Want to win a PS4? Go Premium and enter to win our High-Tech Treats giveaway. Enter to Win


Newbie question

Posted on 2004-03-25
Medium Priority
Last Modified: 2013-12-15
I just installed redhat9, a bit of know how of the system,

i just wanna know in squid

cache_dir ufs /var/spool/squid 100 16 256

by default its written there, what exactly this means also how can i make a change to suite my system needs.

2ndly i want to make firewall rules and when i try to use the command

iptables -A PREROUTING -p icmp -m icmp --icmp-type 8 -j DROP

or any othercommand it just returns

iptables: No chain/target/match by that name

so any help
Question by:aejaz
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 7
  • 4

Author Comment

ID: 10676334
also /etc/sysconfig/iptables  i cant see any iptables there ,

Expert Comment

ID: 10676668
You can simply change /var/spool/squid to any other location. Then, stop squid, move /var/spool/squid to this other location and restart your squid.

I'm afraid building iptables requires much more than that. What happens here is that you tried to add a rule calling a specific module that does not exist (-m icmp).

You are trying to call a match extension which would be called ipt_icmp (once again that does not exist).

you could use the excellent fwbuilder (http://www.fwbuilder.org) if you want simpler things and a nice GUI.

Author Comment

ID: 10684274
thanks for your reply, u didnt tell me what is 100 16 256 in the following line, n shud one have to change these values according to system

cache_dir ufs /var/spool/squid 100 16 256

also is tat fwbuilder is the same as iptables ? or its a graphical form of iptables ?


Modern healthcare requires a modern cloud. View this brief video to understand how the Concerto Cloud for Healthcare can help your organization.


Author Comment

ID: 10685076
also i need to know the basic tutorial from scratch like from installation of iptables checking and loading appropriate module of iptables for kernel and making it run ? so i want to read alot so ne good tutorials that will giv us the step by step procedure for installation and working of iptables.

Expert Comment

ID: 10685904
100 means 100 Megs for the cache.
16 256 means create 16 level 1 directories and 256 level 2.

This means that your cache files will be split up upon 16 * 256 directories.
The need for this is quite historic (though not totally dealt up with up to now). No Unix system is very good at having tons of files in the same dir. Only trying to open a file in such a directory takes much longer than in one with fewer files.

So clever softwares that need to store lots of files "hash" their storage.

You should not need to change this unless you have an amazingly highly used squid (like for hundreds or more users).

The 100 though might be changed, but this should be largelly enough for your own use.

About iptables, yes. Unfortunately, iptables => security. And it's not so easy to improvise yourself as a security expert. It depends on what you are trying to achieve though.

There is a good tutorial on the following page :


I strongly advise for fwbuilder though. It's a nice interface a bit like the one checkpoint distributes with firewall-1. It has wizards that allow you to build up simple firewall rules. It generates your iptables script for you.


Author Comment

ID: 10693280

To run the pure basics of iptables you need to configure the following options into the kernel while doing make config or one of its related commands:

CONFIG_PACKET - This option allows applications and utilities that needs to work directly to various network devices. Examples of such utilities are tcpdump or snort.

and similarly

i just wanna know how to enable all these in redhat 9, iptable is installed, now what, when i try to read the material its easy to graps but when it says do tat with kernel and it never says how , then i m stuck. Kindly tell me the starting point from where i start my linux. For me , mastering iptable is the destination :), alsso i will gona try fwbuilder but later when there is no help on iptables.


Accepted Solution

Alf666 earned 60 total points
ID: 10694774
I'd honestly go the other way. It's much easier to grab fwbuilder, have it build your tables, and then, work on them. So that you have a base to work on/play with.

I don't know redhat 9. But I suppose that, as in most distribs, iptables is already configured as modules. So, you should not have to do all that kernel config.

If I refer to your first question, I suggest the following :

modprobe ip_tables
modprobe ip_conntrack
modprobe iptable_nat
modprobe ip_conntrack_ftp
modprobe ip_nat_ftp

iptables -P INPUT ACCEPT
iptables -P FORWARD DROP
iptables -A INPUT -p icmp --icmp-type 8 -j DROP

This will work and be a start. Then, if you want to master it, you'll have to read, and read, and read ...etc :-)

Author Comment

ID: 10782534
hi again, i just have managed to do a little bit with ip tables, :)

I just wanna know few things , after loading the modules

all the above commands are accepted at command prompt, but when i try to use this command

iptables -A PREROUTING -s xxx.xxx.xxx.xxx/yyy.yyy.yyy.yyy -p tcp -m tcp --dport 80 -j REDIRECT --to-ports 8080 where xxx is any IP and yyy is the subnet mask, it returns me the same message i.e.
iptables: No chain/target/match by that name

So it also give the same message with POSTROUTING.

also i dont wana load the modules and the commands each time the system starts, so when i type the commands i used iptables-save command to save tat, also is there ne possibility where i can store the command and execute when system startsup

Expert Comment

ID: 10782603
Once again, you have included a "-m" in your command line, thus asking to use a match module called tcp. This module does not exist.

Check the manpage of iptables, and read the chapter "MATCH EXTENSIONS".

I can give you more help if you need, but you might want to review your scoring here. 20 points with a grade of B for this work does not seem very rewarding.... Sorry, but I had to say it !

Author Comment

ID: 10789324
iptables -A PREROUTING -s xxx.xxx.xxx.xxx/yyy.yyy.yyy.yyy -p tcp -m tcp --dport 80 -j REDIRECT --to-ports 8080 where xxx is any IP and yyy is the subnet mask, it returns me the same message i.e.
iptables: No chain/target/match by that name

i find th answer and for your information n all others, "-t nat" after PREROUTING will do the job.

I wana ask you how to increase the points and this question

I typed all the iptables rules on root and afterwards used


command to commit, but when i restarted the system and used this command

iptables -L

it shows no rules. So how to make permanent changes ?

Author Comment

ID: 10790626
ok ok i got the answer myself, ;0)

so for permanent save use this

/sbin/service iptables save

tat will do the trick ... that is for all newbies


Featured Post

Free Backup Tool for VMware and Hyper-V

Restore full virtual machine or individual guest files from 19 common file systems directly from the backup file. Schedule VM backups with PowerShell scripts. Set desired time, lean back and let the script to notify you via email upon completion.  

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

If you have a server on collocation with the super-fast CPU, that doesn't mean that you get it running at full power. Here is a preamble. When doing inventory of Linux servers, that I'm administering, I've found that some of them are running on l…
Setting up Secure Ubuntu server on VMware 1.      Insert the Ubuntu Server distribution CD or attach the ISO of the CD which is in the “Datastore”. Note that it is important to install the x64 edition on servers, not the X86 editions. 2.      Power on th…
Learn how to find files with the shell using the find and locate commands. Use locate to find a needle in a haystack.: With locate, check if the file still exists.: Use find to get the actual location of the file.:
Connecting to an Amazon Linux EC2 Instance from Windows Using PuTTY.
Suggested Courses

610 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question