Netgate SG-1000 microFirewall

Author Topic: squid + ipv6 does not work as it should  (Read 190 times)

0 Members and 1 Guest are viewing this topic.

Offline gondim

  • Newbie
  • *
  • Posts: 10
  • Karma: +0/-0
    • View Profile
squid + ipv6 does not work as it should
« on: November 02, 2017, 09:19:58 am »
Good afternoon guys,

I have been using FreeBSD and Linux for a few years now and I have decided to use pfsense as a tool for my clients, for their robustness and stability. Not to mention the ease and practicality of management. :)
We currently live in a scenario where we need to adopt IPv6 and our provider here in the region delivers IPv4 and IPv6 dual stack in PPPoE.
I made a lab with pfsense 2.4.1 and I liked it enough, I was able to receive IPv4 and IPv6 both for the wan and for the machines on the lan. I made access to IPv6 and IPv4 sites normally.
The problem started when I went to use Squid. I noticed that Squid is not doing external queries on IPv6 and that also when setting transparent mode, pfsense does not seem to capture http and https IPv6 packets. The result is that I had to make http and https blocking rules in IPv6 and queries to sites only come out of Squid in IPv4.

Is there any solution to this problem I encountered using squid with IPv6?

Thanks in advance for any help.

Offline Grimson

  • Full Member
  • ***
  • Posts: 192
  • Karma: +28/-2
    • View Profile
Re: squid + ipv6 does not work as it should
« Reply #1 on: November 02, 2017, 05:09:01 pm »

Offline gondim

  • Newbie
  • *
  • Posts: 10
  • Karma: +0/-0
    • View Profile
Re: squid + ipv6 does not work as it should
« Reply #2 on: November 02, 2017, 06:24:31 pm »
Hi,

Yes, I did. It was even the one that made me access via ssh in pfsense and look at the squid conf and process.
From what I saw in sockstat -6l squid is not even listening on ipv6. Maybe it has not even been compiled for IPv6 support. In the squid conf the listen is also only in IPv4.

The squid in transparent mode is not redirecting the IPv6 traffic to it. From what I realized only IPv4 traffic is working.
« Last Edit: November 02, 2017, 06:27:46 pm by gondim »