On 25/01/19 11:29 pm, Troiano Alessio wrote: > Hello, > > I need to definitively solve the ipv6 (un)reachbility issue. > > I state I read this topic: > http://squid-web-proxy-cache.1019090.n4.nabble.com/dns-v4-first-on-ignored-td4658427.html > but not found a solution. Amos wrote “Squid tests for IPv6 ability > automatically by opening a socket on a private IP address, if that works > the socket options are noted and used.” > > Anyway I disable IPv6 on my Red Hat 7.4 with the following: > > net.ipv6.conf.all.disable_ipv6 = 1 > > net.ipv6.conf.default.disable_ipv6 = 1 > > net.ipv6.conf.bond0.disable_ipv6 = 1 > > net.ipv6.conf.lo.disable_ipv6 = 1 > IIRC there are boot options necessary so the machine kernel starts with its IPv6 TCP stack disabled. > Used the “dns_v4_first on” and also “tcp_outgoing_address 172.31.1.x > all” on squid conf to force the use of IPv4. Neither of which forces anything. dns_v4_first influences the sorting order of DNS results provided to Squids server selection logic. Services which are IPv6-only or whose IPv4 are not working _will_ attempt to use IPv6. NP: Please be aware that error pages only mention the *last* error to be encountered. With dns_v4_first you will see an IPv6 address being mentioned as not contactable. Because all the IPv4 failed (first) then all the IPv6 failed (last). tcp_outgoing_address only applies on protocols for which that address is valid. Meaning the above only sets a particular address on IPv4 connections - it has no effect on IPv6 connections. The only way to completely disable IPv6 is to build Squid with --disable-ipv6. > > Anyway squid try to connect to the IPv6 address instead of IPv4 and I’m > not able to reach it: > > C:\Users\atroiano>nslookup download.pdfforge.org > > Server: espevmdxxxx.xxxx.prv > > Address: 172.x.x.x > > > > Risposta da un server non autorevole: > > Nome: download.pdfforge.org > > Addresses: 2001:4860:4802:38::15 > > 2001:4860:4802:34::15 > > 2001:4860:4802:32::15 > > 2001:4860:4802:36::15 > > 216.239.32.21 > > 216.239.38.21 > > 216.239.36.21 > > 216.239.34.21 > Are any of those IPv4 addresses able to be connected to and fetched from by processes on the Squid machine? The squidclient tool can be used to probe individual server/IP for issues fetching requests. > [root@HUB-RM-PRX-03 ~]# tail -f /var/log/squid/rsa/access.log | grep > pdfforge.org > > %SQUID-4: 172.31.x.x 49444 [25/Jan/2019:11:02:58 +0100] "GET > http://download.pdfforge.org/download/pdfcreator/PDFCreator-stable > HTTP/1.1" download.pdfforge.org - - > "/download/pdfcreator/PDFCreator-stable" 503 text/html 4545 "-" > "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:64.0) Gecko/20100101 > Firefox/64.0" TCP_MISS:HIER_DIRECT 2001:4860:4802:38::15 80 0 > > Squid doesn’t try to connect to IPv4 addresses for this site and for > many others. > I suspect Squid actually is, but not telling you everything it does to retry different destination servers / IPs before it gets to the final failure point. Please check the mgr:ipcache log to see what IPs Squid has known for that domain and which ones are flagged 'B' for broken/bad/failing. Amos _______________________________________________ squid-users mailing list squid-users@xxxxxxxxxxxxxxxxxxxxx http://lists.squid-cache.org/listinfo/squid-users