iptables not installed on centos
7,309
Solution 1
It looks like the machine is running in a virtualized environment, or more specific: in an operating system-level virtualized environment, like LXC, OpenVZ or Virtuozzo. The kernel version (2.6.32-5-vserver-amd64) gives this away.
In such an environment the kernel is shared between the host and the guest systems, and not all kernel APIs are available in VMs. I guess that's the reason why you have a permission error when calling iptables.
When you find out in which environment your machine is running, you might be able to find a solution online:
- The knowledge base for Parallels' Virtuozzo has an article on How do I enable firewall in a Container.
- The OpenVZ wiki has an article on Setting up an iptables firewall.
But you might have to contact the administrator of the host system to make the necessary changes.
Solution 2
Firstly try this command :
iptables -t nat -L
And also check for loaded module list for iptables,might be module is missing.
cat /proc/net/ip_tables_matches
Check the rules in /etc/sysconfig/iptables for any suspicious entry or space character.
Secondly try this:
$ sudo grep -R "options nf_conntrack ip_conntrack_disable_ve0=1" /etc/modprobe.d/
and replace the "1" with "0":
options nf_conntrack ip_conntrack_disable_ve0=0
reboot your system
Related videos on Youtube
21 : 16
How to use iptables on Linux CentOS 7
02 : 26
Cài đặt iptables trên Centos 7
02 : 37
Cài đặt Iptables trên Centos
11 : 25
Installing iptables services on CentOS 7
03 : 31
DevOps & SysAdmins: iptables not installed on centos (3 Solutions!!)
Author by
girlcoder
Updated on September 18, 2022Comments
-
girlcoder almost 2 years
If a machine does not have iptables installed, is there still a firewall running?
If yes, how to I disable / change rules?
if I enter the command
iptablesI receive the response:iptables v1.4.7: no command specified [root@ruad1 ~]# iptables -L FATAL: Module ip_tables not found. iptables v1.4.7: can't initialize iptables table `filter': Permission denied (you must be root) Perhaps iptables or your kernel needs to be upgraded.I have been searching but all documentation on firewalls for centos seems to refer to iptables.
If I do ip route list, there seems to be a lot of rules?
Edit: Answer to questions in comments:
output of
ls -alL /sbin/iptables-rwxr-xr-x 1 root root 54200 Nov 23 2013 /sbin/iptablesI receive the following when I do iptables restart
kernel version:
2.6.32-5-vserver-amd64
contents of /lib/modules/2.6.32-5-vserver-amd64
/lib/modules/2.6.32-5-vserver-amd64
Any command that I issue with iptables (restart, stop ..) all receive the same error as pasted above.
/sbin/iptables output: iptables v1.4.7: can't initialize iptables table `filter': Permission denied (you must be root) Perhaps iptables or your kernel needs to be upgraded.output of
touch /tmp/foo; ls -la /tmp/foo-rw-r--r-- 1 root root 0 Jun 27 16:51 /tmp/foo-
TBI Infotech about 10 yearsAre you able to run service iptables restart without errors? -
girlcoder about 10 yearsI receive the following when I do iptables restart pastebin.com/VyCkZ9Mx
-
AndrewQ about 10 yearsDo you run the commands as root? Your log seems to refer to a non-root user.
-
girlcoder about 10 yearsyes I see that, I am logged in as root, I do not believe being root is the issue..
-
MadHatter about 10 yearsIf
iptables -Lreturns anything other thanbash: iptables: command not found...or other shell equivalent, you do in fact haveiptablesinstalled. Could you give us the output ofls -alL /sbin/iptables? -
girlcoder about 10 yearsoutput of ls -alL /sbin/iptables -rwxr-xr-x 1 root root 54200 Nov 23 2013 /sbin/iptables
-
TBI Infotech about 10 yearsAre you installing openVZ or something on the system?
-
girlcoder about 10 yearshave updated the question
-
Admin about 10 yearsThe iptables you have installed doesn't appear to be from any current Debian distribution.dpkg -S /sbin/iptablesto confirm it belongs to theiptablespackage, thenapt-cache policy iptablesto see if it has a known origin, anddebsums iptablesto see if it's been locally modified. -
girlcoder about 10 yearsWumpus, I am using centos yum, someone answered with the fact that it seemed I was on debian, but I have this /usr/share/kde4/apps/kdm/themes/CentOS6/centos6.xml .. basically I cannot run the commands that you suggest, but thank you
-
Admin about 10 yearsUntil a few minutes ago Debian was in the title of this question!
-
girlcoder about 10 years@Wumpus, very sorry about that, see comment from user3781593 below. They suggested it was debian, no one disagreed, so I changed the tags, but that was incorrect of me, again, I apologise.
-
slafat01 about 10 yearsI do not see where you answered AndrewQ's question... Are you running your commands as root? Your logs refer to you not being root when you run these commands, and yes.... when you try running a command that requires root, and you are running it as a non-root user, sometimes the output is that the command is not found (i.e. - to a user the command is not found, but to root, it is found). I get the same results on my Mageia Linux machine when run as a non-root user, but change to root, and I can run the commands no problem!!
-
MadHatter about 10 yearsGirlcoder, please supply the information sought. I'm asking you to run
/sbin/iptables -Land show the prompt, the command being entered, and the output. I don't believe it's going to show what you said it showed (iptables v1.4.7: no command specified). If in fact it showspermission denied, could you trytouch /tmp/foo; ls -la /tmp/fooand paste the prompt, command, and output of that into your question? -
girlcoder about 10 years@MadHatter I have put this in the question.. /sbin/iptables output:
-
MadHatter about 10 yearsYou have not shown the command being entered nor the prompt. That makes the output hard to analyse , because I don't know what you did to get it. If I take what you're saying at face value, you have produced two completely different outputs from
iptables -L, and that is, frankly, highly unlikely. -
girlcoder about 10 years@MadHatter question updated
-
Dubu about 10 yearsLooks like you're running your machine in a virtualized environment, or more specific: an operating system-level virtualized environment, like LXC, OpenVZ or Virtuozzo. (@TBIInfotech assumed something similar, I guess.) In those environments the kernel is shared between the virtual machines, and not all kernel APIs are available in VMs. I guess that's the reason why you have no permission foriptables. -
girlcoder about 10 years@Dubu, thank you, is there a way I can disable the firewall or change the rules?
-
MadHatter about 10 yearsDubu, honestly, the more we delve into this the more I'm thinking that's the answer - this is all being done on a badly-virtualised system that doesn't allow changes to be made to the iptables module (in which case, no, there's going to be no way to do it). Do you want to write that up as a full answer? I'd upvote it.
-
girlcoder about 10 yearsok, thanks everyone, it seems this is the problem. are you saying that you will write up the answer, I am not sure I would word it correctly, but I will if thats what you suggest, I will write it, if you write it I will accept the answer.
-
Dubu about 10 years@MadHatter I thought that TBIInfotech had the same idea, but he hasn't added anything in the meantime, so I wrote up an answer now.
-
-
YLW about 10 yearsAlso, the "no command specified" response is expected when no input parameter to the command "iptables", but "iptables -L" should have the output And, the "ip route list" is just providing the routing information of the system and nothing related to the iptables. -
YLW about 10 yearsOK, with a check of your kernel version - 2.6.32-5-vserver-amd64, it seem your kernel is a Debian rather than a centos 6 distribution.
-
girlcoder about 10 yearsah thanks, apologies, I have updated the question, does that change anything with regards to the issue?
-
girlcoder about 10 yearsI cannot issue any iptables commands without error. No file exists in /etc/sysconfig/iptables. the output of cat /proc/net/ip_tables_matches is pastebin.com/2n6Zj4aZ
