Interesting, I do the sysctl settings and have no ipv6 interfaces showing up under eth0/em0 or anything.. Been doing that for years, because I don't have not taken the time to fix my DNS infrastructure and the pauses due to ipv6 resolution attempts kill me Thank you sir Tory On Tue, May 3, 2016 at 8:57 PM, Amos Jeffries <squid3@xxxxxxxxxxxxx> wrote: > On 4/05/2016 3:22 p.m., Tory M Blue wrote: >> On Tue, May 3, 2016 at 5:58 PM, Amos Jeffries <squid3@xxxxxxxxxxxxx> wrote: >>> On 4/05/2016 11:12 a.m., Tory M Blue wrote: >>>> My configs have always consisted of http_port 80 accel vhost.. With >>>> the latest 3.5.17 (I guess) if you don't list 0.0.0.0:80 squid won't >>>> even attempt to listen, talk on ivp4.. >>>> >>>> So adding 0.0.0.0:80 allows it to at least talk via ipv4. >>>> >>>> This seems wrong, odd. >>>> >>>> I understand you are removing methods to disable ipv6, however forcing >>>> folks to us only ipv6 seems like a stretch :) >>>> >>>> Thanks >>>> Tory >>>> >>>> CentOS 7 >>>> squid-3.5.17-1.el7.centos.x86_64 >>> >>> >>> What is Squid saying on startup about the stack type detected? >>> (may have to set debug_options 3,2) >>> >>> Linux has a hybrid TCP stack. Which means IPv6 ports can receive IPv4 >>> traffic unless you change something. Have you got any custom config in >>> your TCP/IP settings that might have changed the stacks v4-mapping >>> behaviour? >>> >>> Amos >>> >> >> Hey Amos >> >> Other than disabling ipv6, there are no other tweaks. > > Um. "disabling ipv6" is not possible in any Linux or BSD based OS. All > the tutorials and advice that claim to mention ways to do so are > actually just screwing up the internal TCP stack state so the IPv6 fails > on various ways. > > I think what is going on is that your chosen method of disable is/was > breaking the v4-mapping ability in the stack but not in a way Squid can > detect. > > FYI: the "Right Way" to stop IPv6 being used is to configure ip6tables > firewall to REJECT all IPv6 traffic attempting to arrive or leave the > box. Treat v6 (and v6 variants of common protocols) as just another > protocol to block or permit at the firewall and you should be fine. > > Some people like DROP in the firewall, but that is just another way to > cause breakage. It results in connections hanging. > > Amos _______________________________________________ squid-users mailing list squid-users@xxxxxxxxxxxxxxxxxxxxx http://lists.squid-cache.org/listinfo/squid-users
