[squid-users] Conditional IPv6 usage
Stefan Hölzle
stefan at hoelzle.work
Fri Jun 24 18:27:41 UTC 2016
Hello,
I'm having trouble configuring a forward proxy.
My goal is the following:
Only for one destination domain IPv6 should be used, otherwise IPv4.
The proxy has multiple incoming IPs and multiple outgoing IPs, here is
the relevant part of the squid.conf:
acl port80 localport 80
acl port88 localport 88
acl port443 localport 443
http_port 10.0.0.54:80
http_port 10.0.0.54:443
http_port 10.0.0.59:80
http_port 10.0.0.59:443
http_port 10.0.0.59:88
acl ipA localip 10.0.0.54
acl ipB localip 10.0.0.59
# only somedomain.asdf via IPv6
acl domain_acl dstdom_regex -i \.somedomain\.asdf
tcp_outgoing_address 10.0.0.93 ipB port88
tcp_outgoing_address 2001:cdba::3257:9652 ipB port88 domain_acl
tcp_outgoing_address 10.0.0.54 ipA port80
tcp_outgoing_address 10.0.0.63 ipA port443
tcp_outgoing_address 10.0.0.59 ipB port80
tcp_outgoing_address 10.0.0.93 ipB port443
dns_v4_first on
Expected behavior:
A connection on http_port 10.0.0.59:88 is requesting a domain matching
regex "\.somedomain\.asdf", then the first matching tcp_outgoing_address
is used, namely
tcp_outgoing_address 2001:cdba::3257:9652 ipB port88 domain_acl
Actual behavior:
A connection on http_port 10.0.0.59:88 is requesting a domain matching
regex "\.somedomain\.net" and
tcp_outgoing_address 10.0.1.54 ipA port80
is used.
If I change dns_v4_first from on to off,
tcp_outgoing_address 2001:cdba::3257:9652 ipB port88 domain_acl
is used for any incoming http_port.
Does anyone know why squid behaves the way it does ?
Thanks and best regards
--
Stefan
More information about the squid-users
mailing list