Re: [nznog] Proxy Servers...

8 Oct 2011

      It was observed, a year or two ago, on the UoA campus, for clients in an
IPv6-enabled student lab. It was an issue with an oldish version of Squid,
and it actually broke a student assignment that I'd tested from a client
that didn't happen to go through the proxy.

Just a point to watch when deploying a proxy on a dual stack network.

Regards
   Brian Carpenter

On 2011-10-09 08:42, Alastair Johnson wrote:
...
Indeed.
I'd expect that anyone that dual-stacks their proxy on the client side *and* configures it to transparently intercept IPv6 would be able to figure out dual-stacking the network side (or notice quickly when it doesn't work).
Otherwise I'd expect that nobody is intercepting IPv6 tcp/80 right now.
I'd be interested in hearing whether this is an actual observed problem.
aj
-----Original Message-----
From: Philip D'Ath 
Sender: nznog-bounces(a)list.waikato.ac.nzDate: Sat, 8 Oct 2011 19:35:05 
To: Steve Holdoway; Brian E Carpenter
Cc: nznog(a)list.waikato.ac.nz
Subject: Re: [nznog] Proxy Servers...
If the transparent cache isn't IPv6 capabale then it isn't likely to intercept the original IPv6 request to be able to break it ...
-----Original message-----
From: Brian E Carpenter
Sent:  09-10-2011, 08:14
To: Steve Holdoway
Cc: nznog(a)list.waikato.ac.nz
Subject: Re: [nznog] Proxy Servers...
Another similar catch with "transparent" proxies is that they
can end up being half-dual-stacked, with unfortunate consequences.
Scenario: client side of the proxy is dual-stacked and the proxy
code is IPv4-only. Client tries to reach ipv6.google.com, which
is of course v6-only. IPv4 side of proxy barfs.
Regards
   Brian Carpenter
On 2011-10-08 13:00, Steve Holdoway wrote:
...
Sorry if this is OT but my thinking is that if you don't know, then it's
going to be a hard job finding one that does.
For my broadband I have a boring old iHug - now Voda - ADSL connection.
A lot of my work involves monitoring and managing remote websites.
(Probably) since the new government legislation came into effect, my
guess is that I am now behind a transparent proxy for web traffic.
Now, I'm not *too* bothered by that ( well, except when it falls to
pieces like one evening last week! ), but in final testing I often
override DNS with a local host entry. This no longer works, and my SP
sends me to the production one every time. This is a major problem.
Does anyone know...
a) whether this can be disabled?
b) whether there is another provider out there who doesn't do this?
I've got plenty of servers worldwide that I can route all my traffic
through in an encrypted manner which would almost certainly circumvent
this, but I shudder to think what can of worms that would open!
Any suggestions??
Cheers,
Steve
------------------------------------------------------------------------
_______________________________________________
NZNOG mailing list
NZNOG(a)list.waikato.ac.nz
http://list.waikato.ac.nz/mailman/listinfo/nznog

NZNOG mailing list
NZNOG(a)list.waikato.ac.nz
http://list.waikato.ac.nz/mailman/listinfo/nznog
_______________________________________________
NZNOG mailing list
NZNOG(a)list.waikato.ac.nz
http://list.waikato.ac.nz/mailman/listinfo/nznog