Friday, August 29, 2014

iptables - Linux IPv6 Transparent Proxy (but Linux doesn't support NAT on IPv6!?)



On Linux I can make a transparent proxy simply by adding a iptables -j REDIRECT command.



To my surprise, I am needing to support IPv6. Simple enough right? iptables6 -j REDIRECT command not supported!?



Apparently, Linux threw out NAT (and transparent proxy support with it) on IPv6. I don't care much about NAT on IPv6. So how do people get a squid transparent proxy working on IPv6? With Linux as the host.


Answer



First give it a read on this answer here. You will have to configure your firewall and use other means to provide proxying like automatic configuration. IPV6 doesn't provide any NAT so there's no interception of traffic, ergo no transparent proxying.




Squid wiki has a Tproxy patch but seems like a hack to me, you can try but I never tested.



Other solutions likes WCCP from CISCO were also very connected to ipv4 and will not work on ipv6, but probably will be updated (or something will show up to replace).


-

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)

linux - How to SSH to ec2 instance in VPC private subnet via NAT server

I have created a VPC in aws with a public subnet and a private subnet. The private subnet does not have direct access to external network. S...