Re: How to make only IPV6 visible even incoming via IPV4?
On 10/10/19 3:59 pm, Marcelo Rodrigo - Graminsta.com.br wrote:
> Now I am implementing IPV6 as outgoing_address. So a customer enters
> with an IPV4 and is routed out via IPV6 like below in squid.conf:
> http_port 182.XX.XX.97:4444 name=166
> acl ip166 myportname 166
> tcp_outgoing_address XXXX:XXXX:XXX::7bb
> The issue is when I verify IP leads to avoid proxy detection using
> websites like https://ipleak.net it shows both IPs, IPV4 and IPV6.
> I need it to show only IPV6.
> Any ideas about how to make Squid shows only the IPV6 from
That website you are using for your checks actively tests for ability to
connect to IPv4-only servers. So long as your network does IPv4 this
type of test will show it.
The solution (if you really want to) is one of these:
* disable IPv4 on your network. If the connectivity for IPv4 does not
exist those addresses cannot be "leaked".
* configure your DNS to not produce A responses. If Squid cannot
resolve server IPv4 addresses, it will not try to connect to any.
* configure your firewall to reject (not drop) attempts to connect via
Naturally, expect to have some amount of the Internet to be unusable.
That amount is much smaller than most people think, but if you have a
client depending on even one IPv4-only site on a regular basis it can be
extremely annoying for them.
Re: RES: How to make only IPV6 visible even incoming via IPV4?
On 23/10/19 3:14 pm, Marcelo Rodrigo wrote:
> The way this setup is even if I visit simple websites like http://www.meuip.com.br it will show the V4 instead of V6 address.
> I have to find a way to force tcp_outgoing_address to really go out just via V6 in a way that V4 cannot be seen.
That website is IPv4-only. It cannot be connected to over IPv6.
The default for Squid is to prefer and use IPv6 whenever that protocol
is possible. IPv4 is only used when it is required to be used - such as
to contact IPv4-only services or dual-stack servers whose IPv6
connectivity has failed.