[squid-users] Squid with PV6 Tunnel Broker
Amos Jeffries
squid3 at treenet.co.nz
Thu Aug 1 00:39:09 UTC 2024
On 31/07/24 18:05, Jonathan Lee wrote:
> The error it shows when I activate IPv6 only mode not dual stack is
>
There is no "IPv6 only mode" in Squid. What do you mean?
> Error: no forward proxy ports configured
>
In the config you showed earlier all of your IPv6 listening ports use
the "intercept" flag.
Please try with this much simplified configuration for listening ports:
# Receive forward-proxy and cache manager traffic
http_port 3128 ssl-bump \
generate-host-certificates=on dynamic_cert_mem_cache_size=20MB \
tls-cert=/usr/local/etc/squid/serverkey.pem \
tls-dh=prime256v1:/etc/dh-parameters.2048 \
options=NO_SSLv3
# Receive intercepted port 80 traffic
http_port 3127 intercept ssl-bump \
generate-host-certificates=on dynamic_cert_mem_cache_size=20MB \
tls-cert=/usr/local/etc/squid/serverkey.pem \
tls-dh=prime256v1:/etc/dh-parameters.2048 \
options=NO_SSLv3
# Receive intercepted port 443 traffic
https_port 3129 intercept ssl-bump \
generate-host-certificates=on dynamic_cert_mem_cache_size=20MB \
tls-cert=/usr/local/etc/squid/serverkey.pem \
tls-dh=prime256v1:/etc/dh-parameters.2048 \
options=NO_SSLv3
There are other changes you will need to make the SSL-Bump and access
controls fully work. But this is all you should need to at least get
Squid accepting TCP and TLS connections.
The two "intercept" port numbers above are arbitrary. Just make sure
that your NAT rules are passing port 80 and port 443 to the right one.
IIRC, your IPv6 NAT rule may need changing.
Cheers
Amos
More information about the squid-users
mailing list