[squid-users] Outgoing IPv6 address with no IPv4 address access

Amos Jeffries squid3 at treenet.co.nz
Tue Nov 3 02:37:46 UTC 2015

Lets rewind...

*Why* do a you have this requirement at all?

Why have a server connected to IPv4 which is not permitted to use IPv4 ?

On 2/11/2015 11:50 p.m., Robert Conlustro wrote:
> Thank you for all the great information. I understand the squid will
> automatically use IPv6 before IPv4 if the server has both but I want
> squid to reject a server if it only has IPv4 and only allow IPv6
> connectivity. The only real problem I’m facing is that the main IPv4
> address of the squid server is being used to connect through when
> there is no IPv6 connectivity on the server.

You did not specify any IPv4 address Squid was to use for its outbound
connections. So the OS kernel will pick whatever it likes to use for
that destination.

The Internet works that way, why break it?

> I want to prevent the
> use of the main IPv4 address altogether. I tried to make the main
> IPv4 address of the server an outgoing address and then I blocked
> that address but that didn’t work.

It would seem you did not do it properly. Please explain "didn't work".

This works for me to prevent outgoing traffic using

  iptables -I OUTPUT 1 -p udp -s -j REJECT
  iptables -I OUTPUT 1 -p tcp -s -j REJECT

Though a FAR better solution is to not even assign an unusable IP
address to the machine.


More information about the squid-users mailing list