[vox-tech] Overwhelmed with squid install on CentOS 5
Brian Lavender
brian at brie.com
Thu Nov 1 00:45:24 PDT 2012
You don't have any chains (I believe this is the correct term) defined,
so that is why you get the error. With the way you have your server
configured, you don't have to add any rule. By the default nature,
your machine will accept traffic for input, forward, or output.
If you go into setup and turn on IP tables and tell it to allow just
specific ports, then it will probably create the chain to which you can
add the rule.
I believe the command is actually called "setup" and there is a firewall
configuration. If not, do the following to install it.
yum install system-config
brian
On Wed, Oct 31, 2012 at 11:58:23PM -0500, spencer at pageweavers.com wrote:
> Actually, for this server the rules are very simplistic:
>
> # iptables -L
> Chain INPUT (policy ACCEPT)
> target prot opt source destination
>
> Chain FORWARD (policy ACCEPT)
> target prot opt source destination
>
> Chain OUTPUT (policy ACCEPT)
> target prot opt source destination
>
> Which makes me think I should add a chain(?)
>
> -- Dave
>
> Quoting Brian Lavender <brian at brie.com>:
>
> > Dave,
> >
> > It should add to an existing chain. You will probably notice in your firewall
> > rules that it creates a series of chains.
> >
> > brian
> >
> > On Wed, Oct 31, 2012 at 11:24:37PM -0500, spencer at pageweavers.com wrote:
> >> Good tip Brian. I've been doing a little reading this evening about
> >> iptables and I'm starting to feel like I get it. So if I created a
> >> chain called RH-Firewall-1-INPUT (or something more useful) and then
> >> tried to restart iptables I'd probably have success.
> >>
> >> -- Dave
> >>
> >> Quoting Brian Lavender <brian at brie.com>:
> >>
> >> > On Wed, Oct 31, 2012 at 04:20:43PM -0700, Ryan Northrup wrote:
> >> >> Dave,
> >> >>
> >> >> Normally (as far as I'm aware), this would be done with the "iptables"
> >> >> command, adding that whole string as its arguments:
> >> >
> >> > RedHat does run the command using the iptables command. But, you
> >> > could certainly
> >> > run it from the command line as a good test. Do an
> >> >
> >> > iptables -L
> >> >
> >> > to see your rules. You should have a RH-Firewall-1-INPUT chain.
> >> If you don't
> >> > then that would be a problem.
> >> >
> >> >>
> >> >> # iptables -A RH-Firewall-1-INPUT -m state --state
> >> >> NEW,ESTABLISHED,RELATED -m tcp -p tcp --dport 3128 -j ACCEPT
> >> >>
> >> >> Try running that in a terminal as root.
> >> >>
> >> >> - Ryan
> >> >> On Wed, Oct 31, 2012 at 4:01 PM, David Spencer
> >> >> <[1]spencer at pageweavers.com> wrote:
> >> >>
> >> >> I'm trying to install squid on one of my CentOS 5 servers. To do
> >> >> this, I found a number of cookbook pages using google. Many of them
> >> >> looked like this one:
> >> >> [2]http://www.baremetalcloud.com/index.php/en/homepage/105-english/m
> >> >> bcdocumentation/how-to/108-installing-squid-proxy-server-on-centos
> >> >> Installing squid was easy enough. When I got to the last part about
> >> >> updating the iptables file "/etc/sysconfig/iptables" with this:
> >> >> -A RH-Firewall-1-INPUT -m state --state NEW,ESTABLISHED,RELATED -m
> >> >> tcp -p tcp --dport 3128 -j ACCEPT
> >> >> that was easy because that file was empty. However, when I tried to
> >> >> restart iptables I got an error:
> >> >> Applying iptables firewall rules: iptables-restore: line 1 failed
> >> >> [FAILED]
> >> >> There's too many moving parts here. Do I have a syntax error in the
> >> >> iptables command or is there something else I just missed because it
> >> >> wasn't in the cookbook. Any guidance is appreciated.
> >> >> -- Dave Spencer
> >> >> _______________________________________________
> >> >> vox-tech mailing list
> >> >> [3]vox-tech at lists.lugod.org
> >> >> [4]http://lists.lugod.org/mailman/listinfo/vox-tech
> >> >>
> >> >> References
> >> >>
> >> >> 1. mailto:spencer at pageweavers.com
> >> >> 2.
> >> >>
> >> http://www.baremetalcloud.com/index.php/en/homepage/105-english/mbcdocumentation/how-to/108-installing-squid-proxy-server-on-centos
> >> >> 3. mailto:vox-tech at lists.lugod.org
> >> >> 4. http://lists.lugod.org/mailman/listinfo/vox-tech
> >> >
> >> >> _______________________________________________
> >> >> vox-tech mailing list
> >> >> vox-tech at lists.lugod.org
> >> >> http://lists.lugod.org/mailman/listinfo/vox-tech
> >> >
> >> >
> >> > --
> >> > Brian Lavender
> >> > http://www.brie.com/brian/
> >> >
> >> > "There are two ways of constructing a software design. One way is to
> >> > make it so simple that there are obviously no deficiencies. And the other
> >> > way is to make it so complicated that there are no obvious deficiencies."
> >> >
> >> > Professor C. A. R. Hoare
> >> > The 1980 Turing award lecture
> >> > _______________________________________________
> >> > vox-tech mailing list
> >> > vox-tech at lists.lugod.org
> >> > http://lists.lugod.org/mailman/listinfo/vox-tech
> >> >
> >>
> >> _______________________________________________
> >> vox-tech mailing list
> >> vox-tech at lists.lugod.org
> >> http://lists.lugod.org/mailman/listinfo/vox-tech
> >
> > --
> > Brian Lavender
> > http://www.brie.com/brian/
> >
> > "There are two ways of constructing a software design. One way is to
> > make it so simple that there are obviously no deficiencies. And the other
> > way is to make it so complicated that there are no obvious deficiencies."
> >
> > Professor C. A. R. Hoare
> > The 1980 Turing award lecture
> > _______________________________________________
> > vox-tech mailing list
> > vox-tech at lists.lugod.org
> > http://lists.lugod.org/mailman/listinfo/vox-tech
> >
>
> _______________________________________________
> vox-tech mailing list
> vox-tech at lists.lugod.org
> http://lists.lugod.org/mailman/listinfo/vox-tech
--
Brian Lavender
http://www.brie.com/brian/
"There are two ways of constructing a software design. One way is to
make it so simple that there are obviously no deficiencies. And the other
way is to make it so complicated that there are no obvious deficiencies."
Professor C. A. R. Hoare
The 1980 Turing award lecture
More information about the vox-tech
mailing list