Re: [Sks-devel] pool.sks-keyservers.net in seahorse

[John Marshall]

On Tue, 05 Apr 2011, 10:01 +0000, Kim Minh Kaplan wrote:
> Jonathon Weiss writes:
> 
> > John Clizbe writes:
> >
> >> BTW, check your SKS DB port, it looks to be set to 17311, i.e.,
> >> -rw-r--r-- 1 sks  sks  95304 Apr  1 23:35 diff-18.9.60.141_17311.txt
> >
> > It is, though that port is firewalled.  Apache is listening on 11371 and
> > forwarding requests to 17311.  This was needed to deal with clients that
> > were either mis-behaving, or behind a bad network.
> 
> Beware: the SKS recon process sends the port of the SKS db server to
> your peers. It means that John's recon process will try to retrieve the
> missing keys on your port 17311 which is apparently not what you expect.
> The result is that while your server succesfully retrieves keys from the
> rest of the SKS network, the keys that have been uploaded to your server
> never make it out to the rest of the world.
> 
> To have your peers use port 11371 you will probably (not tried) have to
> use a separate directories for the db and recon processes so that you
> can configure each of them with different hkp_port.

I would have thought that the simplest solution would be for Janathon to
knock a hole in his firewall to allow his peers to communicate with his
server directly on the port (17311) advertised by his recon process.

ozsrv02# sockstat -4 | grep 18.9.60.141
sks      sks        2005  13 tcp4   202.125.41.160:60480  18.9.60.141:17311

ozsrv02# netstat -nf inet | grep 18.9.60.141
tcp4       0      0 202.125.41.160.54175   18.9.60.141.17311      SYN_SENT

-- 
John Marshall

pgpiGefCUXHdk.pgp
Description: PGP signature