$ | >

Support iptables

Originally posted on Github around a year ago: https://github.com/Microsoft/WSL/issues/767

Not sure how feasible this is to implement, but I've found myself in a couple of situations where it would've come in quite useful.

362 votes
Sign in
(thinking…)
Sign in with: facebook google
Signed in as (Sign out)

We’ll send you updates on this idea

Ricky shared this idea  ·   ·  Flag idea as inappropriate…  ·  Admin →

33 comments

Sign in
(thinking…)
Sign in with: facebook google
Signed in as (Sign out)
Submitting...
  • Anonymous commented  ·   ·  Flag as inappropriate

    Any update on this? I tried to install Db2 11.1 fp4 LUW, installation was success, but, I can´t create Db2 instance because port 5021 is reported as "on use", I tried to use iptables and I´m not allowed:
    root@DESKTOP-9P1157U:/# uname -a
    Linux DESKTOP-9P1157U 4.4.0-17763-Microsoft #253-Microsoft Mon Dec 31 17:49:00 PST 2018 x86_64 x86_64 x86_64 GNU/Linux
    root@DESKTOP-9P1157U:/# ufw allow 5021/tcp
    ERROR: initcaps
    [Errno 2] iptables v1.6.1: can't initialize iptables table `filter': Table does not exist (do you need to insmod?)
    Perhaps iptables or your kernel needs to be upgraded.

    root@DESKTOP-9P1157U:/# ufw status
    ERROR: problem running iptables: iptables v1.6.1: can't initialize iptables table `filter': Table does not exist (do you need to insmod?)
    Perhaps iptables or your kernel needs to be upgraded.

    root@DESKTOP-9P1157U:/# db2ls

    Install Path Level Fix Pack Special Install Number Install Date Installer UID
    ---------------------------------------------------------------------------------------------------------------------
    /opt/ibm/db2/V11.1 11.1.4.4 4 Fri Feb 1 00:38:16 2019 STD 0
    root@DESKTOP-9P1157U:/#

  • Adam Hoelscher commented  ·   ·  Flag as inappropriate

    There hasn't been enough of the iptables functionality implemented to allow Docker to run on WSL, which strikes me as a gaping hole when WSL is billed as a tool for developers.

  • [Deleted User] commented  ·   ·  Flag as inappropriate

    please support iptables in WLS.
    iptables -L
    iptables v1.6.1: can't initialize iptables table `filter': Table does not exist (do you need to insmod?)
    Perhaps iptables or your kernel needs to be upgraded.

  • Anonymous commented  ·   ·  Flag as inappropriate

    Yeah sshuttle is the main use case for us as well in order to access the secured infrastructure via jump hosts. I still hear the laughter of our macos users after trying to position WSL (and then epically failing ...)

  • Börnd commented  ·   ·  Flag as inappropriate

    Full iptables support is also needed for sshuttle. Otherwise this error pops up:

    iptables v1.6.0: can't initialize iptables table 'nat': Table does not exist (do you need to insmod?) Perhaps iptables or your kernel needs to be upgraded.

  • Dana commented  ·   ·  Flag as inappropriate

    How many webpages does it take for the Windows WSL team to realize users need a solution to: ERROR: problem running iptables: iptables v1.6.0: can't initialize iptables table 'filter': Table does not exist (do you need to insmod?).
    P.S. I would love to insmod if there was a location...

  • Wyzeman commented  ·   ·  Flag as inappropriate

    needed to run docker.

    time="2018-06-04T09:27:23.460743100-04:00" level=warning msg="Running modprobe nf_nat failed with message: `modprobe: ERROR: ../libkmod/libkmod.c:586 kmod_search_moddep() could not open moddep file '/lib/modules/4.4.0-17134-Microsoft/modules.dep.bin'\nmodprobe: WARNING: Module nf_nat not found in directory /lib/modules/4.4.0-17134-Microsoft`, error: exit status 1"
    time="2018-06-04T09:27:23.482630900-04:00" level=warning msg="Running modprobe xt_conntrack failed with message: `modprobe: ERROR: ../libkmod/libkmod.c:586 kmod_search_moddep() could not open moddep file '/lib/modules/4.4.0-17134-Microsoft/modules.dep.bin'\nmodprobe: WARNING: Module xt_conntrack not found in directory /lib/modules/4.4.0-17134-Microsoft`, error: exit status 1"
    Error starting daemon: Error initializing network controller: error obtaining controller instance: failed to create NAT chain DOCKER: iptables failed: iptables -t nat -N DOCKER: iptables v1.6.2: can't initialize iptables table `nat': Table does not exist (do you need to insmod?)

  • Dustin Salmons commented  ·   ·  Flag as inappropriate

    If it is mainly an issue with iptables -L requiring root, maybe give power users a switch to change values such as:

    socket(PF_INET, SOCK_RAW, IPPROTO_RAW) = -1 EPERM (Operation not permitted)

2 Next →

Feedback and Knowledge Base