Re: [Sks-devel] SKS behind NAT firewall

sks-devel

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Sks-devel] SKS behind NAT firewall

From:	Shengjing Zhu
Subject:	Re: [Sks-devel] SKS behind NAT firewall
Date:	Mon, 29 Jan 2018 10:43:16 +0800
User-agent:	Mutt/1.9.2 (2017-12-15)

On Tue, Jan 23, 2018 at 10:48:04PM +0200, Hendrik Visage wrote:
> Hi there,
> 
>  Anybody else running a SKS behind a NAT firewall?
> Could you perhaps share any advice on the recon/hkp settings? (I’ll be 
> setting up/running nginx reverse proxy for HKP)
> 
>  Or should I rather have the outside IP bound to a virtual/loopback 
> interface, and then route it directly via the firewall to the SKS server?
> 
> Reason I’m asking: I’m not quite clear in understanding the recon settings, 
> and I’d rather ask experience before I chase down the wrong alley.
> 

For hkp, I think it's quite clear since it's just HTTP, you can do
whaterver you have done for other HTTP services.

For recon, I think you need to use SNAT. Your sks instance will only
response to ip resolved from the domains you set in your membership file.
With SNAT, your sks will know the real ip of your peer.

Best regards,
Shengjing

signature.asc
Description: PGP signature

[Prev in Thread]

Current Thread

[Next in Thread]

[Sks-devel] SKS behind NAT firewall, Hendrik Visage, 2018/01/23
- Re: [Sks-devel] SKS behind NAT firewall, Alain Wolf, 2018/01/23
- Re: [Sks-devel] SKS behind NAT firewall, Shengjing Zhu <=

Prev by Date: Re: [Sks-devel] Out of the pool
Next by Date: [Sks-devel] Descriptive error meesages
Previous by thread: Re: [Sks-devel] SKS behind NAT firewall
Next by thread: [Sks-devel] SKS peering?
Index(es):
- Date
- Thread