mirror of
https://gitlab.com/shorewall/code.git
synced 2024-12-22 06:10:42 +01:00
Document TPROXY IPv6 gotcha.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
This commit is contained in:
parent
b1ffcd8628
commit
a484cb848f
@ -373,5 +373,13 @@ ACCEPT $FW net tcp 80</programlisting>
|
|||||||
<programlisting>...
|
<programlisting>...
|
||||||
http_port 3129 tproxy
|
http_port 3129 tproxy
|
||||||
...</programlisting>
|
...</programlisting>
|
||||||
|
|
||||||
|
<important>
|
||||||
|
<para>If you use TPROXY with both IPv4 and IPv6, then both your local
|
||||||
|
hosts and the gateway must have the same DNS view. If a client resolves
|
||||||
|
a website URL to an IPv6 address and the server can only resolve to an
|
||||||
|
IPv4 address, then Squid will attempt to connect to the IPv4 address
|
||||||
|
using the local client's IPv6 address. That clearly doesn't work.</para>
|
||||||
|
</important>
|
||||||
</section>
|
</section>
|
||||||
</article>
|
</article>
|
||||||
|
Loading…
Reference in New Issue
Block a user