New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Command: " iptable -L " is not working #767

Closed
odoland opened this Issue Aug 4, 2016 · 11 comments

Comments

Projects
None yet
10 participants
@odoland

odoland commented Aug 4, 2016

  1. Error message when running iptables -L Suggests "kernel needs to be upgraded"

Description/Terminal output & to replicate:

$iptables -L
iptables v1.4.21: can't initialize iptables table `filter': Table does not exist (do you need to insmod?)
Perhaps iptables or your kernel needs to be upgraded

Next, I checked for iptable_nat:

~$ modinfo iptable_nat
libkmod: ERROR ../libkmod/libkmod.c:556 kmod_search_moddep: could not open moddep file '/lib/modules/3.4.0+/modules.dep.bin'
modinfo: ERROR: Module alias iptable_nat not found.

Tried to depmod:

depmod
depmod: ERROR: could not open directory /lib/modules/3.4.0+: No such file or directory
depmod: FATAL: could not search modules: No such file or directory
  1. Windows build:
    Microsoft Windows [Version 10.0.14393]

  2. strace of failing command

labyu@DESKTOP-U037B9F:~$ strace iptables -L
execve("/sbin/iptables", ["iptables", "-L"], [/* 15 vars */]) = 0
brk(0)                                  = 0x17a2000
access("/etc/ld.so.nohwcap", F_OK)      = -1 ENOENT (No such file or directory)
mmap(NULL, 8192, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f464c700000
access("/etc/ld.so.preload", R_OK)      = -1 ENOENT (No such file or directory)
open("/etc/ld.so.cache", O_RDONLY|O_CLOEXEC) = 3
fstat(3, {st_mode=S_IFREG|0644, st_size=18732, ...}) = 0
mmap(NULL, 18732, PROT_READ, MAP_PRIVATE, 3, 0) = 0x7f464c702000
close(3)                                = 0
access("/etc/ld.so.nohwcap", F_OK)      = -1 ENOENT (No such file or directory)
open("/lib/libip4tc.so.0", O_RDONLY|O_CLOEXEC) = 3
read(3, "\177ELF\2\1\1\0\0\0\0\0\0\0\0\0\3\0>\0\1\0\0\0`\26\0\0\0\0\0\0"..., 832) = 832
fstat(3, {st_mode=S_IFREG|0644, st_size=27392, ...}) = 0
mmap(NULL, 2122536, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0x7f464c1f0000
mprotect(0x7f464c1f6000, 2093056, PROT_NONE) = 0
mmap(0x7f464c3f5000, 8192, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x5000) = 0x7f464c3f5000
close(3)                                = 0
access("/etc/ld.so.nohwcap", F_OK)      = -1 ENOENT (No such file or directory)
open("/lib/libip6tc.so.0", O_RDONLY|O_CLOEXEC) = 3
read(3, "\177ELF\2\1\1\0\0\0\0\0\0\0\0\0\3\0>\0\1\0\0\0\340\27\0\0\0\0\0\0"..., 832) = 832
fstat(3, {st_mode=S_IFREG|0644, st_size=31520, ...}) = 0
mmap(NULL, 2126664, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0x7f464bfe0000
mprotect(0x7f464bfe6000, 2097152, PROT_NONE) = 0
mmap(0x7f464c1e6000, 8192, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x6000) = 0x7f464c1e6000
close(3)                                = 0
access("/etc/ld.so.nohwcap", F_OK)      = -1 ENOENT (No such file or directory)
open("/lib/libxtables.so.10", O_RDONLY|O_CLOEXEC) = 3
read(3, "\177ELF\2\1\1\0\0\0\0\0\0\0\0\0\3\0>\0\1\0\0\0\20/\0\0\0\0\0\0"..., 832) = 832
fstat(3, {st_mode=S_IFREG|0644, st_size=47712, ...}) = 0
mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f464c6f0000
mmap(NULL, 2144696, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0x7f464bdd0000
mprotect(0x7f464bddb000, 2093056, PROT_NONE) = 0
mmap(0x7f464bfda000, 8192, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0xa000) = 0x7f464bfda000
close(3)                                = 0
access("/etc/ld.so.nohwcap", F_OK)      = -1 ENOENT (No such file or directory)
open("/lib/x86_64-linux-gnu/libc.so.6", O_RDONLY|O_CLOEXEC) = 3
read(3, "\177ELF\2\1\1\0\0\0\0\0\0\0\0\0\3\0>\0\1\0\0\0\320\37\2\0\0\0\0\0"..., 832) = 832
fstat(3, {st_mode=S_IFREG|0755, st_size=1840928, ...}) = 0
mmap(NULL, 3949248, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0x7f464ba00000
mprotect(0x7f464bbbb000, 2093056, PROT_NONE) = 0
mmap(0x7f464bdba000, 24576, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x1ba000) = 0x7f464bdba000
mmap(0x7f464bdc0000, 17088, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x7f464bdc0000
close(3)                                = 0
access("/etc/ld.so.nohwcap", F_OK)      = -1 ENOENT (No such file or directory)
open("/lib/x86_64-linux-gnu/libdl.so.2", O_RDONLY|O_CLOEXEC) = 3
read(3, "\177ELF\2\1\1\0\0\0\0\0\0\0\0\0\3\0>\0\1\0\0\0\320\16\0\0\0\0\0\0"..., 832) = 832
fstat(3, {st_mode=S_IFREG|0644, st_size=14664, ...}) = 0
mmap(NULL, 2109744, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0x7f464b7f0000
mprotect(0x7f464b7f3000, 2093056, PROT_NONE) = 0
mmap(0x7f464b9f2000, 8192, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x2000) = 0x7f464b9f2000
close(3)                                = 0
mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f464c6e0000
mmap(NULL, 8192, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f464c6d0000
arch_prctl(ARCH_SET_FS, 0x7f464c6d0740) = 0
mprotect(0x7f464bdba000, 16384, PROT_READ) = 0
mprotect(0x7f464b9f2000, 4096, PROT_READ) = 0
mprotect(0x7f464bfda000, 4096, PROT_READ) = 0
mprotect(0x7f464c1e6000, 4096, PROT_READ) = 0
mprotect(0x7f464c3f5000, 4096, PROT_READ) = 0
mprotect(0x613000, 4096, PROT_READ)     = 0
mprotect(0x7f464c622000, 4096, PROT_READ) = 0
munmap(0x7f464c702000, 18732)           = 0
socket(PF_LOCAL, SOCK_STREAM, 0)        = 3
bind(3, {sa_family=AF_LOCAL, sun_path=@"xtables"}, 10) = 0
socket(PF_INET, SOCK_RAW, IPPROTO_RAW)  = -1 EPERM (Operation not permitted)
lstat("/proc/net/ip_tables_names", 0x7fffed698ab0) = -1 ENOENT (No such file or directory)
open("/proc/sys/kernel/modprobe", O_RDONLY) = -1 ENOENT (No such file or directory)
write(2, "iptables v1.4.21: ", 18iptables v1.4.21: )      = 18
write(2, "can't initialize iptables table "..., 87can't initialize iptables table `filter': Table does not exist (do you need to insmod?)) = 87
write(2, "\n", 1
)                       = 1
write(2, "Perhaps iptables or your kernel "..., 54Perhaps iptables or your kernel needs to be upgraded.
) = 54
exit_group(3)                           = ?
+++ exited with 3 +++
@stehufntdev

This comment has been minimized.

Collaborator

stehufntdev commented Aug 4, 2016

Thanks for reporting the issue. WSL does not currently support the kernel interfaces Linux iptables. Please give us feedback on the user voice page so we can prioritize the scenario - https://wpdev.uservoice.com/forums/266908-command-prompt-console-bash-on-ubuntu-on-windo.

@odoland

This comment has been minimized.

@iz0eyj

This comment has been minimized.

iz0eyj commented Aug 5, 2016

I think that WSL still need alot of work on network

@sunilmut

This comment has been minimized.

Member

sunilmut commented Nov 21, 2016

The original use voice page referred to in this post was for ifconfig. If you would like to see better support for Linux iptables in WSL, please open a new issue.

@Orbixx

This comment has been minimized.

Orbixx commented Oct 26, 2017

Just confirming this is still an issue.

Edit: Have submitted it on Uservoice -> https://wpdev.uservoice.com/forums/266908-command-prompt-console-bash-on-ubuntu-on-windo/suggestions/32025199-support-iptables

@Brian-Perkins

This comment has been minimized.

Collaborator

Brian-Perkins commented Oct 30, 2017

In FCU there is mostly stubbed iptables support (i.e. most things you try to do with it probably won't work). The problem with iptables -L is that it tries to open a RAW socket, which currently requires running elevated as well as root/sudo inside of WSL.

socket(PF_INET, SOCK_RAW, IPPROTO_RAW) = -1 EPERM (Operation not permitted)
@tara-raj

This comment has been minimized.

Member

tara-raj commented May 29, 2018

To use iptables -L you need to run sudo and an elevated instance. We currently have support for portions of iptable, but not all option flags. Please upvote the user voice ask for additional iptable support.

@DarthSpock

This comment has been minimized.

DarthSpock commented Jun 4, 2018

To use iptables -L you need to run sudo and an elevated instance. We currently have support for portions of iptable, but not all option flags.

@tara-raj Could you list what iptable options are available? Looking forward to seeing it fully implemented!

@fruch

This comment has been minimized.

fruch commented Jun 7, 2018

seems like --jump -j isn't working.

root@LAPTOP-T8AF0OPL:~/compose# iptables --wait -t nat -I POSTROUTING -s 172.18.0.0/16 ! -o br-edc3bcc66c59 -j MASQUERADE
iptables: No chain/target/match by that name.
@DarthSpock

This comment has been minimized.

DarthSpock commented Jun 28, 2018

@therealkenc Since native nmap now works, can you see if more iptables option flags work for you as well?

@therealkenc

This comment has been minimized.

Collaborator

therealkenc commented Jun 29, 2018

Wouldn't help. Mucking with iptables (filter rules, nat, and the like) is very different surface than doing a port scan.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment