On 20/11/18 9:37 am, igmaniac wrote: > Hi, > > I am trying to create a simple proxy that will receive traffic and forward > it to the server IPv6 address. Squid defaults to using IPv6 all connections unless there is something actively preventing IPv6 from working. If your network supports IPv6 traffic and the server you are connecting to has an IPv6 address you do not have to do anything. Just configure whatever ACLs and access rules you would have about whether a client is allowed to use your proxy. > I can actually connect to proxy but when I check my IP on a browser it says > the IPv4 address of the server. What check are you doing exactly? and what exactly is it producing? The problem is most likely that you are looking at the wrong info or the test is broken in some other way. Please be aware that in normal HTTP operations the Browser<->Squid connection is fully independent of any Squid<->server connections. Websites which tell you "your IP" (aka whatismyip.com) are often not telling you Squid's IP they are seeking to tell you the Browser's IP. > So far my configuration is like this but I don't know if it's correct: > > hierarchy_stoplist cgi-bin ? The above directive was removed in Squid-3.5. > acl QUERY urlpath_regex cgi-bin \? \.css > no_cache deny QUERY You can remove the above lines completely. It is a workaround from Squid-1.x for HTTP/1.0 lack of certain caching features. Squid-3.2 and later support HTTP/1.1 caching and you already have the relevant refresh_pattern to handle dynamic content better than the "QUERY" workaround ever could. > acl NOT_TO_CACHE dstdomain "/etc/squid/list/not-to-cache.conf" > no_cache deny NOT_TO_CACHE Remove that "no_" prefix. The directive has been called just "cache " since Squid-2 era. Or, if you have Squid-3.5 or later consider using the store_miss directive instead of "cache". > acl SSL_ports port 443 > acl Safe_ports port 80 > acl Safe_ports port 21 > acl Safe_ports port 443 > acl Safe_ports port 70 > acl Safe_ports port 210 > acl Safe_ports port 1025-65535 > acl Safe_ports port 280 > acl Safe_ports port 488 > acl Safe_ports port 591 > acl Safe_ports port 777 > acl CONNECT method CONNECT > http_access deny !Safe_ports > http_access deny CONNECT !SSL_ports > http_access allow localhost manager > http_access deny manager > http_access allow localhost > http_access allow all Do not do that. "allow all" makes your proxy an "Open Proxy" which is a very bad idea. Especially when testing since it artificially makes things that are quite abnormal "work". As evidenced by your very mangled http_access rules later on (which are ignored since everything was already allowed by this). > http_port 3128 > acl user1 myportname 3128 The "user1" ACL is never used. You can remove the above line. > acl to_ipv6 dst ipv6 > http_access deny to_ipv6 !all The "allow all" above already allowed *everything* through your Squid. So this line is never even evaluated and its use as a trick to get Squid to perform DNS far earlier than normal is not happening. >From the context of your question and intended behaviour I suspect that you were not actually wanting to do the behaviour this config trick is designed to cause. Specifically to force Squid to perform DNS lookups far earlier than it would normally do them - for a very minor performance enhancement when DNS server are expected to be very slow. That behaviour will not help with your stated intentions. So I suggest removing this http_access line as well. > tcp_outgoing_address xxx::xxx to_ipv6 In current Squids where it works properly this directive selects the IP based first on which IP type the server has. You can only set IPv6 address on connections to IPv6 servers, and only set IPv4 address on connections to IPv4 servers. Squid-3.4+ will ignore lines attempting to set the wrong IP type. In other words the "to_ipv6" is implicit in how this directive currently does things and no longer needed. If you have to use the above line to set a custom IPv6 for outgoing traffic you should use the "all" ACL here instead. Or better yet, remove that line entirely. The OS networking stack will assign an appropriate IP address for the connection. ... if you do all those changes you should notice you are pretty much back to Squid's default config file. Amos _______________________________________________ squid-users mailing list squid-users@xxxxxxxxxxxxxxxxxxxxx http://lists.squid-cache.org/listinfo/squid-users
