[squid-users] IPv6 only network

xpro6000 xpro6000 at gmail.com
Tue Oct 31 15:09:07 UTC 2017 

Since at home I only have IPv4, I can't fully disable ipv4 on the squid
server OS. I think the best option for me would be to configure iptables to
reject ipv4 on any port other than port "3001" which is what squid is
accepting ipv4 connections to. Would that be possible with iptables?

On Tue, Oct 31, 2017 at 3:13 AM, Amos Jeffries <squid3 at treenet.co.nz> wrote:

> On 31/10/17 18:34, xpro6000 wrote:
>
>> Unfortunately my ISP does not provide an IPv6 IP, I need to create an
>> only IPv6 network so I can test an iphone app as required by the Apple store
>>
>> https://developer.apple.com/support/ipv6/ <https://developer.apple.com/s
>> upport/ipv6/>
>>
>>
> Squids' default behaviour is to follow BCP 177. So any use of IPv4 is a
> strong indication that the server used by your app is having IPv6
> connectivity issues.
>
> see "Limitations of Local Testing" at <https://developer.apple.com/l
> ibrary/ios/documentation/NetworkingInternetWeb/Conceptual/
> NetworkingOverview/UnderstandingandPreparingfortheIPv6Transi
> tion/UnderstandingandPreparingfortheIPv6Transition.html#//
> apple_ref/doc/uid/TP40010220-CH213-SW1>.
>
>
> What I did was, I created a VPS with IPv6 support, I added the following
>> to squid.conf
>>
>> http_port 3001
>> acl port1 myport 3001
>>
>
> Use "myportname" ACL type. 'myport' is deprecated.
>
> tcp_outgoing_address 2001:19f1:9232:d4d:b757:3535:1910:412e port1
>> server_persistent_connections off
>>
>
> Why disabling persistence? it has nothing to do with IPv4 vs IPv6.
>
>
>> The config above works fine. If the website supports IPv6, it does use
>> that IPv6 IP. But Squid uses IPv4 if the website does not support IPv6
>>
>> Is there anyway to prevent Squid to use IPv4 for outgoing connections?
>>
>>
> IPv4 is not yet an optional protocol so technically no. But there are
> several ways to safely achieve IPv6-only traffic:
>
> * some DNS resolvers can be configured not to deliver A records.
>
> * ensure the NIC of the machine running Squid has no IPv4 addresses.
>
> * ensure that IPv4 space is all non-routable.
>
> * ensure your Squid machines firewall is configured to reject (_not_ drop)
> IPv4 packets.
>
>
> Notice how all of those are things you would need to do to make your
> network *actually* IPv6-only and have nothing directly to do with Squid.
>
> Amos
> _______________________________________________
> squid-users mailing list
> squid-users at lists.squid-cache.org
> http://lists.squid-cache.org/listinfo/squid-users
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.squid-cache.org/pipermail/squid-users/attachments/20171031/13afb1ed/attachment.html>

More information about the squid-users mailing list