IPTables module ip_tables not found for root
Solution 1
"
iptables
" is the userland application that deals with theip_tables
kernel module.It seems you already have
/bin/iptables
but your kernel has not included/loaded ip_tables.koif your kernel does not support
ip_tables
your distro might have it included as a loadable kernel module at:/lib/modules/$(uname -r)/kernel/net/ipv4/netfilter/ip_tables.ko
where
$(uname -r)
is the kernel version, i.e.3.5.0-18-generic
.if you find
ip_tables.ko
you can try# depmod # modprobe ip_tables
or
# insmod /lib/modules/`uname -r`/kernel/net/ipv4/netfilter/ip_tables.ko
Depending if your distro includes real depmod/modprobe/insmod apps or the ones implemented by busybox you might run into some additional issues like relative path problems or compressed kernel modules not handled correctly depending on the busybox version.
If the
ip_tables.ko
is not available you either have to rebuild the kernel withip_table`` support or as an external loadable module. In the last case after creating
ip_tables.ko` go back to step 2.
Solution 2
TL;DR
Update your kernel:
sudo pacman -S linux
Update your bootloader:
bootctl --path=/boot install
Reboot
This morning I ran into this same problem when trying to configure iptables:
[root@office-pc /]# iptables -t nat -A POSTROUTING -o enp0s31f6 -j MASQUERADE
iptables v1.6.0: can't initialize iptables table `nat': Table does not exist (do you need to insmod?)
Perhaps iptables or your kernel needs to be upgraded.
I am using iptables version:
[root@office-pc /]# pacman -Q iptables
iptables 1.6.0-1
What has happened?
Does the ip_tables kernel module actually exist?
[root@office-pc /]# /lib/modules/`uname -r`/kernel/net/ipv4/netfilter/ip_tables.ko
bash: /lib/modules/4.8.13-1-ARCH/kernel/net/ipv4/netfilter/ip_tables.ko: No such file or directory
[root@office-pc /]# modprobe ip_tables
modprobe: FATAL: Module ip_tables not found in directory /lib/modules/4.8.13-1-ARCH
hmmm.... Seems it has dissapeared! Lets find out: 1. What kernel is my computer using? 2. Does it support iptables?
[root@office-pc /]# uname -r
4.8.13-1-ARCH
[root@office-pc /]# cat /proc/sys/kernel/osrelease
4.8.13-1-ARCH
[root@office-pc /]# zgrep IPTABLES /proc/config.gz
CONFIG_IP_NF_IPTABLES=m
CONFIG_IP6_NF_IPTABLES=m
Ok.... This is odd because its a standard Arch Linux kernel, and it supports iptables.
Lets have a look to see if there are any netfilter modules available (I would be very surprised if there were not because it is very unlikely something would delete them):
[root@office-pc /]# ls /lib/modules/*/kernel/net/*/netfilter/
/lib/modules/4.9.11-1-ARCH/kernel/net/bridge/netfilter/:
ebt_802_3.ko.gz ebtables.ko.gz ebt_dnat.ko.gz ebt_log.ko.gz ebt_pkttype.ko.gz ebt_vlan.ko.gz nft_reject_bridge.ko.gz
ebtable_broute.ko.gz ebt_among.ko.gz ebt_ip6.ko.gz ebt_mark.ko.gz ebt_redirect.ko.gz nf_log_bridge.ko.gz
ebtable_filter.ko.gz ebt_arp.ko.gz ebt_ip.ko.gz ebt_mark_m.ko.gz ebt_snat.ko.gz nf_tables_bridge.ko.gz
ebtable_nat.ko.gz ebt_arpreply.ko.gz ebt_limit.ko.gz ebt_nflog.ko.gz ebt_stp.ko.gz nft_meta_bridge.ko.gz
/lib/modules/4.9.11-1-ARCH/kernel/net/ipv4/netfilter/:
arptable_filter.ko.gz ip_tables.ko.gz nf_conntrack_ipv4.ko.gz nf_nat_pptp.ko.gz nft_dup_ipv4.ko.gz
arp_tables.ko.gz ipt_ah.ko.gz nf_defrag_ipv4.ko.gz nf_nat_proto_gre.ko.gz nft_masq_ipv4.ko.gz
arpt_mangle.ko.gz ipt_CLUSTERIP.ko.gz nf_dup_ipv4.ko.gz nf_nat_snmp_basic.ko.gz nft_redir_ipv4.ko.gz
iptable_filter.ko.gz ipt_ECN.ko.gz nf_log_arp.ko.gz nf_reject_ipv4.ko.gz nft_reject_ipv4.ko.gz
iptable_mangle.ko.gz ipt_MASQUERADE.ko.gz nf_log_ipv4.ko.gz nf_tables_arp.ko.gz
iptable_nat.ko.gz ipt_REJECT.ko.gz nf_nat_h323.ko.gz nf_tables_ipv4.ko.gz
iptable_raw.ko.gz ipt_rpfilter.ko.gz nf_nat_ipv4.ko.gz nft_chain_nat_ipv4.ko.gz
iptable_security.ko.gz ipt_SYNPROXY.ko.gz nf_nat_masquerade_ipv4.ko.gz nft_chain_route_ipv4.ko.gz
/lib/modules/4.9.11-1-ARCH/kernel/net/ipv6/netfilter/:
ip6table_filter.ko.gz ip6t_ah.ko.gz ip6t_mh.ko.gz nf_conntrack_ipv6.ko.gz nf_reject_ipv6.ko.gz nft_redir_ipv6.ko.gz
ip6table_mangle.ko.gz ip6t_eui64.ko.gz ip6t_NPT.ko.gz nf_defrag_ipv6.ko.gz nf_tables_ipv6.ko.gz nft_reject_ipv6.ko.gz
ip6table_nat.ko.gz ip6t_frag.ko.gz ip6t_REJECT.ko.gz nf_dup_ipv6.ko.gz nft_chain_nat_ipv6.ko.gz
ip6table_raw.ko.gz ip6t_hbh.ko.gz ip6t_rpfilter.ko.gz nf_log_ipv6.ko.gz nft_chain_route_ipv6.ko.gz
ip6table_security.ko.gz ip6t_ipv6header.ko.gz ip6t_rt.ko.gz nf_nat_ipv6.ko.gz nft_dup_ipv6.ko.gz
ip6_tables.ko.gz ip6t_MASQUERADE.ko.gz ip6t_SYNPROXY.ko.gz nf_nat_masquerade_ipv6.ko.gz nft_masq_ipv6.ko.gz
So there is a clue here; it appears I have a kernel mis-match (there are kernel modules for kernel version: /lib/modules/4.9.11-1 which does not match the kernel running on my computer - 4.9.13-1). So lets check to see if there are any modules available for the kernel running on my machine:
[root@office-pc /]# ls /lib/modules/4.8.13-1-ARCH
ls: cannot access '/lib/modules/4.8.13-1-ARCH': No such file or directory
Nope! So this is most likely to be the root cause of the problem; the kernel running on my machine does not have any loadable modules (not good). Lets try to fix it by updating (in my case, downgrading) the kernel, because I am using the standard Arch Linux kernel which is under pacman version control I can simply run pacman to update it (if you are using a custom kernel that is a problem you will be able to solve):
[root@office-pc /]# sudo pacman -S linux
...
Packages (1) linux-4.9.11-1
...
Great! pacman will install kernel 4.9.11-1, which is the one I want (I have modules for this kernel - I have no idea how I ended up getting Kernel 4.9.13). Let pacman complete installation.
Finally, I need to make sure this kernel will be used when booting the machine. So I need to update the boot manager (I am using systemd-boot). - I have a boot partition which is mounted to /boot - Delete the loader.conf file: /boot/loader/loader.conf (it will be updated when running bootctl below and bootctl will not update it if it already exists) - Run bootctl to update the boot manager:
[root@office-pc /]$ bootctl --path=/boot install
Now reboot the computer.... When it reboots it should use the new (downgraded) kernel!
Once its booted, and you have logged in, check the kernel version to ensure the correct kernel is running:
[matt@office-pc /]$ uname -r
4.9.11-1-ARCH
Now try to run the original command (to setup iptables internet sharing)
[matt@office-pc /]$ sudo iptables -t nat -A POSTROUTING -o enp0s31f6 -j MASQUERADE
[matt@office-pc /]$ sudo iptables -A FORWARD -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
[matt@office-pc /]$ sudo iptables -A FORWARD -i enp0s20f0u4u3 -o enp0s31f6 -j ACCEPT
Woo-hoo Problem fixed! (note I logged in as root user to fix this problem - I would not recommend doing this unless you are confident you know what you are doing!)
Related videos on Youtube
Gopi
Updated on September 18, 2022Comments
-
Gopi over 1 year
We got a custom build Linux distribution from a vendor, which is not shipped with iptables enabled.
root@xxxx:~# iptables -L modprobe: FATAL: Module ip_tables not found. iptables v1.4.21: can't initialize iptables table `filter': Table does not exist (do you need to insmod?) Perhaps iptables or your kernel needs to be upgraded.
I also tried using modprobe but not found and also find command also found nothing.
# modprobe ip_tables modprobe: FATAL: Module ip_tables not found. # find / -name "ip_tables*" #
Is it possible to compile netfilter and iptables and integrate it? I tried compiling entire kernel, but due to some unknown factor some functionality is not working. Hence I need to build them as kernel module and integrate it with our existing custom distribution.
-
Anton over 9 yearsHave you tried to compile sources from netfilter.org/downloads.html
-
Jan over 9 yearsHave you tried
modprobe ip_tables
? -
Gopi over 9 yearsI recompiled my kernel to enable the feature. Thanks
-