[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Sks-devel] Seeking peers for sks.lockmail.net
|
From: |
Danny Horne |
|
Subject: |
Re: [Sks-devel] Seeking peers for sks.lockmail.net |
|
Date: |
Tue, 23 Aug 2016 00:50:13 +0100 |
|
User-agent: |
Mozilla/5.0 (Windows NT 10.0; WOW64; rv:45.0) Gecko/20100101 Thunderbird/45.2.0 |
Thanks for the reply, I don't know why I set recon to listen on
localhost, I must have read it somewhere, I've now removed all the
unnecessary firewalld rules and set recon to listen on the external
addresses, this appears to have fixed the problem, won't really know
until peering gets under way
On 23/08/2016 12:27 am, Antony Prince wrote:
> On 08/22/2016 07:12 PM, Danny Horne wrote:
>> I'm sorry, but unless there's a firewalld expert here I'm calling it a day
>>
>> It's taken me days just to get sks working right and I'm now told people
>> can't connect to the recon port (11370 TCP).
>>
>> sks is listening on localhost on this port and I've tried everything I
>> can find to open this port and forward to localhost but haven't had any
>> success, so unless someone can give me ALL the settings needed to get
>> firewalld working right I'll have to call it quits
>>
> I could be mistaken, but rather than listening on localhost, you should
> be able to set it to listen on any of your external addresses in the
> sksconf file with the hkp_address and recon_address directives, then
> simply open the ports in the firewall rather than trying to forward to
> localhost. The hkp port is recommended to be put behind a reverse proxy
> [1] and in that setup the hkp port would be on the localhost interface,
> but the recon port should be outward facing IIRC.
>
> [1] https://bitbucket.org/skskeyserver/sks-keyserver/wiki/Peering
>
signature.asc
Description: OpenPGP digital signature