Re: squid-users Digest, Vol 44, Issue 8

classic Classic list List threaded Threaded
2 messages Options
Reply | Threaded
Open this post in threaded view
|

Re: squid-users Digest, Vol 44, Issue 8

kalice caprice
> 1) It is only possible to set an IPv6 outgoing when the server being
> connected to is an IPv6 server address.

It doesn't matter for me, It is just a way to get a different outbound IPv6 address depending on which port the connection is made to, and both clients and servers has IPv6.
I saw a few threads here asking for more or less the same thing except that I'm specifying the full address instead of implicit addressing to the outbound, this is where I'm stuck.

> 2) It is only possible for Squid to use an IP address which has been
> allocated/assigned to the NIC.

The NIC is a network card if I understood it right. The IPv6 /64 subnet is added to the main interface and the gateway is aswell, IPv6 is fully working on the server.

> FYI: the lo device is hardware restricted to one machine. It is not
> globally routable.  

I really don't know what I should do then... My network knowledges is somewhat limited as you may have seen. I'd appreciate any help.

2018-04-08 14:00 GMT+02:00 <[hidden email]>:
Send squid-users mailing list submissions to
        [hidden email]

To subscribe or unsubscribe via the World Wide Web, visit
        http://lists.squid-cache.org/listinfo/squid-users
or, via email, send a message with subject or body 'help' to
        [hidden email]

You can reach the person managing the list at
        [hidden email]

When replying, please edit your Subject line so it is more specific
than "Re: Contents of squid-users digest..."


Today's Topics:

   1. Fwd: Outbound IPv6/128 - Possible ? (kalice caprice)
   2. Re: Fwd: Outbound IPv6/128 - Possible ? (Amos Jeffries)


----------------------------------------------------------------------

Message: 1
Date: Sun, 8 Apr 2018 11:04:33 +0200
From: kalice caprice <[hidden email]>
To: [hidden email]
Subject: [squid-users] Fwd: Outbound IPv6/128 - Possible ?
Message-ID:
        <[hidden email]>
Content-Type: text/plain; charset="utf-8"

Hello,

I'm trying to bound mutiples IPv4:Port entry to a different outbound IPv6
this way:

http_port 94.xxx.xxx.204:10001 name=1
acl ip1 myportname 1
tcp_outgoing_address 2a01:xxxx:xxxx:xxxx:xxxx:xxxx:eb7c:8336 ip1

http_port 94.xxx.xxx.204:10002 name=2
acl ip2 myportname 2
tcp_outgoing_address 2a01:xxxx:xxxx:xxxx:xxxx:xxxx:096f:b369 ip2

http_port 94.xxx.xxx.204:10003 name=3
acl ip3 myportname 3
tcp_outgoing_address 2a01:xxxx:xxxx:xxxx:xxxx:xxxx:5fe0:eba8 ip3

etc.

I was not able to get it working, the cache.log is giving me (99) cannot
assign requested address and fallback to the IPv4 address as an outbound
address.

I added the full IPv6 block inside the route -6 just in case, like this:
ip -6 route add to local 2a01:xxxx:xxxx:xxxx::/64 dev lo

Squid Cache: Version 3.5.23

I coudn't find anyone having the same problem while searching around so I'm
stuck and looking to know if it's possible or not to do it this way, if yes
what am I missing ? And if not, is there a way to randomize the end part of
the last 3 blocks of a /64 and if yes how ?

Thanks!
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.squid-cache.org/pipermail/squid-users/attachments/20180408/3ea91246/attachment-0001.html>

------------------------------

Message: 2
Date: Sun, 8 Apr 2018 22:14:21 +1200
From: Amos Jeffries <[hidden email]>
To: [hidden email]
Subject: Re: [squid-users] Fwd: Outbound IPv6/128 - Possible ?
Message-ID: <[hidden email]>
Content-Type: text/plain; charset=utf-8

On 08/04/18 21:04, kalice caprice wrote:
> Hello,
>
> I'm trying to bound mutiples IPv4:Port entry to a different outbound
> IPv6 this way:

HTTP does not work that way. It is a stateless and multiplexing
protocol. Inbound and outbound connections are independent of each other.

>
> http_port 94.xxx.xxx.204:10001 name=1
> acl ip1 myportname 1
> tcp_outgoing_address 2a01:xxxx:xxxx:xxxx:xxxx:xxxx:eb7c:8336 ip1
>
> http_port 94.xxx.xxx.204:10002 name=2
> acl ip2 myportname 2
> tcp_outgoing_address 2a01:xxxx:xxxx:xxxx:xxxx:xxxx:096f:b369 ip2
>
> http_port 94.xxx.xxx.204:10003 name=3
> acl ip3 myportname 3
> tcp_outgoing_address 2a01:xxxx:xxxx:xxxx:xxxx:xxxx:5fe0:eba8 ip3
>
> etc.
>
> I was not able to get it working, the cache.log is giving me (99) cannot
> assign requested address and fallback to the IPv4 address as an outbound
> address.

1) It is only possible to set an IPv6 outgoing when the server being
connected to is an IPv6 server address.

2) It is only possible for Squid to use an IP address which has been
allocated/assigned to the NIC.


>
> I added the full IPv6 block inside the route -6 just in case, like this:
> ip -6 route add to local 2a01:xxxx:xxxx:xxxx::/64 dev lo

FYI: the lo device is hardware restricted to one machine. It is not
globally routable.


>
> Squid Cache: Version 3.5.23
>
> I coudn't find anyone having the same problem while searching around so
> I'm stuck and looking to know if it's possible or not to do it this way,
> if yes what am I missing ? And if not, is there a way to randomize the
> end part of the last 3 blocks of a /64 and if yes how ?

That is a feature of your system networking stack. Has nothing to do
with Squid. Lookup "Privacy Addressing" in IPv6.

Amos


------------------------------

Subject: Digest Footer

_______________________________________________
squid-users mailing list
[hidden email]
http://lists.squid-cache.org/listinfo/squid-users


------------------------------

End of squid-users Digest, Vol 44, Issue 8
******************************************


_______________________________________________
squid-users mailing list
[hidden email]
http://lists.squid-cache.org/listinfo/squid-users
Reply | Threaded
Open this post in threaded view
|

Re: squid-users Digest, Vol 44, Issue 8

Amos Jeffries
Administrator
On 09/04/18 00:48, kalice caprice wrote:

>> 1) It is only possible to set an IPv6 outgoing when the server being
>> connected to is an IPv6 server address.
>
> It doesn't matter for me, It is just a way to get a different outbound
> IPv6 address depending on which port the connection is made to, and both
> clients and servers has IPv6.
> I saw a few threads here asking for more or less the same thing except
> that I'm specifying the full address instead of implicit addressing to
> the outbound, this is where I'm stuck.
> >> 2) It is only possible for Squid to use an IP address which has been
>> allocated/assigned to the NIC.
>
> The NIC is a network card if I understood it right.

Yes.

> The IPv6 /64 subnet
> is added to the main interface and the gateway is aswell, IPv6 is fully
> working on the server.

The individual IP address being used in tcp_outgoing_address by Squid
has to be assigned to the machine before it can generate any packets
from it. That goes for both IPv4 and IPv6.

If it is unassigned or assigned by another machine you get major
problems with packet delivery.

The config you had initially should work okay for IPv6 provided the
Squid machine has been assigned those *:8336, *:b369, and *:5fe0:eba8
addresses.


Amos
_______________________________________________
squid-users mailing list
[hidden email]
http://lists.squid-cache.org/listinfo/squid-users