Since at home I only have IPv4, I can't fully disable ipv4 on the squid server OS. I think the best option for me would be to configure iptables to reject ipv4 on any port other than port "3001" which is what squid is accepting ipv4 connections to. Would that be possible with iptables?
On Tue, Oct 31, 2017 at 3:13 AM, Amos Jeffries <squid3@xxxxxxxxxxxxx> wrote:
On 31/10/17 18:34, xpro6000 wrote:
Unfortunately my ISP does not provide an IPv6 IP, I need to create an only IPv6 network so I can test an iphone app as required by the Apple store
https://developer.apple.com/support/ipv6/ <https://developer.apple.com/support/ipv6/ >
Squids' default behaviour is to follow BCP 177. So any use of IPv4 is a strong indication that the server used by your app is having IPv6 connectivity issues.
see "Limitations of Local Testing" at <https://developer.apple.com/library/ios/documentation/Netwo >.rkingInternetWeb/Conceptual/ NetworkingOverview/Understandi ngandPreparingfortheIPv6Transi tion/UnderstandingandPreparing fortheIPv6Transition.html#// apple_ref/doc/uid/TP40010220- CH213-SW1
What I did was, I created a VPS with IPv6 support, I added the following to squid.conf
http_port 3001
acl port1 myport 3001
Use "myportname" ACL type. 'myport' is deprecated.
tcp_outgoing_address 2001:19f1:9232:d4d:b757:3535:1910:412e port1
server_persistent_connections off
Why disabling persistence? it has nothing to do with IPv4 vs IPv6.
The config above works fine. If the website supports IPv6, it does use that IPv6 IP. But Squid uses IPv4 if the website does not support IPv6
Is there anyway to prevent Squid to use IPv4 for outgoing connections?
IPv4 is not yet an optional protocol so technically no. But there are several ways to safely achieve IPv6-only traffic:
* some DNS resolvers can be configured not to deliver A records.
* ensure the NIC of the machine running Squid has no IPv4 addresses.
* ensure that IPv4 space is all non-routable.
* ensure your Squid machines firewall is configured to reject (_not_ drop) IPv4 packets.
Notice how all of those are things you would need to do to make your network *actually* IPv6-only and have nothing directly to do with Squid.
Amos
_______________________________________________
squid-users mailing list
squid-users@lists.squid-cache.org
http://lists.squid-cache.org/listinfo/squid-users
_______________________________________________ squid-users mailing list squid-users@xxxxxxxxxxxxxxxxxxxxx http://lists.squid-cache.org/listinfo/squid-users
