Newbie question

Posted on 2004-03-25
Medium Priority
Last Modified: 2013-12-15
I just installed redhat9, a bit of know how of the system,

i just wanna know in squid

cache_dir ufs /var/spool/squid 100 16 256

by default its written there, what exactly this means also how can i make a change to suite my system needs.

2ndly i want to make firewall rules and when i try to use the command

iptables -A PREROUTING -p icmp -m icmp --icmp-type 8 -j DROP

or any othercommand it just returns

iptables: No chain/target/match by that name

so any help
Question by:aejaz
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 7
  • 4

Author Comment

ID: 10676334
also /etc/sysconfig/iptables  i cant see any iptables there ,

Expert Comment

ID: 10676668
You can simply change /var/spool/squid to any other location. Then, stop squid, move /var/spool/squid to this other location and restart your squid.

I'm afraid building iptables requires much more than that. What happens here is that you tried to add a rule calling a specific module that does not exist (-m icmp).

You are trying to call a match extension which would be called ipt_icmp (once again that does not exist).

you could use the excellent fwbuilder (http://www.fwbuilder.org) if you want simpler things and a nice GUI.

Author Comment

ID: 10684274
thanks for your reply, u didnt tell me what is 100 16 256 in the following line, n shud one have to change these values according to system

cache_dir ufs /var/spool/squid 100 16 256

also is tat fwbuilder is the same as iptables ? or its a graphical form of iptables ?

Get MySQL database support online, now!

At Percona’s web store you can order your MySQL database support needs in minutes. No hassles, no fuss, just pick and click. Pay online with a credit card.


Author Comment

ID: 10685076
also i need to know the basic tutorial from scratch like from installation of iptables checking and loading appropriate module of iptables for kernel and making it run ? so i want to read alot so ne good tutorials that will giv us the step by step procedure for installation and working of iptables.

Expert Comment

ID: 10685904
100 means 100 Megs for the cache.
16 256 means create 16 level 1 directories and 256 level 2.

This means that your cache files will be split up upon 16 * 256 directories.
The need for this is quite historic (though not totally dealt up with up to now). No Unix system is very good at having tons of files in the same dir. Only trying to open a file in such a directory takes much longer than in one with fewer files.

So clever softwares that need to store lots of files "hash" their storage.

You should not need to change this unless you have an amazingly highly used squid (like for hundreds or more users).

The 100 though might be changed, but this should be largelly enough for your own use.

About iptables, yes. Unfortunately, iptables => security. And it's not so easy to improvise yourself as a security expert. It depends on what you are trying to achieve though.

There is a good tutorial on the following page :


I strongly advise for fwbuilder though. It's a nice interface a bit like the one checkpoint distributes with firewall-1. It has wizards that allow you to build up simple firewall rules. It generates your iptables script for you.


Author Comment

ID: 10693280

To run the pure basics of iptables you need to configure the following options into the kernel while doing make config or one of its related commands:

CONFIG_PACKET - This option allows applications and utilities that needs to work directly to various network devices. Examples of such utilities are tcpdump or snort.

and similarly

i just wanna know how to enable all these in redhat 9, iptable is installed, now what, when i try to read the material its easy to graps but when it says do tat with kernel and it never says how , then i m stuck. Kindly tell me the starting point from where i start my linux. For me , mastering iptable is the destination :), alsso i will gona try fwbuilder but later when there is no help on iptables.


Accepted Solution

Alf666 earned 60 total points
ID: 10694774
I'd honestly go the other way. It's much easier to grab fwbuilder, have it build your tables, and then, work on them. So that you have a base to work on/play with.

I don't know redhat 9. But I suppose that, as in most distribs, iptables is already configured as modules. So, you should not have to do all that kernel config.

If I refer to your first question, I suggest the following :

modprobe ip_tables
modprobe ip_conntrack
modprobe iptable_nat
modprobe ip_conntrack_ftp
modprobe ip_nat_ftp

iptables -P INPUT ACCEPT
iptables -P FORWARD DROP
iptables -A INPUT -p icmp --icmp-type 8 -j DROP

This will work and be a start. Then, if you want to master it, you'll have to read, and read, and read ...etc :-)

Author Comment

ID: 10782534
hi again, i just have managed to do a little bit with ip tables, :)

I just wanna know few things , after loading the modules

all the above commands are accepted at command prompt, but when i try to use this command

iptables -A PREROUTING -s xxx.xxx.xxx.xxx/yyy.yyy.yyy.yyy -p tcp -m tcp --dport 80 -j REDIRECT --to-ports 8080 where xxx is any IP and yyy is the subnet mask, it returns me the same message i.e.
iptables: No chain/target/match by that name

So it also give the same message with POSTROUTING.

also i dont wana load the modules and the commands each time the system starts, so when i type the commands i used iptables-save command to save tat, also is there ne possibility where i can store the command and execute when system startsup

Expert Comment

ID: 10782603
Once again, you have included a "-m" in your command line, thus asking to use a match module called tcp. This module does not exist.

Check the manpage of iptables, and read the chapter "MATCH EXTENSIONS".

I can give you more help if you need, but you might want to review your scoring here. 20 points with a grade of B for this work does not seem very rewarding.... Sorry, but I had to say it !

Author Comment

ID: 10789324
iptables -A PREROUTING -s xxx.xxx.xxx.xxx/yyy.yyy.yyy.yyy -p tcp -m tcp --dport 80 -j REDIRECT --to-ports 8080 where xxx is any IP and yyy is the subnet mask, it returns me the same message i.e.
iptables: No chain/target/match by that name

i find th answer and for your information n all others, "-t nat" after PREROUTING will do the job.

I wana ask you how to increase the points and this question

I typed all the iptables rules on root and afterwards used


command to commit, but when i restarted the system and used this command

iptables -L

it shows no rules. So how to make permanent changes ?

Author Comment

ID: 10790626
ok ok i got the answer myself, ;0)

so for permanent save use this

/sbin/service iptables save

tat will do the trick ... that is for all newbies


Featured Post

Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Network Interface Card (NIC) bonding, also known as link aggregation, NIC teaming and trunking, is an important concept to understand and implement in any environment where high availability is of concern. Using this feature, a server administrator …
How many times have you wanted to quickly do the same thing to a list but found yourself typing it again and again? I first figured out a small time saver with the up arrow to recall the last command but that can only get you so far if you have a bi…
Learn how to get help with Linux/Unix bash shell commands. Use help to read help documents for built in bash shell commands.: Use man to interface with the online reference manuals for shell commands.: Use man to search man pages for unknown command…
Learn how to navigate the file tree with the shell. Use pwd to print the current working directory: Use ls to list a directory's contents: Use cd to change to a new directory: Use wildcards instead of typing out long directory names: Use ../ to move…
Suggested Courses
Course of the Month10 days, 14 hours left to enroll

765 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question