[squid-users] Only listening to ipv6 (bug) still present? http_port IGNORE PEBCAK

Tory M Blue tmblue at gmail.com
Wed May 4 04:00:44 UTC 2016


I do the sysctl settings and have no ipv6 interfaces showing up under
eth0/em0 or anything.. Been doing that for years, because I don't have
not taken the time to fix my DNS infrastructure and the pauses due to
ipv6 resolution attempts kill me

Thank you sir


On Tue, May 3, 2016 at 8:57 PM, Amos Jeffries <squid3 at treenet.co.nz> wrote:
> On 4/05/2016 3:22 p.m., Tory M Blue wrote:
>> On Tue, May 3, 2016 at 5:58 PM, Amos Jeffries <squid3 at treenet.co.nz> wrote:
>>> On 4/05/2016 11:12 a.m., Tory M Blue wrote:
>>>> My configs have always consisted of http_port 80 accel vhost.. With
>>>> the latest 3.5.17 (I guess) if you don't list squid won't
>>>> even attempt to listen, talk on ivp4..
>>>> So adding allows it to at least talk via ipv4.
>>>> This seems wrong, odd.
>>>> I understand you are removing methods to disable ipv6, however forcing
>>>> folks to us only ipv6 seems like a stretch :)
>>>> Thanks
>>>> Tory
>>>> CentOS 7
>>>> squid-3.5.17-1.el7.centos.x86_64
>>> What is Squid saying on startup about the stack type detected?
>>>  (may have to set debug_options 3,2)
>>> Linux has a hybrid TCP stack. Which means IPv6 ports can receive IPv4
>>> traffic unless you change something. Have you got any custom config in
>>> your TCP/IP settings that might have changed the stacks v4-mapping
>>> behaviour?
>>> Amos
>> Hey Amos
>> Other than disabling ipv6, there are no other tweaks.
> Um. "disabling ipv6" is not possible in any Linux or BSD based OS. All
> the tutorials and advice that claim to mention ways to do so are
> actually just screwing up the internal TCP stack state so the IPv6 fails
> on various ways.
> I think what is going on is that your chosen method of disable is/was
> breaking the v4-mapping ability in the stack but not in a way Squid can
> detect.
> FYI: the "Right Way" to stop IPv6 being used is to configure ip6tables
> firewall to REJECT all IPv6 traffic attempting to arrive or leave the
> box. Treat v6 (and v6 variants of common protocols) as just another
> protocol to block or permit at the firewall and you should be fine.
> Some people like DROP in the firewall, but that is just another way to
> cause breakage. It results in connections hanging.
> Amos

More information about the squid-users mailing list