Search squid archive

Re: Only listening to ipv6 (bug) still present? http_port IGNORE PEBCAK

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On 4/05/2016 4:00 p.m., Tory M Blue wrote:
> Interesting,
> 
> I do the sysctl settings and have no ipv6 interfaces showing up under
> eth0/em0 or anything.. Been doing that for years, because I don't have
> not taken the time to fix my DNS infrastructure and the pauses due to
> ipv6 resolution attempts kill me
> 

If you mean net.ipv6.conf.all.disable_ipv6=1, that just prevents the
interfaces doing the IP assignment dance. IPv6 is still present and
almost fully functional. Without the IP dance the machine is not
advertised as existing to remote IPv6 machinery and incoming connections
dont have anywhere to go. Outgoing connects can't use the system default
IP for the interface because there is none.

However, as you noticed Squid can still open a v6 socket and listen
there for passing traffic of either IP type. It should also still be
able to make outbound IPv6 connections if you configure
tcp_outgoing_addr explicitly with an IPv6 to use instead of relying on
the iface address.

NP: one important implication is that v6-enabled malware can do similar
and use IPv6 with its own self-assigned address out of your control. So
you need to do the firewall dance anyway.

Amos

_______________________________________________
squid-users mailing list
squid-users@xxxxxxxxxxxxxxxxxxxxx
http://lists.squid-cache.org/listinfo/squid-users




[Index of Archives]     [Linux Audio Users]     [Samba]     [Big List of Linux Books]     [Linux USB]     [Yosemite News]

  Powered by Linux