[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Sks-devel] sks recon: IP-address
From: |
Olaf Gellert |
Subject: |
[Sks-devel] sks recon: IP-address |
Date: |
Thu, 19 Feb 2004 18:08:30 +0100 |
User-agent: |
Mutt/1.4.2.1i |
Hi all,
hopefully the last question before I put our SKS
into production: My recon server seems to use the
second IP address of the system for gossiping
with the other servers. It is configured like this:
# set the hostname of your server
hostname: pgpkeys.pca.dfn.de
# set the ip address for the server
hkp_address: 193.174.13.74
# port for synchronising with other SKS via gossip protocol
recon_port: 11370
# ip-address for the synchronisation via gossip
recon_address: 193.174.13.74
So it should use 193.174.13.74 for gossip. But I
see this in our firewall logs:
Feb 19 17:59:24 magic kernel: iptables:OUTchainIN= OUT=eth0 SRC=193.174.13.73
DST=129.24.244.40 LEN=60 TOS=0x00 PREC=0x00 TTL=64 ID=29885 DF PROTO=TCP
SPT=32913 DPT=11370 WINDOW=5840 RES=0x00 SYN URGP=0 OPT
(020405B40402080AE41EF3F80000000001030300)
So it really tries the wrong address. This is, what log.recon
says:
2004-02-19 17:47:58 Starting event loop
2004-02-19 17:50:42 Added 1 hash-updates. Caught up to 1077209438.192824
2004-02-19 17:52:30 Added 1 hash-updates. Caught up to 1077209545.206984
2004-02-19 17:53:06 Recon partner: <ADDR_INET 212.242.169.198:11370>
2004-02-19 17:53:51 <recon as client> callback timed out.
2004-02-19 17:53:59 Added 2 hash-updates. Caught up to 1077209637.388646
2004-02-19 17:55:49 Added 2 hash-updates. Caught up to 1077209744.027596
2004-02-19 17:58:39 Recon partner: <ADDR_INET 129.24.244.40:11370>
2004-02-19 17:59:24 <recon as client> callback timed out.
2004-02-19 17:59:48 Added 2 hash-updates. Caught up to 1077209979.838450
2004-02-19 18:04:34 Recon partner: <ADDR_INET 129.24.244.40:11370>
2004-02-19 18:05:19 <recon as client> callback timed out.
2004-02-19 18:06:11 Added 1 hash-updates. Caught up to 1077210353.187839
2004-02-19 18:07:05 Beginning recon as server, client: <ADDR_INET 62.116.124.106
:47557>
2004-02-19 18:07:05 Joining reconciliation
So "recon as server" seems to work, "recon as client" seems
to use the wrong IP address.
Cheers,
Olaf
--
Dipl. Inform. Olaf Gellert (PKI Team), DFN-CERT Services GmbH
https://www.dfn-cert.de, +49 40 808077-615 / +49 40 808077-555 (Hotline)
PGP RSA/2048, 4403EB31, 47 09 F3 36 7E 9E 3B CE 6A 6B 12 AB F0 D4 B8 CF
CeBIT 18.-24.03.2004: DFN-PCA meets c't Krypto-Kampagne, Halle 5, Stand E38
- [Sks-devel] sks recon: IP-address,
Olaf Gellert <=