[squid-users] tcp_outgoing_address

Alex Samad alex at samad.com.au
Thu Apr 16 05:59:35 UTC 2015


On 16 April 2015 at 14:54, Amos Jeffries <squid3 at treenet.co.nz> wrote:
> On 16/04/2015 3:20 p.m., Alex Samad wrote:
>> :)  Living in Australia that has just sign into law meta data
>> recording. So I am sending some of my traffic OS via a vpn service.
>>
>> But I still want some things to go locally, so I was using src ip
>> address to help my router determine which path to use.
>>
>> unfortunately my vpn service doesn't handle IPv6, plus from memory
>> there is no NAT for ipv6 (last time i looked) so .. I want to allow
>> ipv6 for somethings but I want to force all traffic for certain site
>> via the vpn.
>>
>>
>> Unfortunately I might have to just kill all ipv6 ..
>
> Your best hope is actually to do the *opposite*.
>
> Make IPv6 actually work. You can firewall IPv6 traffic going to the
> selected set of sites IP ranges, just like you would block them if you
> didnt want IPv4 connections to go there.

Hmm okay so your saying that squid will try the ipv6 address and if it
get a tcp reject (icmp), not available it will fail back to ipv4 ?


>
>
> And yes there is NAT in IPv6 now. And yes it causes just as much trouble
> there as it does for IPv4 - but gratuitously since most of the things
> NAT is useful for in IPv4 have better alternatives in IPv6.
Yeah I heard some rumor, but haven't had a chance to look at it :)
>
> Amos
>


More information about the squid-users mailing list