On Sun, 2 Jul 2017 12:14:14 +0100 Simon Hobson <li...@thehobsons.co.uk> wrote:
> Tuomo Soini <t...@foobar.fi> wrote: > > > Reason for the issue is browser creates tcp connection with proxy, > > not with remote site so browser doesn't know tcp connection failed > > with destination site - so ipv6 to ipv4 fallback can't work. > > I'm not sure that's still the case - Happy Eyeballs has been updated > a bit over the years. AIUI, it doesn't attempt a connection and then > fall back if it fails - it makes two connections (via 4 & 6) and > waits to see which one gives an answer first. Exactly. That's why it is so bad idea to do transparent proxy. Both get connect, ipv6 answers page not reachable and ipv4 gives real page - and of course page not reachable from squid is faster response.... -- Tuomo Soini <t...@foobar.fi> Foobar Linux services +358 40 5240030 Foobar Oy <http://foobar.fi/> ------------------------------------------------------------------------------ Check out the vibrant tech community on one of the world's most engaging tech sites, Slashdot.org! http://sdm.link/slashdot _______________________________________________ Shorewall-users mailing list Shorewall-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/shorewall-users