[squid-users] Squid IPv4:port to IPv6

Walter H. Walter.H at mathemainzel.info
Sat Aug 19 06:15:44 UTC 2017 

On 19.08.2017 04:03, davidjesse091 at aol.com wrote:
> I'm trying to connect to Squid with one IPv4 IP and based on the port 
> I'm connecting with, I want Squid to use a different IPv6 IP for the 
> connection.
>
> Below is my config file
>
> |acl SSL_ports port 443
> acl Safe_ports port 80
> acl Safe_ports port 21
> acl Safe_ports port 443
> acl Safe_ports port 70
> acl Safe_ports port 210
> acl Safe_ports port 1025-65535
> acl Safe_ports port 280
> acl Safe_ports port 488
> acl Safe_ports port 591
> acl Safe_ports port 777
> acl CONNECT method CONNECT
> http_access deny !Safe_ports
> http_access deny CONNECT !SSL_ports
> http_access allow localhost manager
> http_access deny manager
> http_access allow localhost
> #http_access deny all
> http_port 3128
> coredump_dir /var/spool/squid
> refresh_pattern ^ftp:           1440    20%     10080
> refresh_pattern ^gopher:        1440    0%      1440
> refresh_pattern -i (/cgi-bin/|\?) 0     0%      0
> refresh_pattern .               0       20%     4320
>
> # Allow all machines to all sites
> http_access allow all
>
> #Privacy Things
> via off
> forwarded_for off
> follow_x_forwarded_for deny all
>
>
> ## designate acl based on inbound connection name
> acl user1 myportname 3128
> acl user2 myportname 3129
> acl user3 myportname 3130
> acl user4 myportname 3131
> acl user5 myportname 3132
>
> ## define outgoing IPv6 per user
> tcp_outgoing_address 2000:3c03:e000:25f::1:0 user1
> tcp_outgoing_address 2000:3c03:e000:25f::1:1 user2
> tcp_outgoing_address 2000:3c03:e000:25f::1:2 user3
> tcp_outgoing_address 2000:3c03:e000:25f::1:3 user4
> tcp_outgoing_address 2000:3c03:e000:25f::1:4 user5|
>
>
> The issue I'm facing is that I can only use the proxy with port 3128, 
> and it does proxy it to "2000:3c03:e000:25f::1:0" as it should. But if 
> I use port 3129 then I can not connect to the proxy.
because you only have
http_port 3128
you also need
http_port 3129
http_port 3130
http_port 3131
http_port 3132
and in case there is a firewall, these ports must be open, too ...

by the way this setting only makes sense, when there is a restriction, 
that only a specific IP can use port 3128,
a specific IP can use port 3129, ....
need not be IPv4 can also be IPv6 ...

Walter
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.squid-cache.org/pipermail/squid-users/attachments/20170819/b52a334a/attachment.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 3491 bytes
Desc: S/MIME Cryptographic Signature
URL: <http://lists.squid-cache.org/pipermail/squid-users/attachments/20170819/b52a334a/attachment.bin>

More information about the squid-users mailing list