On 23/10/2013 12:21 a.m., Mike Cardwell wrote:
http://wiki.squid-cache.org/Features/IPv6#NAT_Interception_Proxy_.28aka_.22Transparent.22.29
"NAT simply does not exist in IPv6. By Design."
This is no longer true as of Linux 3.7 + IPTables 1.4.17.
I wanted to introduce a transparent caching web proxy on my network,
however most of my clients are dual IP stack. As it stands, if I use
Squid, whenever those clients connect to an IPv6 address instead of
an IPv4 address, they will bypass the caching proxy.
Is there a plan to make the "intercept" argument to "http_port" work
with IPv6?
P.S. Sorry if this email comes through twice. I sent it from the wrong
address last time.
Couple of things...
For starters NAT has never been "transparent proxy". NAT is the lazy
admins replacement, using the proxy IP on outbound to avoid having to
setup proper routing rules.
For the real Transparent Proxy use TPROXY interception ("TPROXY" being
an abbreviation of "transparent proxy"
TPROXY in Squid has aways supported IPv6 traffic interception. There
is no need to be waiting for NAT.
Also, TPROXY functionality has been extended slightly in Squid-3.4 to
allow non-spoofed outgoing ..... identical to NAT behaviour but without
several of the NAT-specific problems.
And finally, support for NATv6 via the new Linux 3.7 abilities and
also PF divert on some versions of BSD has been added in squid-3.4.
Amos