[squid-users] How to make only IPV6 visible even incoming via IPV4?
Amos Jeffries
squid3 at treenet.co.nz
Thu Oct 10 05:33:50 UTC 2019
On 10/10/19 3:59 pm, Marcelo Rodrigo - Graminsta.com.br wrote:
>
> Now I am implementing IPV6 as outgoing_address. So a customer enters
> with an IPV4 and is routed out via IPV6 like below in squid.conf:
>
>
>
> http_port 182.XX.XX.97:4444 name=166
>
> acl ip166 myportname 166
>
> tcp_outgoing_address XXXX:XXXX:XXX::7bb
>
>
>
> The issue is when I verify IP leads to avoid proxy detection using
> websites like https://ipleak.net it shows both IPs, IPV4 and IPV6.
>
> I need it to show only IPV6.
>
...
>
> Any ideas about how to make Squid shows only the IPV6 from
> tcp_outgoing_address?
>
That website you are using for your checks actively tests for ability to
connect to IPv4-only servers. So long as your network does IPv4 this
type of test will show it.
The solution (if you really want to) is one of these:
* disable IPv4 on your network. If the connectivity for IPv4 does not
exist those addresses cannot be "leaked".
* configure your DNS to not produce A responses. If Squid cannot
resolve server IPv4 addresses, it will not try to connect to any.
* configure your firewall to reject (not drop) attempts to connect via
IPv4.
Naturally, expect to have some amount of the Internet to be unusable.
That amount is much smaller than most people think, but if you have a
client depending on even one IPv4-only site on a regular basis it can be
extremely annoying for them.
Amos
More information about the squid-users
mailing list