Search squid archive

Re: IPv6 + Intercept proxy

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On 23/10/2013 12:21 a.m., Mike Cardwell wrote:
http://wiki.squid-cache.org/Features/IPv6#NAT_Interception_Proxy_.28aka_.22Transparent.22.29

"NAT simply does not exist in IPv6. By Design."

This is no longer true as of Linux 3.7 + IPTables 1.4.17.

I wanted to introduce a transparent caching web proxy on my network,
however most of my clients are dual IP stack. As it stands, if I use
Squid, whenever those clients connect to an IPv6 address instead of
an IPv4 address, they will bypass the caching proxy.

Is there a plan to make the "intercept" argument to "http_port" work
with IPv6?

P.S. Sorry if this email comes through twice. I sent it from the wrong
address last time.

Couple of things...

For starters NAT has never been "transparent proxy". NAT is the lazy admins replacement, using the proxy IP on outbound to avoid having to setup proper routing rules. For the real Transparent Proxy use TPROXY interception ("TPROXY" being an abbreviation of "transparent proxy"

TPROXY in Squid has aways supported IPv6 traffic interception. There is no need to be waiting for NAT.

Also, TPROXY functionality has been extended slightly in Squid-3.4 to allow non-spoofed outgoing ..... identical to NAT behaviour but without several of the NAT-specific problems.

And finally, support for NATv6 via the new Linux 3.7 abilities and also PF divert on some versions of BSD has been added in squid-3.4.


Amos




[Index of Archives]     [Linux Audio Users]     [Samba]     [Big List of Linux Books]     [Linux USB]     [Yosemite News]

  Powered by Linux