[lug] Squid question, IPv6 followup

Bear Giles bgiles at coyotesong.com
Thu Nov 29 13:28:44 MST 2018 

Two questions/updates.

SQUID

I've set up squid, set up the proxy in chrome(ium), and when I check the
squid logs I see plenty of connections. However the browser is timing out.

The squid.conf file has

acl localnet src 192.168.1.0/24
acl localnet src fc00::/7
acl localnet src fe80::/8

http_access allow localnet

The logs have

1543522496.906  60191 192.168.1.3 TCP_TUNNEL/200 39 CONNECT
accounts.google.com:443 - HIER_DIRECT/172.217.10.109 -
1543522496.906  60474 192.168.1.3 TCP_TUNNEL/200 39 CONNECT
www.gstatic.com:443 - HIER_DIRECT/172.217.10.99 -
1543522499.907  60925 192.168.1.3 TCP_TUNNEL/200 39 CONNECT
mail.google.com:443 - HIER_DIRECT/172.217.10.101 -
1543522502.531  59850 192.168.1.3 TCP_TUNNEL/200 39 CONNECT
mail.google.com:443 - HIER_DIRECT/172.217.10.101 *-*

so I'm definitely specifying the correct src ipaddr. It's using CONNECT for
the https addresses, and the response code is 200. I don't understand why
the browser isn't picking it up.

One odd thing is that I'm still seeing hits on the access log even though
I've turned off the proxy.

Ideas?

COMCAST + IPv6

I turned on IPv6 on my router and started seeing IPv6 addresses in ipconfig
but I'm not sure I'm seeing global IPv6 addresses. It may be hit-and-miss,
e.g., at the moment I think I have a 6-to-4 address (2002::) but at other
times I've only seen FD00:: and FE80::.

2: enp0s31f6: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel
state UP group default qlen 1000
    link/ether 48:4d:7e:f4:59:39 brd ff:ff:ff:ff:ff:ff
    inet 192.168.1.3/24 brd 192.168.1.255 scope global enp0s31f6
       valid_lft forever preferred_lft forever
    inet 10.0.0.3/24 brd 10.0.0.255 scope global enp0s31f6:0
       valid_lft forever preferred_lft forever
    inet6 2002:49e5:a81d:e472:4a4d:7eff:fef4:5939/64 scope global dynamic
mngtmpaddr
       valid_lft 1914sec preferred_lft 1314sec
    inet6 fe80::4a4d:7eff:fef4:5939/64 scope link
       valid_lft forever preferred_lft forever

My router lets me specify IPv4 DNS servers but not IPv6 servers so I'll be
switching to a DHCP server on one of my NUCs (or even one of the RPi).
Maybe I'll get a different result with it. I can get the upstream DHCP
server (Comcast) from my router... I can't think of any reason why a DHCP
server sitting on an IPv4 address couldn't provide IPv6 info.... and can
definitely imagine a huge headache if I called Comcast support and asked
for the IPv6 address of the appropriate DHCP server.

Bear
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.lug.boulder.co.us/pipermail/lug/attachments/20181129/f678a332/attachment.html>

More information about the LUG mailing list