I am still waiting for couple answers about the system and the setup. Also to resolve the issue it will be required to know if the issue is on squid side or the kernel side(ipv6 related) or iptables rules. All of the above will allow us to help Walter make this system work. And Amos, about the part of avoiding using tproxy for the outgoing traffic and only use it to intercept the connections: For a CentOS 6 system it's the only option to run an INTERCEPT proxy which hides the client IPv6 address so I think it's something that need to be documented somewhere in the wiki. I would be happy to write the article if I would have known how to disable tproxy for the outgoing traffic. Eliezer ---- Eliezer Croitoru Linux System Administrator Mobile: +972-5-28704261 Email: eliezer@xxxxxxxxxxxx -----Original Message----- From: squid-users [mailto:squid-users-bounces@xxxxxxxxxxxxxxxxxxxxx] On Behalf Of Amos Jeffries Sent: Sunday, August 20, 2017 03:45 To: squid-users@xxxxxxxxxxxxxxxxxxxxx Subject: Re: IPv6 and TPROXY On 20/08/17 12:08, Eliezer Croitoru wrote: > You can use tproxy but you will need to somehow make it so squid will do "NAT" instead of only tproxy or to findout what is causing the issue to happen in the network layer of the connection. > It can be a simple iptables rule which block traffic or another issue like rp_filter. > If you are up to it I will be willing to try and setup a more advanced ipv6 setup that might help to inspect the issue. > > In the mean while I am missing one piece which maybe Amos can help with: > Is it possible to use tproxy for interception but force a non tproxy connection on the outgoing traffic? I'm not sure what problem that would solve. If TPROXY is not working fully it wont magically start half-working. AFAICS, Walters problem with TPROXY is that his firewall rules are setup for accepting only traffic with 2001::/16 IP addresses. With TPROXY the original 2a02::/16 IP remains present so the rules based on 2001::/16 wont let the traffic into the proxy. Amos _______________________________________________ squid-users mailing list squid-users@xxxxxxxxxxxxxxxxxxxxx http://lists.squid-cache.org/listinfo/squid-users _______________________________________________ squid-users mailing list squid-users@xxxxxxxxxxxxxxxxxxxxx http://lists.squid-cache.org/listinfo/squid-users
