[vox-tech] Overwhelmed with squid install on CentOS 5

spencer at pageweavers.com spencer at pageweavers.com
Wed Oct 31 21:58:23 PDT 2012


Actually, for this server the rules are very simplistic:

# iptables -L
Chain INPUT (policy ACCEPT)
target     prot opt source               destination

Chain FORWARD (policy ACCEPT)
target     prot opt source               destination

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination

Which makes me think I should add a chain(?)

-- Dave

Quoting Brian Lavender <brian at brie.com>:

> Dave,
>
> It should add to an existing chain. You will probably notice in your firewall
> rules that it creates a series of chains.
>
> brian
>
> On Wed, Oct 31, 2012 at 11:24:37PM -0500, spencer at pageweavers.com wrote:
>> Good tip Brian. I've been doing a little reading this evening about
>> iptables and I'm starting to feel like I get it. So if I created a
>> chain called RH-Firewall-1-INPUT (or something more useful) and then
>> tried to restart iptables I'd probably have success.
>>
>> -- Dave
>>
>> Quoting Brian Lavender <brian at brie.com>:
>>
>> > On Wed, Oct 31, 2012 at 04:20:43PM -0700, Ryan Northrup wrote:
>> >>    Dave,
>> >>
>> >>    Normally (as far as I'm aware), this would be done with the "iptables"
>> >>    command, adding that whole string as its arguments:
>> >
>> > RedHat does run the command using the iptables command. But, you
>> > could certainly
>> > run it from the command line as a good test. Do an
>> >
>> > iptables -L
>> >
>> > to see your rules. You should have a RH-Firewall-1-INPUT chain.  
>> If you don't
>> > then that would be a problem.
>> >
>> >>
>> >>    # iptables -A RH-Firewall-1-INPUT -m state --state
>> >>    NEW,ESTABLISHED,RELATED -m tcp -p tcp --dport 3128 -j ACCEPT
>> >>
>> >>    Try running that in a terminal as root.
>> >>
>> >>    - Ryan
>> >>    On Wed, Oct 31, 2012 at 4:01 PM, David Spencer
>> >>    <[1]spencer at pageweavers.com> wrote:
>> >>
>> >>      I'm trying to install squid on one of my CentOS 5 servers. To do
>> >>      this, I found a number of cookbook pages using google. Many of them
>> >>      looked like this one:
>> >>      [2]http://www.baremetalcloud.com/index.php/en/homepage/105-english/m
>> >>      bcdocumentation/how-to/108-installing-squid-proxy-server-on-centos
>> >>      Installing squid was easy enough. When I got to the last part about
>> >>      updating the iptables file "/etc/sysconfig/iptables" with this:
>> >>      -A RH-Firewall-1-INPUT -m state --state NEW,ESTABLISHED,RELATED -m
>> >>      tcp -p tcp --dport 3128 -j ACCEPT
>> >>      that was easy because that file was empty. However, when I tried to
>> >>      restart iptables I got an error:
>> >>      Applying iptables firewall rules: iptables-restore: line 1 failed
>> >>      [FAILED]
>> >>      There's too many moving parts here. Do I have a syntax error in the
>> >>      iptables command or is there something else I just missed because it
>> >>      wasn't in the cookbook. Any guidance is appreciated.
>> >>      -- Dave Spencer
>> >>      _______________________________________________
>> >>      vox-tech mailing list
>> >>      [3]vox-tech at lists.lugod.org
>> >>      [4]http://lists.lugod.org/mailman/listinfo/vox-tech
>> >>
>> >> References
>> >>
>> >>    1. mailto:spencer at pageweavers.com
>> >>    2.
>> >>  
>> http://www.baremetalcloud.com/index.php/en/homepage/105-english/mbcdocumentation/how-to/108-installing-squid-proxy-server-on-centos
>> >>    3. mailto:vox-tech at lists.lugod.org
>> >>    4. http://lists.lugod.org/mailman/listinfo/vox-tech
>> >
>> >> _______________________________________________
>> >> vox-tech mailing list
>> >> vox-tech at lists.lugod.org
>> >> http://lists.lugod.org/mailman/listinfo/vox-tech
>> >
>> >
>> > --
>> > Brian Lavender
>> > http://www.brie.com/brian/
>> >
>> > "There are two ways of constructing a software design. One way is to
>> > make it so simple that there are obviously no deficiencies. And the other
>> > way is to make it so complicated that there are no obvious deficiencies."
>> >
>> > Professor C. A. R. Hoare
>> > The 1980 Turing award lecture
>> > _______________________________________________
>> > vox-tech mailing list
>> > vox-tech at lists.lugod.org
>> > http://lists.lugod.org/mailman/listinfo/vox-tech
>> >
>>
>> _______________________________________________
>> vox-tech mailing list
>> vox-tech at lists.lugod.org
>> http://lists.lugod.org/mailman/listinfo/vox-tech
>
> --
> Brian Lavender
> http://www.brie.com/brian/
>
> "There are two ways of constructing a software design. One way is to
> make it so simple that there are obviously no deficiencies. And the other
> way is to make it so complicated that there are no obvious deficiencies."
>
> Professor C. A. R. Hoare
> The 1980 Turing award lecture
> _______________________________________________
> vox-tech mailing list
> vox-tech at lists.lugod.org
> http://lists.lugod.org/mailman/listinfo/vox-tech
>



More information about the vox-tech mailing list