Introduction of IPV6 and Configuration with SQUID

Introduction : Internet Protocol Version 6 (IPv6) is the new vesion of the internet Protocol (IP), which is the communications protocol that routes traffic across the Internet.IPv6 addresses have eight groups of four hexadecimal digits which are separated by colons as seen below…

For example : fd01:ea:b35:1:1:1:1:100

The IPV6 is identified by their high order bits. The basic types of IP version 6 are as follows :

Type of IPV6 Addresses

Type Binary prefix Notation
Unspecified 000…0 (128 Bits) ::/128
Loopback 000…0 (128 Bits) ::1/128
Multicast  11111111 FF00::/8
Link-local unicast 1111111010 FE80::/10
Site-Local Unicast 1111111011 FEC0::/10
Global Unicast (everything else)

 

Every interface has a link-local IPV6 address and optionally one or more public or site-local addresses. This looks like as :

eth0    inet6 fd01:ea:b35:1:1:1:1:100/48 scope global (..)
eth0    inet6 fe80::1234:5678:2/64 scope link (...)

When traffic are to be sent in local network , the link local address is used for the same , but for other traffic global one is used.

SETUP DIAGRAM

Setup

REQUIREMENT :

  1. Squid version greater than 3.1
  2. RHEL (any version) in this case RHEL 4 32bit
  3. IP6tables

INSTALLATION OF SQUID :

  1. Download squid .gz format from this site http://www.squid-cache.org/Versions/
  2.    
            #  tar -zvxf squid3.1.gz
    	#  cd squid3.1
    	#   ./configure –prefix=/usr/local/squid
    	#  make 
    	#  make install
    	#  cd /usr/local/squid/sbin 
    	#  squid -z
    	#  cd /usr/local/squid/sbin 
    	#  squid -D or ./squid
  3. Configure IPV6 in network file. Append the following lines in
  4.         etc/sysconfig/network-scripts/ifcfg-eth0 :
     
              IPV6ADDR=fd01:ea:b35:1:1:1:1:100/48
              IPV6INIT=yes
              IPV6AUTOCONF=no
  5. To enable IPV6 networking, Append the following line in /etc/sysconfig/network:
  6.  
              NETWORKING_IPV6=yes

    Now restart the network service:

             #/etc/init.d/network restart

    …and check by ifconfig command whether the IPV6 address is there.You should see something like this as part of your output

           inet6 addr: fd01:ea:b35:1:1:1:1:100/48 Scope:Global
  7. We require IP6tables to accept traffic on 3128 which is not by default but only on squid system not on others
  8. Let’s create a chain for incoming tcp traffic:

             #  ip6tables -N tcpIn

    Also a chain for outgoing tcp traffic:

     
             #  ip6tables -N tcpOut

    Accept the incoming IPV6 traffic on the squid by default port:

             #  ip6tables -A tcpIn -p tcp -m tcp --source fd01:ea:b35::/48 
                --dport 3128 -m 
    state--state NEW -jACCEPT

    Accept traffic for the owner squid on the squid port:

             #  ip6tables -A tcpOut -m owner --uid-owner squid -m state 
                --state NEW -j ACCEPT

    Accept the outgoing IPV6 traffic on squid port:

             #  ip6tables -A tcpOut -p tcp -m tcp --dport 3128 -m state 
                --state NEW -j ACCEPT

    After this save the rules:

             #  /ip6tables-save 

    Restart the squid service:

     
             #  /etc/init.d/squid restart 
  9. Do the same to give IPV6 on rest of system. if you do not have DNS in your network ,then make sure /etc/hosts file in each system have entry of IPV6 of all the systems.
  10. Now in browser entry [fd01:ea:b35:1:1:1:1:300]
  • Output will be test page of apache

OTHER USEFUL COMMANDS

  • ping6
    IPv6 ping command
  • route -6
    show IPv6 routes
  • ip -6 neigh show
    show all IPv6 neighbors on the local LAN
  • netstat -r -6
    displays the routing table in your computer
  • netstat -ps -6
    any general IPv6 traffic on the interfaces.
  • tracert6 ::1
    trace the path
  • ssh username@[ipv6address]
    ssh from your system to ipv6 system
  • scp -6 username@\[IPV6address]:/source_dir destination_dir
    copy files from source dir to destination directory
  • rsync -6 username@\[IPV6address]:/source_dir destination_dir
    rsync the file from source directory to destination directory


ERRORS

  1. On RHEL 4 , the dependency of squid to be complied requires these package
    • gcc-3.4.6-3.1.i386.rpm
    • glibc-devel-2.3.4-2.25.i386.rpm
    • glibc-headers-2.3.4-2.25.i386.rpm
    • glibc-kernheaders-2.4-9.1.98.EL.i386.rpm
    • cpp-3.4.6-3.1.i386.rpm
  2. if gcc++ is not there in your system then comilation error of lib will occur.
  3. Install this package

    • gcc-c++-3.4.6-3.1.i386.rpm
  4. ip6table is also required so install iptables-ipv6-1.2.11-3.1.10.0asp.i386.rpm

Leave a Reply

Your email address will not be published. Required fields are marked *