[squid-users] Re: Re: prefer ipv4 addresses

From: Brian J. Murrell <brian_at_interlinx.bc.ca>
Date: Sun, 01 Nov 2009 23:22:11 -0500

On Sun, 2009-11-01 at 21:52 +0100, Henrik Nordstrom wrote:
>
> A temporary workaround if the automatic failover doesn't work

I was able to get the failover to work by installing an ip6tables rule
on the squid box:

Chain OUTPUT (policy ACCEPT 29M packets, 24G bytes)
 pkts bytes target prot opt in out source destination
  101 8080 REJECT all * * ::/0 !2001:xxxx:xxxx::/64 OWNER UID match 13 reject-with icmp6-no-route

which basically just says that all packets leaving the squid server,
sent from a process with a uid of 13 (my squid user) and not going to
the local network get and ICMP no-route error, which makes squid do the
failover.

Excepting the local network is important so that responses to client
requests don't get met with the ICMP fate too.

> is to run
> two squids, one ipv6+4, and one ipv4-only. Configure the ipv4-only Squid
> as a parent to the other. This gives you a clean ipv6->ipv4 HTTP
> gateway.

Thanx for the suggestion.

b.

Received on Mon Nov 02 2009 - 04:22:42 MST

This archive was generated by hypermail 2.2.0 : Mon Nov 02 2009 - 12:00:02 MST