[squid-users] How to definitively disable IPv6
Alex Rousskov
rousskov at measurement-factory.com
Fri Jan 25 16:00:07 UTC 2019
On 1/25/19 3:29 AM, Troiano Alessio wrote:
> I need to definitively solve the ipv6 (un)reachbility issue.
You can
* build Squid with --disable-ipv6
* try an experimental (and unofficial) Squid branch that implements the
TCP part of the Happy Eyeballs algorithm:
https://github.com/measurement-factory/squid/pull/3
Alex.
> I state I read this topic:
> http://squid-web-proxy-cache.1019090.n4.nabble.com/dns-v4-first-on-ignored-td4658427.html
> but not found a solution. Amos wrote “Squid tests for IPv6 ability
> automatically by opening a socket on a private IP address, if that works
> the socket options are noted and used.”
>
> Anyway I disable IPv6 on my Red Hat 7.4 with the following:
>
> net.ipv6.conf.all.disable_ipv6 = 1
>
> net.ipv6.conf.default.disable_ipv6 = 1
>
> net.ipv6.conf.bond0.disable_ipv6 = 1
>
> net.ipv6.conf.lo.disable_ipv6 = 1
>
> Used the “dns_v4_first on” and also “tcp_outgoing_address 172.31.1.x
> all” on squid conf to force the use of IPv4.
>
> Anyway squid try to connect to the IPv6 address instead of IPv4 and I’m
> not able to reach it:
>
> C:\Users\atroiano>nslookup download.pdfforge.org
>
> Server: espevmdxxxx.xxxx.prv
>
> Address: 172.x.x.x
>
>
>
> Risposta da un server non autorevole:
>
> Nome: download.pdfforge.org
>
> Addresses: 2001:4860:4802:38::15
>
> 2001:4860:4802:34::15
>
> 2001:4860:4802:32::15
>
> 2001:4860:4802:36::15
>
> 216.239.32.21
>
> 216.239.38.21
>
> 216.239.36.21
>
> 216.239.34.21
>
> [root at HUB-RM-PRX-03 ~]# tail -f /var/log/squid/rsa/access.log | grep
> pdfforge.org
>
> %SQUID-4: 172.31.x.x 49444 [25/Jan/2019:11:02:58 +0100] "GET
> http://download.pdfforge.org/download/pdfcreator/PDFCreator-stable
> HTTP/1.1" download.pdfforge.org - -
> "/download/pdfcreator/PDFCreator-stable" 503 text/html 4545 "-"
> "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:64.0) Gecko/20100101
> Firefox/64.0" TCP_MISS:HIER_DIRECT 2001:4860:4802:38::15 80 0
>
> Squid doesn’t try to connect to IPv4 addresses for this site and for
> many others.
>
>
>
> What can I do?
>
> My ISP is IPv4 only.
>
>
>
> Thank you, Regards.
>
>
> Il presente messaggio e-mail e ogni suo allegato devono intendersi
> indirizzati esclusivamente al destinatario indicato e considerarsi dal
> contenuto strettamente riservato e confidenziale. Se non siete
> l'effettivo destinatario o avete ricevuto il messaggio e-mail per
> errore, siete pregati di avvertire immediatamente il mittente e di
> cancellare il suddetto messaggio e ogni suo allegato dal vostro sistema
> informatico. Qualsiasi utilizzo, diffusione, copia o archiviazione del
> presente messaggio da parte di chi non ne è il destinatario è
> strettamente proibito e può dar luogo a responsabilità di carattere
> civile e penale punibili ai sensi di legge.
> Questa e-mail ha valore legale solo se firmata digitalmente ai sensi
> della normativa vigente.
> ------------------------------------------------------------------------
> The contents of this email message and any attachments are intended
> solely for the addressee(s) and contain confidential and/or privileged
> information.
> If you are not the intended recipient of this message, or if this
> message has been addressed to you in error, please immediately notify
> the sender and then delete this message and any attachments from your
> system. If you are not the intended recipient, you are hereby notified
> that any use, dissemination, copying, or storage of this message or its
> attachments is strictly prohibited. Unauthorized disclosure and/or use
> of information contained in this email message may result in civil and
> criminal liability. “
> This e-mail has legal value according to the applicable laws only if it
> is digitally signed by the sender
>
> _______________________________________________
> squid-users mailing list
> squid-users at lists.squid-cache.org
> http://lists.squid-cache.org/listinfo/squid-users
>
More information about the squid-users
mailing list