On 3/11/2015 10:36 p.m., Robert Conlustro wrote: > I want to do it because I want to know if it’s possible. If I can > manage a squid server with an IPv4 address that runs an IPv6 service. > Knowledge for the future, let’s call it, an experiment. > Um. Running an IPv6 service requires support for IPv4. IPv6 is still in transitional period. Right now I see you compaining about how well Squid does the gateway translation of IPv4-only websites into IPv6 for your clients. And by implication the vice-versa. Squid obeys BCP 177. When either one or both of IPv6 or IPv4 connectivity is available they will be used to access the relevant IP space(s). With a preference for IPv6 (configurable) if both are available to the remote server. Neither protocol by itself is required for correct operation of the proxy. Due to a number of network admin previously screwing up their networks IPv6 in a number of nasty ways we provide --disable-ipv6 build option to force Squid to use IPv4-only as a temporary workaround. That is disappearing as admin fix their networks, and will be removed once the IPv6 transition is sufficiently advanced. There is no need for a matching IPv4 option. If you want to experiment with IPv6-only network conditions. Do so properly with an IPv6-only network or machine. But don't be surprised when IPv4 connectivity is not available from an IPv6-only machine. Squid does not perform magic. > I would rather not use IP tables, I want to use squid. What I mean > was that I made the main server IPv4 address into a tcp outgoing > address in squid and then tried to block access to it and it didn’t > work. And what I said was that you did it wrong. Then provided a way that does work. If you don't want to use the way that works, so be it. You need to understand the problem: * Squid is not connecting *from* anything. It is connecting *to* an IPv4-enabled server. Enjoy the denials: acl to_ipv4 dst ipv4 http_access deny to_ipv4 * The OS *outside* of Squid is deciding what src-IP to use on the TCP packets. All Squid can do is tell it to use another of the machines IPs: tcp_outgoing_address 127.0.0.1 all > > Is it possible to do a redirect of all http/https traffic directed to > the main IPv4 address of the server? This would also work. For > example if someone tried to visit an IPv4 only site it would redirect > them back to a different site so trying to use the IPv4 address would > be useless. If you can define what criteria in the client-to-Squid connection or messages will work to do the rediret. Then Squid can do that. There is no way *within* Squid to separate IPv4-only from merely IPv4-enabled servers. That can only be done externally by the OS preventing IPv4 connections. Which is why the to_ipv4 ACL above denies dual-stack domains as well as ipv4-only. Amos _______________________________________________ squid-users mailing list squid-users@xxxxxxxxxxxxxxxxxxxxx http://lists.squid-cache.org/listinfo/squid-users
