http://get.splunk.com/

alex wrote:
> Running iptables-restore...
> WARNING: Error inserting x_tables 
> (/lib/modules/2.6.18-028stab035/kernel/net/netfilter/x_tables.ko): 
> Operation not permitted
> FATAL: Error inserting ip_tables 
> (/lib/modules/2.6.18-028stab035/kernel/net/ipv4/netfilter/ip_tables.ko): 
> Operation not permitted
> WARNING: Error inserting x_tables 
> (/lib/modules/2.6.18-028stab035/kernel/net/netfilter/x_tables.ko): 
> Operation not permitted
> FATAL: Error inserting ip_tables 
> (/lib/modules/2.6.18-028stab035/kernel/net/ipv4/netfilter/ip_tables.ko): 
> Operation not permitted
> Processing /etc/shorewall/start ...
> Processing /etc/shorewall/started ...
> done.
> 
> 
>      In virtual server Shorewall can''t found iptables modules but
it
> loaded and working (''x_tables'' and
''ip_tables'' also). How i can disable
> this check of modules presence (when shorewall ''Running 
> iptables-restore...'').
This is not Shorewall that is trying to load the module -- it is
iptables-restore and/or the kernel itself.

Note that iptables-restore seems to have exited normally however since
Shorewall started successfully.

This is the wrong list to address this issue -- You''ll need to consult
with
folks who know something about OpenVZ if you want to get these annoying
messages suppressed.

Because that is all that either of the problems that you''ve reported
have
involved -- annoying extra error messages.

-Tom
-- 
Tom Eastep    \ Nothing is foolproof to a sufficiently talented fool
Shoreline,     \ http://shorewall.net
Washington USA  \ teastep@shorewall.net
PGP Public Key   \ https://lists.shorewall.net/teastep.pgp.key



-------------------------------------------------------------------------
This SF.net email is sponsored by: Splunk Inc.
Still grepping through log files to find problems?  Stop.
Now Search log events and configuration files using AJAX and a browser.
Download your FREE copy of Splunk now >>  http://get.splunk.com/