Howdy, Stranger!

It looks like you're new here. If you want to get involved, click one of these buttons!


How to use ipv6 only in squid proxy?
New on LowEndTalk? Please Register and read our Community Rules.

All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.

How to use ipv6 only in squid proxy?

How do I make squid proxy to use ipv6 only when visiting any site and make ipv4 invisible/hidden? I have squid proxy installed on ubuntu 20.04

Comments

  • yoursunnyyoursunny Member, IPv6 Advocate

    Do you want to use IPv6 only on downstream side (between browser and proxy) or upstream side (between proxy and origin server)?

  • @yoursunny said:
    Do you want to use IPv6 only on downstream side (between browser and proxy) or upstream side (between proxy and origin server)?

    only downstream

  • You need to tell the packets to only move on the green light. Har har

  • FrankZFrankZ Veteran
    edited December 2021

    In squid.conf add:

    tcp_outgoing_address YourServerIPv6Address
    udp_outgoing_address YourServerIPv6Address
    

    You can also add for dns:

    dns_nameservers IPv6OfRecursiveNameserver

    EDIT: Sorry this ^^ was for upstream.
    For downstream:

    http_port YourServerIPv6Addess:ListeningPort

  • RurikoRuriko Member
    edited December 2021

    I added those to my conf but whatismyipaddress.com can still detect ipv4. Here's my conf

    forwarded_for off
    via off
    follow_x_forwarded_for deny all
    request_header_access X-Forwarded-For deny all
    request_header_access From deny all
    request_header_access Referer deny all
    request_header_access User-Agent deny all
    request_header_access Authorization allow all
    request_header_access Proxy-Authorization allow all
    request_header_access Cache-Control allow all
    request_header_access Content-Length allow all
    request_header_access Content-Type allow all
    request_header_access Date allow all
    request_header_access Host allow all
    request_header_access If-Modified-Since allow all
    request_header_access Pragma allow all
    request_header_access Accept allow all
    request_header_access Accept-Charset allow all
    request_header_access Accept-Encoding allow all
    request_header_access Accept-Language allow all
    request_header_access Connection allow all
    request_header_access All deny all
    
    acl localnet src 60.xxx.xxx.xxx
    acl localnet src xxxx:xxxx:xxxx:xxxx:b8d5:a300:3057:e2d5
    
    acl ipv4_from src ipv4
    acl ipv4_to dst ipv4
    
    http_port [xxxx:cb42:0:1029:607a:0000:0000:0001]:24001
    http_port [xxxx:cb42:0:1029:607a:0000:0000:0002]:24002
    
    # For each port, create an acl with the localport type
    acl portA localport 24001
    acl portB localport 24002
    
    # Map ports and IP addresses
    tcp_outgoing_address xxxx:cb42:0:1029:607a:0000:0000:0001 portA
    tcp_outgoing_address xxxx:cb42:0:1029:607a:0000:0000:0002 portB
    
    http_access allow localnet
    http_access allow localhost
    http_access deny all
    http_access deny ipv4_from
    http_access deny ipv4_to
    
    acl SSL_ports port 443
    acl Safe_ports port 80      # http
    acl Safe_ports port 21      # ftp
    acl Safe_ports port 443     # https
    acl Safe_ports port 70      # gopher
    acl Safe_ports port 210     # wais
    acl Safe_ports port 1025-65535  # unregistered ports
    acl Safe_ports port 280     # http-mgmt
    acl Safe_ports port 488     # gss-http
    acl Safe_ports port 591     # filemaker
    acl Safe_ports port 777     # multiling http
    acl CONNECT method CONNECT
    
  • yoursunnyyoursunny Member, IPv6 Advocate

    @Ruriko said:

    @yoursunny said:
    Do you want to use IPv6 only on downstream side (between browser and proxy) or upstream side (between proxy and origin server)?

    only downstream

    If you want to use IPv6 on downstream side (between browser and proxy) only, you should configure your browsers with the IPv6 address of the proxy server.
    You don't need to change anything on the proxy server.

  • @yoursunny but sites like whatismyipaddress.com can still see your ipv4 but I want it hidden

  • yoursunnyyoursunny Member, IPv6 Advocate

    @Ruriko said:
    @yoursunny but sites like whatismyipaddress.com can still see your ipv4 but I want it hidden

    You asked for limiting to IPv6 on downstream only.
    This means, the proxy can only see the browser's IPv6 address.

    Origin server would see the proxy's IP address, which can be either IPv4 or IPv6.

  • @yoursunny ok then how would I do it both down/up stream that will hide ipv4?

  • yoursunnyyoursunny Member, IPv6 Advocate

    @Ruriko said:
    @yoursunny ok then how would I do it both down/up stream that will hide ipv4?

    The simplest is deleting the IPv4 address on the network interface used by the proxy altogether.
    This can be achieved by running the proxy program in a container, and assigning IPv6 only to the container's network interface.

  • @yoursunny said:

    @Ruriko said:
    @yoursunny ok then how would I do it both down/up stream that will hide ipv4?

    The simplest is deleting the IPv4 address on the network interface used by the proxy altogether.
    This can be achieved by running the proxy program in a container, and assigning IPv6 only to the container's network interface.

    I can't do that vps only has 256ram so I can't use containers

  • yoursunnyyoursunny Member, IPv6 Advocate

    @Ruriko said:

    @yoursunny said:

    @Ruriko said:
    @yoursunny ok then how would I do it both down/up stream that will hide ipv4?

    The simplest is deleting the IPv4 address on the network interface used by the proxy altogether.
    This can be achieved by running the proxy program in a container, and assigning IPv6 only to the container's network interface.

    I can't do that vps only has 256ram so I can't use containers

    Delete the IPv4 on the VPS.

    Also, Docker totally works in 256MB RAM.

Sign In or Register to comment.