I tested dual stack configuration (ipv4 and ipv6) with transparent proxy some years ago and ended up decision:
Time of transparent proxy is long gone. Especially with dual stack transparent proxy makes things a lot worse. There are quite a few sites with ipv6 address so that web site doesn't actually work at all with ipv6. With transparent proxy in place browsers can't fail back to to ipv4 rendering all these sites unavailable. Tom: I think this should be noted on documentation too. Reason for the issue is browser creates tcp connection with proxy, not with remote site so browser doesn't know tcp connection failed with destination site - so ipv6 to ipv4 fallback can't work. -- Tuomo Soini <t...@foobar.fi> Foobar Linux services +358 40 5240030 Foobar Oy <http://foobar.fi/>
pgpG921nt5GOW.pgp
Description: OpenPGP digital signature
------------------------------------------------------------------------------ Check out the vibrant tech community on one of the world's most engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________ Shorewall-users mailing list Shorewall-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/shorewall-users
