[squid-users] Only listening to ipv6 (bug) still present? http_port IGNORE PEBCAK
squid3 at treenet.co.nz
Wed May 4 06:15:34 UTC 2016
On 4/05/2016 4:00 p.m., Tory M Blue wrote:
> I do the sysctl settings and have no ipv6 interfaces showing up under
> eth0/em0 or anything.. Been doing that for years, because I don't have
> not taken the time to fix my DNS infrastructure and the pauses due to
> ipv6 resolution attempts kill me
If you mean net.ipv6.conf.all.disable_ipv6=1, that just prevents the
interfaces doing the IP assignment dance. IPv6 is still present and
almost fully functional. Without the IP dance the machine is not
advertised as existing to remote IPv6 machinery and incoming connections
dont have anywhere to go. Outgoing connects can't use the system default
IP for the interface because there is none.
However, as you noticed Squid can still open a v6 socket and listen
there for passing traffic of either IP type. It should also still be
able to make outbound IPv6 connections if you configure
tcp_outgoing_addr explicitly with an IPv6 to use instead of relying on
the iface address.
NP: one important implication is that v6-enabled malware can do similar
and use IPv6 with its own self-assigned address out of your control. So
you need to do the firewall dance anyway.
More information about the squid-users