[squid-users] squid disable ipv6 outbound traffic

Amos Jeffries

2018-12-02 09:42:25 UTC

Post by Dmitri Seletski
Hello Dear Squidies,
I have,
IPv4 only tunnel for security.
IPv6 enabled ISP.
VM with Squid in it, that works over bridge.(so it has both NAT IPv4 IP
an IPv6 IP)

FYI: Modern Internet connected software is required to prefer IPv6 over
the outdated and deprecated IPv4. Squid will not be the only software
with this behaviour so you need to do this properly (see below) not just
for Squid.

Post by Dmitri Seletski
When i go to some sites, Squid instead of pulling traffic over tunnel
provider, does it over IPv6 enabled ISP of mine, which defeats purpose
of VPN provider.

Is that VPN provider running your traffic through some specialized
security checking software?

If not then Squid is providing *better* security just by existing in the
traffic path. Even for that IPv6 traffic.

Post by Dmitri Seletski
So i need to know how to kill IPv4, at least outbound traffic from Squid
to rest of Internetz pages. (and no, preference to IPv4 DNS is not an
option, as some pages are not available in IPv4, so i'd rather not see
them at all)

It is your OS which decides whether or not the VPN or the IPv6 is used
for any given connection.

So the proper way to do what you are asking is to set your VM's firewall
to only allow access through the VPN for connections made by Squid.
Connections to the IPv6 network should be rejected with an ICMPv6
"Network Unavailable" packet which makes Squid move on to the IPv4 attempts.

Amos