Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Command: " iptable -L " is not working #767

Closed
odoland opened this issue Aug 4, 2016 · 46 comments
Closed

Command: " iptable -L " is not working #767

odoland opened this issue Aug 4, 2016 · 46 comments

Comments

@odoland
Copy link

odoland commented Aug 4, 2016

  1. Error message when running iptables -L Suggests "kernel needs to be upgraded"

Description/Terminal output & to replicate:

$iptables -L
iptables v1.4.21: can't initialize iptables table `filter': Table does not exist (do you need to insmod?)
Perhaps iptables or your kernel needs to be upgraded

Next, I checked for iptable_nat:

~$ modinfo iptable_nat
libkmod: ERROR ../libkmod/libkmod.c:556 kmod_search_moddep: could not open moddep file '/lib/modules/3.4.0+/modules.dep.bin'
modinfo: ERROR: Module alias iptable_nat not found.

Tried to depmod:

depmod
depmod: ERROR: could not open directory /lib/modules/3.4.0+: No such file or directory
depmod: FATAL: could not search modules: No such file or directory
  1. Windows build:
    Microsoft Windows [Version 10.0.14393]

  2. strace of failing command

labyu@DESKTOP-U037B9F:~$ strace iptables -L
execve("/sbin/iptables", ["iptables", "-L"], [/* 15 vars */]) = 0
brk(0)                                  = 0x17a2000
access("/etc/ld.so.nohwcap", F_OK)      = -1 ENOENT (No such file or directory)
mmap(NULL, 8192, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f464c700000
access("/etc/ld.so.preload", R_OK)      = -1 ENOENT (No such file or directory)
open("/etc/ld.so.cache", O_RDONLY|O_CLOEXEC) = 3
fstat(3, {st_mode=S_IFREG|0644, st_size=18732, ...}) = 0
mmap(NULL, 18732, PROT_READ, MAP_PRIVATE, 3, 0) = 0x7f464c702000
close(3)                                = 0
access("/etc/ld.so.nohwcap", F_OK)      = -1 ENOENT (No such file or directory)
open("/lib/libip4tc.so.0", O_RDONLY|O_CLOEXEC) = 3
read(3, "\177ELF\2\1\1\0\0\0\0\0\0\0\0\0\3\0>\0\1\0\0\0`\26\0\0\0\0\0\0"..., 832) = 832
fstat(3, {st_mode=S_IFREG|0644, st_size=27392, ...}) = 0
mmap(NULL, 2122536, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0x7f464c1f0000
mprotect(0x7f464c1f6000, 2093056, PROT_NONE) = 0
mmap(0x7f464c3f5000, 8192, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x5000) = 0x7f464c3f5000
close(3)                                = 0
access("/etc/ld.so.nohwcap", F_OK)      = -1 ENOENT (No such file or directory)
open("/lib/libip6tc.so.0", O_RDONLY|O_CLOEXEC) = 3
read(3, "\177ELF\2\1\1\0\0\0\0\0\0\0\0\0\3\0>\0\1\0\0\0\340\27\0\0\0\0\0\0"..., 832) = 832
fstat(3, {st_mode=S_IFREG|0644, st_size=31520, ...}) = 0
mmap(NULL, 2126664, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0x7f464bfe0000
mprotect(0x7f464bfe6000, 2097152, PROT_NONE) = 0
mmap(0x7f464c1e6000, 8192, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x6000) = 0x7f464c1e6000
close(3)                                = 0
access("/etc/ld.so.nohwcap", F_OK)      = -1 ENOENT (No such file or directory)
open("/lib/libxtables.so.10", O_RDONLY|O_CLOEXEC) = 3
read(3, "\177ELF\2\1\1\0\0\0\0\0\0\0\0\0\3\0>\0\1\0\0\0\20/\0\0\0\0\0\0"..., 832) = 832
fstat(3, {st_mode=S_IFREG|0644, st_size=47712, ...}) = 0
mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f464c6f0000
mmap(NULL, 2144696, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0x7f464bdd0000
mprotect(0x7f464bddb000, 2093056, PROT_NONE) = 0
mmap(0x7f464bfda000, 8192, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0xa000) = 0x7f464bfda000
close(3)                                = 0
access("/etc/ld.so.nohwcap", F_OK)      = -1 ENOENT (No such file or directory)
open("/lib/x86_64-linux-gnu/libc.so.6", O_RDONLY|O_CLOEXEC) = 3
read(3, "\177ELF\2\1\1\0\0\0\0\0\0\0\0\0\3\0>\0\1\0\0\0\320\37\2\0\0\0\0\0"..., 832) = 832
fstat(3, {st_mode=S_IFREG|0755, st_size=1840928, ...}) = 0
mmap(NULL, 3949248, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0x7f464ba00000
mprotect(0x7f464bbbb000, 2093056, PROT_NONE) = 0
mmap(0x7f464bdba000, 24576, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x1ba000) = 0x7f464bdba000
mmap(0x7f464bdc0000, 17088, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x7f464bdc0000
close(3)                                = 0
access("/etc/ld.so.nohwcap", F_OK)      = -1 ENOENT (No such file or directory)
open("/lib/x86_64-linux-gnu/libdl.so.2", O_RDONLY|O_CLOEXEC) = 3
read(3, "\177ELF\2\1\1\0\0\0\0\0\0\0\0\0\3\0>\0\1\0\0\0\320\16\0\0\0\0\0\0"..., 832) = 832
fstat(3, {st_mode=S_IFREG|0644, st_size=14664, ...}) = 0
mmap(NULL, 2109744, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0x7f464b7f0000
mprotect(0x7f464b7f3000, 2093056, PROT_NONE) = 0
mmap(0x7f464b9f2000, 8192, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x2000) = 0x7f464b9f2000
close(3)                                = 0
mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f464c6e0000
mmap(NULL, 8192, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f464c6d0000
arch_prctl(ARCH_SET_FS, 0x7f464c6d0740) = 0
mprotect(0x7f464bdba000, 16384, PROT_READ) = 0
mprotect(0x7f464b9f2000, 4096, PROT_READ) = 0
mprotect(0x7f464bfda000, 4096, PROT_READ) = 0
mprotect(0x7f464c1e6000, 4096, PROT_READ) = 0
mprotect(0x7f464c3f5000, 4096, PROT_READ) = 0
mprotect(0x613000, 4096, PROT_READ)     = 0
mprotect(0x7f464c622000, 4096, PROT_READ) = 0
munmap(0x7f464c702000, 18732)           = 0
socket(PF_LOCAL, SOCK_STREAM, 0)        = 3
bind(3, {sa_family=AF_LOCAL, sun_path=@"xtables"}, 10) = 0
socket(PF_INET, SOCK_RAW, IPPROTO_RAW)  = -1 EPERM (Operation not permitted)
lstat("/proc/net/ip_tables_names", 0x7fffed698ab0) = -1 ENOENT (No such file or directory)
open("/proc/sys/kernel/modprobe", O_RDONLY) = -1 ENOENT (No such file or directory)
write(2, "iptables v1.4.21: ", 18iptables v1.4.21: )      = 18
write(2, "can't initialize iptables table "..., 87can't initialize iptables table `filter': Table does not exist (do you need to insmod?)) = 87
write(2, "\n", 1
)                       = 1
write(2, "Perhaps iptables or your kernel "..., 54Perhaps iptables or your kernel needs to be upgraded.
) = 54
exit_group(3)                           = ?
+++ exited with 3 +++
@stehufntdev
Copy link
Collaborator

Thanks for reporting the issue. WSL does not currently support the kernel interfaces Linux iptables. Please give us feedback on the user voice page so we can prioritize the scenario - https://wpdev.uservoice.com/forums/266908-command-prompt-console-bash-on-ubuntu-on-windo.

@odoland
Copy link
Author

odoland commented Aug 4, 2016

Here is the user voice page for supporting iptables, ifconfig and others!

https://wpdev.uservoice.com/forums/266908-command-prompt-console-bash-on-ubuntu-on-windo/suggestions/15202875-would-you-like-to-support-ifconfig-iw-iwconfig-t

@iz0eyj
Copy link

iz0eyj commented Aug 5, 2016

I think that WSL still need alot of work on network

@sunilmut
Copy link
Member

The original use voice page referred to in this post was for ifconfig. If you would like to see better support for Linux iptables in WSL, please open a new issue.

@ghost
Copy link

ghost commented Oct 26, 2017

Just confirming this is still an issue.

Edit: Have submitted it on Uservoice -> https://wpdev.uservoice.com/forums/266908-command-prompt-console-bash-on-ubuntu-on-windo/suggestions/32025199-support-iptables

@Brian-Perkins
Copy link

In FCU there is mostly stubbed iptables support (i.e. most things you try to do with it probably won't work). The problem with iptables -L is that it tries to open a RAW socket, which currently requires running elevated as well as root/sudo inside of WSL.

socket(PF_INET, SOCK_RAW, IPPROTO_RAW) = -1 EPERM (Operation not permitted)

@tara-raj
Copy link

tara-raj commented May 29, 2018

To use iptables -L you need to run sudo and an elevated instance. We currently have support for portions of iptable, but not all option flags. Please upvote the user voice ask for additional iptable support.

@WSLUser
Copy link

WSLUser commented Jun 4, 2018

To use iptables -L you need to run sudo and an elevated instance. We currently have support for portions of iptable, but not all option flags.

@tara-raj Could you list what iptable options are available? Looking forward to seeing it fully implemented!

@fruch
Copy link

fruch commented Jun 7, 2018

seems like --jump -j isn't working.

root@LAPTOP-T8AF0OPL:~/compose# iptables --wait -t nat -I POSTROUTING -s 172.18.0.0/16 ! -o br-edc3bcc66c59 -j MASQUERADE
iptables: No chain/target/match by that name.

@WSLUser
Copy link

WSLUser commented Jun 28, 2018

@therealkenc Since native nmap now works, can you see if more iptables option flags work for you as well?

@therealkenc
Copy link
Collaborator

Wouldn't help. Mucking with iptables (filter rules, nat, and the like) is very different surface than doing a port scan.

@jianchengwang
Copy link

docker service cant start in wsl, i dont know if or not this key to cause.here is my failed msg
failed to start daemon: Error initializing network controller: error obtaining controller instance: failed to create NAT chain DOCKER: iptables failed: iptables -t nat -N DOCKER: iptables v1.8.2 (legacy): can't initialize iptables table nat': Table does not exist (do you need to insmod?)
Perhaps iptables or your kernel needs to be upgraded.
(exit status 3)
`

@leonardo-machado
Copy link

docker service cant start in wsl, i dont know if or not this key to cause.here is my failed msg
failed to start daemon: Error initializing network controller: error obtaining controller instance: failed to create NAT chain DOCKER: iptables failed: iptables -t nat -N DOCKER: iptables v1.8.2 (legacy): can't initialize iptables table nat': Table does not exist (do you need to insmod?)
Perhaps iptables or your kernel needs to be upgraded.
(exit status 3)
`

I have the same problem!

@reduardo7
Copy link

/reopen

@13567436138
Copy link

is iptables ok now

@13567436138
Copy link

/reopen

@fsackur
Copy link

fsackur commented Sep 22, 2019

@jianchengwang

This suggests that you can get it working with an old version of docker (17.09):

https://medium.com/faun/docker-running-seamlessly-in-windows-subsystem-linux-6ef8412377aa

@leonardo-machado It's not actually helpful to comment just to say "me too" - instead, add a +1 to the existing comment, as others have done. You can do that by clicking on the thumbs-up emoji.

@FireGhost
Copy link

docker service cant start in wsl, i dont know if or not this key to cause.here is my failed msg
failed to start daemon: Error initializing network controller: error obtaining controller instance: failed to create NAT chain DOCKER: iptables failed: iptables -t nat -N DOCKER: iptables v1.8.2 (legacy): can't initialize iptables table nat': Table does not exist (do you need to insmod?)
Perhaps iptables or your kernel needs to be upgraded.
(exit status 3)
`

I have the same problem!

You can set in your /etc/docker/daemon.json file:

{
  "iptables":false
}

Then restart the service 👌

@noramb
Copy link

noramb commented Mar 25, 2020

@Filipdominik , that request is obsolete. WSL2 is already available on the Insiders builds and supports iptables, ifconfig, etc etc.

Funny, cause it definitely still doesn't work on Ubuntu 16.04 WSL2 date 3.25.2020. Could you please clarify how to fix this issue?

@therealkenc
Copy link
Collaborator

therealkenc commented Mar 26, 2020

The OP was:

$iptables -L
iptables v1.4.21: can't initialize iptables table `filter': Table does not exist (do you need to insmod?)
Perhaps iptables or your kernel needs to be upgraded

On WSL2:

image

This submission was tagged fixed-in-wsl2 because the OP fail no longer manifests in WSL2. If there are "aint working" scenarios, folks should feel encouraged to submit a new issue under a new cover, following the template (in particular copy-and-pasteable repro steps).

Keep in mind that you are operating on a virtual network in a VM, which is not the same as operating on your Windows network. Because WSL2 is a Real Linux Kernel, identifying an actual diverge from Linux behavior might be more difficult than it appears. Or it might not, no prejudice. Bonne chance.

@celinhoBruxo
Copy link

docker service cant start in wsl, i dont know if or not this key to cause.here is my failed msg
failed to start daemon: Error initializing network controller: error obtaining controller instance: failed to create NAT chain DOCKER: iptables failed: iptables -t nat -N DOCKER: iptables v1.8.2 (legacy): can't initialize iptables table nat': Table does not exist (do you need to insmod?)
Perhaps iptables or your kernel needs to be upgraded.
(exit status 3)
`

I have the same problem!

Try you start the Ubuntu on Windows as Administrator.

@ngfchristian
Copy link

This is still an issue. does that mean that we cannot WSL?

@cypherstream
Copy link

Still an issue in WSL2 - Ubuntu 20.04 LTS on Windows 10 2004

root@Rockheart:/home/# sudo iptables -t nat -A PREROUTING -p tcp --dport 80 -j REDIRECT --to-port 3000
Could not open socket to kernel: Permission denied
root@Rockheart:/home/# sudo iptables -L
iptables v1.8.4 (legacy): can't initialize iptables table `filter': Table does not exist (do you need to insmod?)
Perhaps iptables or your kernel needs to be upgraded.

@benhillis
Copy link
Member

@cypherstream - are you certain you are using WSL2? What is the output of uname -a?

@cypherstream
Copy link

Well I upgraded to Win 10 Build 2004 which in the Windows 10 release notes state its WSL2. Then I enabled the Windows Subsystem for Linux and rebooted after it was done. Then in the Windows Store I installed Ubuntu 20.04 LTS.

uname -a
Linux Rockheart 4.4.0-19041-Microsoft #1-Microsoft Fri Dec 06 14:06:00 PST 2019 x86_64 x86_64 x86_64 GNU/Linux

@WSLUser
Copy link

WSLUser commented May 14, 2020

You also have to install the virtual machine platform feature for wsl2

@cypherstream
Copy link

cypherstream commented May 15, 2020

You also have to install the virtual machine platform feature for wsl2

Ah thanks, I was naive in thinking one of those big box sites like neowin, zdnet, etc.. that simply state WSL2 as a new bullet point under the whats new in Windows 10 2004 meant it was automatically updated.

now uname -a
Linux Rockheart 4.19.84-microsoft-standard #1 SMP Wed Nov 13 11:44:37 UTC 2019 x86_64 x86_64 x86_64 GNU/Linux

sudo iptables -L
Chain INPUT (policy ACCEPT)
target prot opt source destination

Chain FORWARD (policy ACCEPT)
target prot opt source destination

Chain OUTPUT (policy ACCEPT)
target prot opt source destination

I can't wait for USB device support in the future to start building some software defined radio tools.

@whizsid
Copy link

whizsid commented Aug 13, 2020

I can not start the docker daemon. Because of the iptables.

whizsid@LAPTOP-JFD40N70:~/$ sudo iptables -t nat -N DOCKER
iptables v1.8.2 (legacy): can't initialize iptables table `nat': Table does not exist (do you need to insmod?)
Perhaps iptables or your kernel needs to be upgraded.

@ledangdung
Copy link

docker service cant start in wsl, i dont know if or not this key to cause.here is my failed msg
failed to start daemon: Error initializing network controller: error obtaining controller instance: failed to create NAT chain DOCKER: iptables failed: iptables -t nat -N DOCKER: iptables v1.8.2 (legacy): can't initialize iptables table nat': Table does not exist (do you need to insmod?)
Perhaps iptables or your kernel needs to be upgraded.
(exit status 3)
`

I have the same problem!

Try you start the Ubuntu on Windows as Administrator.

I have the same issued and it's work for me on WSL 1, because when i using the WSL2, the IP address of the window and WSL is not the same and i can not connect through localhost or the localhost ip address. This work for me ♥

@ericzli
Copy link

ericzli commented Jan 27, 2021

Still an issue in WSL2 - Ubuntu 16(or 18) on Windows 10. So dockerd failed to run.

$ sudo iptables -L
iptables v1.6.0: can't initialize iptables table `filter': Table does not exist (do you need to insmod?)
Perhaps iptables or your kernel needs to be upgraded.

@therealkenc
Copy link
Collaborator

So dockerd failed to run

Discussion here. Ref #6044.

image

@jchavezb-37
Copy link

Please do the follow steps:

1.- Open a CMD console with administrator privileges (Very important)
2.- execute bash command (this will open the WLS environment)
3.- Then execute service docker start in the console

Done.
:)

@Pure-Peace
Copy link

Please do the follow steps:

1.- Open a CMD console with administrator privileges (Very important) 2.- execute bash command (this will open the WLS environment) 3.- Then execute service docker start in the console

Done. :)

Thank you so much

@Samuellucas97
Copy link

Please do the follow steps:

1.- Open a CMD console with administrator privileges (Very important) 2.- execute bash command (this will open the WLS environment) 3.- Then execute service docker start in the console

Done. :)

I'm so grateful dude . Thanks a lot 😁! I spend much time trying to solve this problem.

@Capataloutchoupika
Copy link

Capataloutchoupika commented Dec 15, 2021

Any workaround to use docker on WSL2 without UAC Account ?

@tonyplee
Copy link

--------------- I got it working by following in power shell
wsl -l -v
NAME STATE VERSION

  • Ubuntu-18.04 Stopped 1
    Ubuntu-20.04 Stopped 1

wsl --set-version Ubuntu-20.04 2

wsl -l -v
NAME STATE VERSION

  • Ubuntu-18.04 Stopped 1
    Ubuntu-20.04 Stopped 2

----------------- at this point, I start ubuntu 20.04 iptables -L is working for me now and so is dockerd.

$ sudo iptables -L
Chain INPUT (policy ACCEPT)
target prot opt source destination

Chain FORWARD (policy ACCEPT)
target prot opt source destination

@jlearman
Copy link

jlearman commented Jan 21, 2022

Please do the follow steps:

1.- Open a CMD console with administrator privileges (Very important) 2.- execute bash command (this will open the WLS environment) 3.- Then execute service docker start in the console

Done. :)

jlearman:system32$ service docker start
Redirecting to /bin/systemctl start docker.service
System has not been booted with systemd as init system (PID 1). Can't operate.
Failed to connect to bus: Host is down

(So I start docker daemon manually. That fails unless I disable iptables, which I need.)

jlearman:~$ uname -a
Linux LAPTOP-CTL8NA7S 5.10.60.1-microsoft-standard-WSL2 #1 SMP Wed Aug 25 23:20:18 UTC 2021 x86_64 x86_64 x86_64 GNU/Linux

jlearman:~$ sudo iptables -L
Chain INPUT (policy ACCEPT)
target prot opt source destination

Chain FORWARD (policy ACCEPT)
target prot opt source destination

Chain OUTPUT (policy ACCEPT)
target prot opt source destination

Warning: iptables-legacy tables present, use iptables-legacy to see them

@vishalmohakar
Copy link

launch ubuntu.exe as administrator. everything will work.

@Lafifi-24
Copy link

Lafifi-24 commented Apr 30, 2022

launch ubuntu.exe as administrator. everything will work.

I had the same issue(iptables not work) .and it is work when you launch ubuntu as administrator.

@ShitalBorganve
Copy link

yes this is still an issue with wsl even in Ubuntu 4.4.0-19041-Microsoft.
iptables does not work yet, intern issue with docker engine to run on wsl

@lwaggonerExpedia
Copy link

I tried as admin but eventually used this: sudo update-alternatives --set iptables /usr/sbin/iptables-legacy and then it worked (was trying to do this with sshuttle though). Not sure if that matters. Locally I was able to run some of the other commands like iptables -vnL - so perhaps this is a different error. Fact is I was able to get it to work.

# Warning: iptables-legacy tables present, use iptables-legacy to see them
iptables v1.8.7 (nf_tables):  CHAIN_ADD failed (No such file or directory): chain OUTPUT
# Warning: iptables-legacy tables present, use iptables-legacy to see them
iptables: Bad rule (does a matching rule exist in that chain?).
fw: fw: error: fw: ['iptables', '-t', 'nat', '-D', 'OUTPUT', '-j', 'sshuttle-12300'] returned 1
iptables: Bad rule (does a matching rule exist in that chain?).
fw: fw: error: fw: ['iptables', '-t', 'nat', '-D', 'PREROUTING', '-j', 'sshuttle-12300'] returned 1
fw: fatal: fw: ['iptables', '-t', 'nat', '-I', 'OUTPUT', '1', '-j', 'sshuttle-12300'] returned 4
c : fatal: cleanup: ['/usr/bin/sudo', '-p', '[local sudo] Password: ', '/usr/bin/env', 'PYTHONPATH=/usr/lib/python3/dist-packages', '/usr/bin/python3', '/usr/bin/sshuttle', '--method', 'auto', '--firewall'] returned 99``` 

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
Development

No branches or pull requests