
Indeed. I'd expect that anyone that dual-stacks their proxy on the client side *and* configures it to transparently intercept IPv6 would be able to figure out dual-stacking the network side (or notice quickly when it doesn't work). Otherwise I'd expect that nobody is intercepting IPv6 tcp/80 right now. I'd be interested in hearing whether this is an actual observed problem. aj -----Original Message----- From: Philip D'Ath <pid(a)ifm.net.nz> Sender: nznog-bounces(a)list.waikato.ac.nzDate: Sat, 8 Oct 2011 19:35:05 To: Steve Holdoway<steve(a)greengecko.co.nz>; Brian E Carpenter<brian.e.carpenter(a)gmail.com> Cc: nznog(a)list.waikato.ac.nz<nznog(a)list.waikato.ac.nz> Subject: Re: [nznog] Proxy Servers... If the transparent cache isn't IPv6 capabale then it isn't likely to intercept the original IPv6 request to be able to break it ... -----Original message----- From: Brian E Carpenter Sent: 09-10-2011, 08:14 To: Steve Holdoway Cc: nznog(a)list.waikato.ac.nz Subject: Re: [nznog] Proxy Servers... Another similar catch with "transparent" proxies is that they can end up being half-dual-stacked, with unfortunate consequences. Scenario: client side of the proxy is dual-stacked and the proxy code is IPv4-only. Client tries to reach ipv6.google.com, which is of course v6-only. IPv4 side of proxy barfs. Regards Brian Carpenter On 2011-10-08 13:00, Steve Holdoway wrote:
Sorry if this is OT but my thinking is that if you don't know, then it's going to be a hard job finding one that does.
For my broadband I have a boring old iHug - now Voda - ADSL connection. A lot of my work involves monitoring and managing remote websites. (Probably) since the new government legislation came into effect, my guess is that I am now behind a transparent proxy for web traffic.
Now, I'm not *too* bothered by that ( well, except when it falls to pieces like one evening last week! ), but in final testing I often override DNS with a local host entry. This no longer works, and my SP sends me to the production one every time. This is a major problem.
Does anyone know...
a) whether this can be disabled? b) whether there is another provider out there who doesn't do this?
I've got plenty of servers worldwide that I can route all my traffic through in an encrypted manner which would almost certainly circumvent this, but I shudder to think what can of worms that would open!
Any suggestions??
Cheers,
Steve
------------------------------------------------------------------------
_______________________________________________ NZNOG mailing list NZNOG(a)list.waikato.ac.nz http://list.waikato.ac.nz/mailman/listinfo/nznog
NZNOG mailing list NZNOG(a)list.waikato.ac.nz http://list.waikato.ac.nz/mailman/listinfo/nznog _______________________________________________ NZNOG mailing list NZNOG(a)list.waikato.ac.nz http://list.waikato.ac.nz/mailman/listinfo/nznog