I have a vm that uses some linux routing / forwarding / nat. I thought maybe this is a bit overkill and convert this to a container. However I am not sure if and what linux capabilities I need to grant to enable eg. forwarding. I think from security perspective it would be nicer to keep this isolated from the host. sysctl -w net.ipv4.ip_forward=1 Generates sysctl: error setting key 'net.ipv4.ip_forward': Read-only file system Nice would be to have something running maybe in user space that is similar to: /sbin/iptables -A FORWARD -o $EXT -s 192.168.122.74/32 -m state --state NEW,ESTABLISHED,RELATED -j ACCEPT /sbin/iptables -A FORWARD -i $EXT -d 192.168.122.74/32 -m state --state NEW,ESTABLISHED,RELATED -j ACCEPT # meet frontend /sbin/iptables -t nat -A PREROUTING -d x.x.x.x/32 -p tcp -m tcp --dport 444 -j DNAT --to-destination 192.168.122.74 /sbin/iptables -t nat -A PREROUTING -d x.x.x.x/32 -p tcp -m tcp --dport 4443 -j DNAT --to-destination 192.168.122.74 /sbin/iptables -t nat -A PREROUTING -d x.x.x.x/32 -p udp -m udp --dport 10000:20000 -j DNAT --to-destination 192.168.122.74 /sbin/iptables -t nat -A POSTROUTING -o $EXT -s 192.168.122.74 -j SNAT --to-source x.x.x.x Is there anything that can do routing/nat between interfaces but runs in users space???
