On 2/12/18 10:14 am, Dmitri Seletski wrote: > Hello Dear Squidies, > > Situation: > > I have, > > IPv4 only tunnel for security. > > IPv6 enabled ISP. > > VM with Squid in it, that works over bridge.(so it has both NAT IPv4 IP > an IPv6 IP) > FYI: Modern Internet connected software is required to prefer IPv6 over the outdated and deprecated IPv4. Squid will not be the only software with this behaviour so you need to do this properly (see below) not just for Squid. > > Problem: > > When i go to some sites, Squid instead of pulling traffic over tunnel > provider, does it over IPv6 enabled ISP of mine, which defeats purpose > of VPN provider. Is that VPN provider running your traffic through some specialized security checking software? If not then Squid is providing *better* security just by existing in the traffic path. Even for that IPv6 traffic. > > So i need to know how to kill IPv4, at least outbound traffic from Squid > to rest of Internetz pages. (and no, preference to IPv4 DNS is not an > option, as some pages are not available in IPv4, so i'd rather not see > them at all) It is your OS which decides whether or not the VPN or the IPv6 is used for any given connection. So the proper way to do what you are asking is to set your VM's firewall to only allow access through the VPN for connections made by Squid. Connections to the IPv6 network should be rejected with an ICMPv6 "Network Unavailable" packet which makes Squid move on to the IPv4 attempts. Amos _______________________________________________ squid-users mailing list squid-users@xxxxxxxxxxxxxxxxxxxxx http://lists.squid-cache.org/listinfo/squid-users