[Okta Webinar] Learn how to a build a cloud-first strategyRegister Now


Newbie question

Posted on 2004-03-25
Medium Priority
Last Modified: 2013-12-15
I just installed redhat9, a bit of know how of the system,

i just wanna know in squid

cache_dir ufs /var/spool/squid 100 16 256

by default its written there, what exactly this means also how can i make a change to suite my system needs.

2ndly i want to make firewall rules and when i try to use the command

iptables -A PREROUTING -p icmp -m icmp --icmp-type 8 -j DROP

or any othercommand it just returns

iptables: No chain/target/match by that name

so any help
Question by:aejaz
  • 7
  • 4

Author Comment

ID: 10676334
also /etc/sysconfig/iptables  i cant see any iptables there ,

Expert Comment

ID: 10676668
You can simply change /var/spool/squid to any other location. Then, stop squid, move /var/spool/squid to this other location and restart your squid.

I'm afraid building iptables requires much more than that. What happens here is that you tried to add a rule calling a specific module that does not exist (-m icmp).

You are trying to call a match extension which would be called ipt_icmp (once again that does not exist).

you could use the excellent fwbuilder (http://www.fwbuilder.org) if you want simpler things and a nice GUI.

Author Comment

ID: 10684274
thanks for your reply, u didnt tell me what is 100 16 256 in the following line, n shud one have to change these values according to system

cache_dir ufs /var/spool/squid 100 16 256

also is tat fwbuilder is the same as iptables ? or its a graphical form of iptables ?

Get your Disaster Recovery as a Service basics

Disaster Recovery as a Service is one go-to solution that revolutionizes DR planning. Implementing DRaaS could be an efficient process, easily accessible to non-DR experts. Learn about monitoring, testing, executing failovers and failbacks to ensure a "healthy" DR environment.


Author Comment

ID: 10685076
also i need to know the basic tutorial from scratch like from installation of iptables checking and loading appropriate module of iptables for kernel and making it run ? so i want to read alot so ne good tutorials that will giv us the step by step procedure for installation and working of iptables.

Expert Comment

ID: 10685904
100 means 100 Megs for the cache.
16 256 means create 16 level 1 directories and 256 level 2.

This means that your cache files will be split up upon 16 * 256 directories.
The need for this is quite historic (though not totally dealt up with up to now). No Unix system is very good at having tons of files in the same dir. Only trying to open a file in such a directory takes much longer than in one with fewer files.

So clever softwares that need to store lots of files "hash" their storage.

You should not need to change this unless you have an amazingly highly used squid (like for hundreds or more users).

The 100 though might be changed, but this should be largelly enough for your own use.

About iptables, yes. Unfortunately, iptables => security. And it's not so easy to improvise yourself as a security expert. It depends on what you are trying to achieve though.

There is a good tutorial on the following page :


I strongly advise for fwbuilder though. It's a nice interface a bit like the one checkpoint distributes with firewall-1. It has wizards that allow you to build up simple firewall rules. It generates your iptables script for you.


Author Comment

ID: 10693280

To run the pure basics of iptables you need to configure the following options into the kernel while doing make config or one of its related commands:

CONFIG_PACKET - This option allows applications and utilities that needs to work directly to various network devices. Examples of such utilities are tcpdump or snort.

and similarly

i just wanna know how to enable all these in redhat 9, iptable is installed, now what, when i try to read the material its easy to graps but when it says do tat with kernel and it never says how , then i m stuck. Kindly tell me the starting point from where i start my linux. For me , mastering iptable is the destination :), alsso i will gona try fwbuilder but later when there is no help on iptables.


Accepted Solution

Alf666 earned 60 total points
ID: 10694774
I'd honestly go the other way. It's much easier to grab fwbuilder, have it build your tables, and then, work on them. So that you have a base to work on/play with.

I don't know redhat 9. But I suppose that, as in most distribs, iptables is already configured as modules. So, you should not have to do all that kernel config.

If I refer to your first question, I suggest the following :

modprobe ip_tables
modprobe ip_conntrack
modprobe iptable_nat
modprobe ip_conntrack_ftp
modprobe ip_nat_ftp

iptables -P INPUT ACCEPT
iptables -P FORWARD DROP
iptables -A INPUT -p icmp --icmp-type 8 -j DROP

This will work and be a start. Then, if you want to master it, you'll have to read, and read, and read ...etc :-)

Author Comment

ID: 10782534
hi again, i just have managed to do a little bit with ip tables, :)

I just wanna know few things , after loading the modules

all the above commands are accepted at command prompt, but when i try to use this command

iptables -A PREROUTING -s xxx.xxx.xxx.xxx/yyy.yyy.yyy.yyy -p tcp -m tcp --dport 80 -j REDIRECT --to-ports 8080 where xxx is any IP and yyy is the subnet mask, it returns me the same message i.e.
iptables: No chain/target/match by that name

So it also give the same message with POSTROUTING.

also i dont wana load the modules and the commands each time the system starts, so when i type the commands i used iptables-save command to save tat, also is there ne possibility where i can store the command and execute when system startsup

Expert Comment

ID: 10782603
Once again, you have included a "-m" in your command line, thus asking to use a match module called tcp. This module does not exist.

Check the manpage of iptables, and read the chapter "MATCH EXTENSIONS".

I can give you more help if you need, but you might want to review your scoring here. 20 points with a grade of B for this work does not seem very rewarding.... Sorry, but I had to say it !

Author Comment

ID: 10789324
iptables -A PREROUTING -s xxx.xxx.xxx.xxx/yyy.yyy.yyy.yyy -p tcp -m tcp --dport 80 -j REDIRECT --to-ports 8080 where xxx is any IP and yyy is the subnet mask, it returns me the same message i.e.
iptables: No chain/target/match by that name

i find th answer and for your information n all others, "-t nat" after PREROUTING will do the job.

I wana ask you how to increase the points and this question

I typed all the iptables rules on root and afterwards used


command to commit, but when i restarted the system and used this command

iptables -L

it shows no rules. So how to make permanent changes ?

Author Comment

ID: 10790626
ok ok i got the answer myself, ;0)

so for permanent save use this

/sbin/service iptables save

tat will do the trick ... that is for all newbies


Featured Post

What does it mean to be "Always On"?

Is your cloud always on? With an Always On cloud you won't have to worry about downtime for maintenance or software application code updates, ensuring that your bottom line isn't affected.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

SSH (Secure Shell) - Tips and Tricks As you all know SSH(Secure Shell) is a network protocol, which we use to access/transfer files securely between two networked devices. SSH was actually designed as a replacement for insecure protocols that sen…
I have written articles previously comparing SARDU and YUMI.  I also included a couple of lines about Easy2boot (easy2boot.com).  I have now been using, and enjoying easy2boot as my sole multiboot utility for some years and realize that it deserves …
Learn several ways to interact with files and get file information from the bash shell. ls lists the contents of a directory: Using the -a flag displays hidden files: Using the -l flag formats the output in a long list: The file command gives us mor…
Learn how to navigate the file tree with the shell. Use pwd to print the current working directory: Use ls to list a directory's contents: Use cd to change to a new directory: Use wildcards instead of typing out long directory names: Use ../ to move…
Suggested Courses
Course of the Month19 days, 11 hours left to enroll

872 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question