On 4/05/2016 3:22 p.m., Tory M Blue wrote: > On Tue, May 3, 2016 at 5:58 PM, Amos Jeffries <squid3@xxxxxxxxxxxxx> wrote: >> On 4/05/2016 11:12 a.m., Tory M Blue wrote: >>> My configs have always consisted of http_port 80 accel vhost.. With >>> the latest 3.5.17 (I guess) if you don't list 0.0.0.0:80 squid won't >>> even attempt to listen, talk on ivp4.. >>> >>> So adding 0.0.0.0:80 allows it to at least talk via ipv4. >>> >>> This seems wrong, odd. >>> >>> I understand you are removing methods to disable ipv6, however forcing >>> folks to us only ipv6 seems like a stretch :) >>> >>> Thanks >>> Tory >>> >>> CentOS 7 >>> squid-3.5.17-1.el7.centos.x86_64 >> >> >> What is Squid saying on startup about the stack type detected? >> (may have to set debug_options 3,2) >> >> Linux has a hybrid TCP stack. Which means IPv6 ports can receive IPv4 >> traffic unless you change something. Have you got any custom config in >> your TCP/IP settings that might have changed the stacks v4-mapping >> behaviour? >> >> Amos >> > > Hey Amos > > Other than disabling ipv6, there are no other tweaks. Um. "disabling ipv6" is not possible in any Linux or BSD based OS. All the tutorials and advice that claim to mention ways to do so are actually just screwing up the internal TCP stack state so the IPv6 fails on various ways. I think what is going on is that your chosen method of disable is/was breaking the v4-mapping ability in the stack but not in a way Squid can detect. FYI: the "Right Way" to stop IPv6 being used is to configure ip6tables firewall to REJECT all IPv6 traffic attempting to arrive or leave the box. Treat v6 (and v6 variants of common protocols) as just another protocol to block or permit at the firewall and you should be fine. Some people like DROP in the firewall, but that is just another way to cause breakage. It results in connections hanging. Amos _______________________________________________ squid-users mailing list squid-users@xxxxxxxxxxxxxxxxxxxxx http://lists.squid-cache.org/listinfo/squid-users