You can use tproxy but you will need to somehow make it so squid will do "NAT" instead of only tproxy or to findout what is causing the issue to happen in the network layer of the connection. It can be a simple iptables rule which block traffic or another issue like rp_filter. If you are up to it I will be willing to try and setup a more advanced ipv6 setup that might help to inspect the issue. In the mean while I am missing one piece which maybe Amos can help with: Is it possible to use tproxy for interception but force a non tproxy connection on the outgoing traffic? I wrote such a proxy myself and I believe that there might be another solution to if nothing else would be found. The other idea would be: Use haproxy infront of the squid proxy to intercept traffic in the tcp level and pass to squid somehow the request via a proxy protocol enabled port. I have used it in the past and it should be fine for port 80 but for 443 it's a whole other thing. All The Bests, Eliezer ---- Eliezer Croitoru Linux System Administrator Mobile: +972-5-28704261 Email: eliezer@xxxxxxxxxxxx -----Original Message----- From: Walter H. [mailto:Walter.H@xxxxxxxxxxxxxxxxx] Sent: Saturday, August 19, 2017 23:23 To: Eliezer Croitoru <eliezer@xxxxxxxxxxxx> Cc: squid-users@xxxxxxxxxxxxxxxxxxxxx Subject: Re: IPv6 and TPROXY Hello, not really, I must live with the fact, that I can't configure tproxy, as I can't update any kernel ... Walter On 19.08.2017 22:09, Eliezer Croitoru wrote: > Any progress with the issue? > > Eliezer > > ---- > Eliezer Croitoru > Linux System Administrator > Mobile: +972-5-28704261 > Email: eliezer@xxxxxxxxxxxx > > > > -----Original Message----- > From: Walter H. [mailto:Walter.H@xxxxxxxxxxxxxxxxx] > Sent: Sunday, August 13, 2017 21:31 > To: Eliezer Croitoru<eliezer@xxxxxxxxxxxx> > Cc: squid-users@xxxxxxxxxxxxxxxxxxxxx > Subject: Re: IPv6 and TPROXY > > Hello Eliezer > > yes, because all my Linux systems are CentOS 6 ... > > the router/firewall has a rule > > -A FORWARD -i br0 -o sit1 -s ipv6prefix:0::/80 -m tcp -p tcp --dport 80 > -j LOG --log-prefix "IPv6[FWD-HTTP(out)]: " --log-level 7 > -A FORWARD -i br0 -o sit1 -s ipv6prefix:0::/80 -m tcp -p tcp --dport 80 > -j REJECT > > any windows host inside this ipv6prefix has configured a proxy, but for > some reason e.g. there is HTTP traffic of CRLs or OCSP > that doesn't go through to the configured proxy, and is blocked ... > for this I need this TPROXY ... > (only IPv6 needs to be solved, IPv4 already runs perfekt) > > Thanks, > Walter > > _______________________________________________ squid-users mailing list squid-users@xxxxxxxxxxxxxxxxxxxxx http://lists.squid-cache.org/listinfo/squid-users
