On 31/07/24 18:05, Jonathan Lee wrote:
The error it shows when I activate IPv6 only mode not dual stack is
There is no "IPv6 only mode" in Squid. What do you mean?
Error: no forward proxy ports configured
In the config you showed earlier all of your IPv6 listening ports use
the "intercept" flag.
Please try with this much simplified configuration for listening ports:
# Receive forward-proxy and cache manager traffic
http_port 3128 ssl-bump \
generate-host-certificates=on dynamic_cert_mem_cache_size=20MB \
tls-cert=/usr/local/etc/squid/serverkey.pem \
tls-dh=prime256v1:/etc/dh-parameters.2048 \
options=NO_SSLv3
# Receive intercepted port 80 traffic
http_port 3127 intercept ssl-bump \
generate-host-certificates=on dynamic_cert_mem_cache_size=20MB \
tls-cert=/usr/local/etc/squid/serverkey.pem \
tls-dh=prime256v1:/etc/dh-parameters.2048 \
options=NO_SSLv3
# Receive intercepted port 443 traffic
https_port 3129 intercept ssl-bump \
generate-host-certificates=on dynamic_cert_mem_cache_size=20MB \
tls-cert=/usr/local/etc/squid/serverkey.pem \
tls-dh=prime256v1:/etc/dh-parameters.2048 \
options=NO_SSLv3
There are other changes you will need to make the SSL-Bump and access
controls fully work. But this is all you should need to at least get
Squid accepting TCP and TLS connections.
The two "intercept" port numbers above are arbitrary. Just make sure
that your NAT rules are passing port 80 and port 443 to the right one.
IIRC, your IPv6 NAT rule may need changing.
Cheers
Amos
_______________________________________________
squid-users mailing list
squid-users@xxxxxxxxxxxxxxxxxxxxx
https://lists.squid-cache.org/listinfo/squid-users
