Newbie question

Posted on 2004-03-25
Last Modified: 2013-12-15
I just installed redhat9, a bit of know how of the system,

i just wanna know in squid

cache_dir ufs /var/spool/squid 100 16 256

by default its written there, what exactly this means also how can i make a change to suite my system needs.

2ndly i want to make firewall rules and when i try to use the command

iptables -A PREROUTING -p icmp -m icmp --icmp-type 8 -j DROP

or any othercommand it just returns

iptables: No chain/target/match by that name

so any help
Question by:aejaz
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 7
  • 4

Author Comment

ID: 10676334
also /etc/sysconfig/iptables  i cant see any iptables there ,

Expert Comment

ID: 10676668
You can simply change /var/spool/squid to any other location. Then, stop squid, move /var/spool/squid to this other location and restart your squid.

I'm afraid building iptables requires much more than that. What happens here is that you tried to add a rule calling a specific module that does not exist (-m icmp).

You are trying to call a match extension which would be called ipt_icmp (once again that does not exist).

you could use the excellent fwbuilder ( if you want simpler things and a nice GUI.

Author Comment

ID: 10684274
thanks for your reply, u didnt tell me what is 100 16 256 in the following line, n shud one have to change these values according to system

cache_dir ufs /var/spool/squid 100 16 256

also is tat fwbuilder is the same as iptables ? or its a graphical form of iptables ?

Visualize your virtual and backup environments

Create well-organized and polished visualizations of your virtual and backup environments when planning VMware vSphere, Microsoft Hyper-V or Veeam deployments. It helps you to gain better visibility and valuable business insights.


Author Comment

ID: 10685076
also i need to know the basic tutorial from scratch like from installation of iptables checking and loading appropriate module of iptables for kernel and making it run ? so i want to read alot so ne good tutorials that will giv us the step by step procedure for installation and working of iptables.

Expert Comment

ID: 10685904
100 means 100 Megs for the cache.
16 256 means create 16 level 1 directories and 256 level 2.

This means that your cache files will be split up upon 16 * 256 directories.
The need for this is quite historic (though not totally dealt up with up to now). No Unix system is very good at having tons of files in the same dir. Only trying to open a file in such a directory takes much longer than in one with fewer files.

So clever softwares that need to store lots of files "hash" their storage.

You should not need to change this unless you have an amazingly highly used squid (like for hundreds or more users).

The 100 though might be changed, but this should be largelly enough for your own use.

About iptables, yes. Unfortunately, iptables => security. And it's not so easy to improvise yourself as a security expert. It depends on what you are trying to achieve though.

There is a good tutorial on the following page :

I strongly advise for fwbuilder though. It's a nice interface a bit like the one checkpoint distributes with firewall-1. It has wizards that allow you to build up simple firewall rules. It generates your iptables script for you.


Author Comment

ID: 10693280

To run the pure basics of iptables you need to configure the following options into the kernel while doing make config or one of its related commands:

CONFIG_PACKET - This option allows applications and utilities that needs to work directly to various network devices. Examples of such utilities are tcpdump or snort.

and similarly

i just wanna know how to enable all these in redhat 9, iptable is installed, now what, when i try to read the material its easy to graps but when it says do tat with kernel and it never says how , then i m stuck. Kindly tell me the starting point from where i start my linux. For me , mastering iptable is the destination :), alsso i will gona try fwbuilder but later when there is no help on iptables.


Accepted Solution

Alf666 earned 20 total points
ID: 10694774
I'd honestly go the other way. It's much easier to grab fwbuilder, have it build your tables, and then, work on them. So that you have a base to work on/play with.

I don't know redhat 9. But I suppose that, as in most distribs, iptables is already configured as modules. So, you should not have to do all that kernel config.

If I refer to your first question, I suggest the following :

modprobe ip_tables
modprobe ip_conntrack
modprobe iptable_nat
modprobe ip_conntrack_ftp
modprobe ip_nat_ftp

iptables -P INPUT ACCEPT
iptables -P FORWARD DROP
iptables -A INPUT -p icmp --icmp-type 8 -j DROP

This will work and be a start. Then, if you want to master it, you'll have to read, and read, and read ...etc :-)

Author Comment

ID: 10782534
hi again, i just have managed to do a little bit with ip tables, :)

I just wanna know few things , after loading the modules

all the above commands are accepted at command prompt, but when i try to use this command

iptables -A PREROUTING -s -p tcp -m tcp --dport 80 -j REDIRECT --to-ports 8080 where xxx is any IP and yyy is the subnet mask, it returns me the same message i.e.
iptables: No chain/target/match by that name

So it also give the same message with POSTROUTING.

also i dont wana load the modules and the commands each time the system starts, so when i type the commands i used iptables-save command to save tat, also is there ne possibility where i can store the command and execute when system startsup

Expert Comment

ID: 10782603
Once again, you have included a "-m" in your command line, thus asking to use a match module called tcp. This module does not exist.

Check the manpage of iptables, and read the chapter "MATCH EXTENSIONS".

I can give you more help if you need, but you might want to review your scoring here. 20 points with a grade of B for this work does not seem very rewarding.... Sorry, but I had to say it !

Author Comment

ID: 10789324
iptables -A PREROUTING -s -p tcp -m tcp --dport 80 -j REDIRECT --to-ports 8080 where xxx is any IP and yyy is the subnet mask, it returns me the same message i.e.
iptables: No chain/target/match by that name

i find th answer and for your information n all others, "-t nat" after PREROUTING will do the job.

I wana ask you how to increase the points and this question

I typed all the iptables rules on root and afterwards used


command to commit, but when i restarted the system and used this command

iptables -L

it shows no rules. So how to make permanent changes ?

Author Comment

ID: 10790626
ok ok i got the answer myself, ;0)

so for permanent save use this

/sbin/service iptables save

tat will do the trick ... that is for all newbies


Featured Post

Free Tool: Site Down Detector

Helpful to verify reports of your own downtime, or to double check a downed website you are trying to access.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Network Interface Card (NIC) bonding, also known as link aggregation, NIC teaming and trunking, is an important concept to understand and implement in any environment where high availability is of concern. Using this feature, a server administrator …
Over the last ten+ years I have seen Linux configuration tools come and go. In the early days there was the tried-and-true, all-powerful linuxconf that many thought would remain the one and only Linux configuration tool until the end of times. Well,…
This demo shows you how to set up the containerized NetScaler CPX with NetScaler Management and Analytics System in a non-routable Mesos/Marathon environment for use with Micro-Services applications.
How to Install VMware Tools in Red Hat Enterprise Linux 6.4 (RHEL 6.4) Step-by-Step Tutorial

728 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question