[Sks-devel] sks recon: IP-address

sks-devel

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Sks-devel] sks recon: IP-address

From:	Olaf Gellert
Subject:	[Sks-devel] sks recon: IP-address
Date:	Thu, 19 Feb 2004 18:08:30 +0100
User-agent:	Mutt/1.4.2.1i

Hi all,

hopefully the last question before I put our SKS
into production: My recon server seems to use the
second IP address of the system for gossiping
with the other servers. It is configured like this:

# set the hostname of your server
hostname: pgpkeys.pca.dfn.de
# set the ip address for the server
hkp_address: 193.174.13.74
# port for synchronising with other SKS via gossip protocol
recon_port: 11370
# ip-address for the synchronisation via gossip
recon_address: 193.174.13.74

So it should use 193.174.13.74 for gossip. But I
see this in our firewall logs:

Feb 19 17:59:24 magic kernel: iptables:OUTchainIN= OUT=eth0 SRC=193.174.13.73 
DST=129.24.244.40 LEN=60 TOS=0x00 PREC=0x00 TTL=64 ID=29885 DF PROTO=TCP 
SPT=32913 DPT=11370 WINDOW=5840 RES=0x00 SYN URGP=0 OPT 
(020405B40402080AE41EF3F80000000001030300)

So it really tries the wrong address. This is, what log.recon
says:

2004-02-19 17:47:58 Starting event loop
2004-02-19 17:50:42 Added 1 hash-updates. Caught up to 1077209438.192824
2004-02-19 17:52:30 Added 1 hash-updates. Caught up to 1077209545.206984
2004-02-19 17:53:06 Recon partner: <ADDR_INET 212.242.169.198:11370>
2004-02-19 17:53:51 <recon as client> callback timed out.
2004-02-19 17:53:59 Added 2 hash-updates. Caught up to 1077209637.388646
2004-02-19 17:55:49 Added 2 hash-updates. Caught up to 1077209744.027596
2004-02-19 17:58:39 Recon partner: <ADDR_INET 129.24.244.40:11370>
2004-02-19 17:59:24 <recon as client> callback timed out.
2004-02-19 17:59:48 Added 2 hash-updates. Caught up to 1077209979.838450
2004-02-19 18:04:34 Recon partner: <ADDR_INET 129.24.244.40:11370>
2004-02-19 18:05:19 <recon as client> callback timed out.
2004-02-19 18:06:11 Added 1 hash-updates. Caught up to 1077210353.187839
2004-02-19 18:07:05 Beginning recon as server, client: <ADDR_INET 62.116.124.106
:47557>
2004-02-19 18:07:05 Joining reconciliation

So "recon as server" seems to work, "recon as client" seems
to use the wrong IP address.

Cheers,

Olaf
-- 
Dipl. Inform. Olaf Gellert (PKI Team), DFN-CERT Services GmbH
https://www.dfn-cert.de, +49 40 808077-615 / +49 40 808077-555 (Hotline)
PGP RSA/2048, 4403EB31, 47 09 F3 36 7E 9E 3B CE  6A 6B 12 AB F0 D4 B8 CF

CeBIT 18.-24.03.2004: DFN-PCA meets c't Krypto-Kampagne, Halle 5, Stand E38

[Prev in Thread]

Current Thread

[Next in Thread]

[Sks-devel] sks recon: IP-address, Olaf Gellert <=
- Re: [Sks-devel] sks recon: IP-address, Yaron M. Minsky, 2004/02/19
  - Re: [Sks-devel] sks recon: IP-address, Yaron M. Minsky, 2004/02/20
  - Re: [Sks-devel] sks recon: IP-address, Yaron M. Minsky, 2004/02/20

Prev by Date: Re: [Sks-devel] Syncing with HKP-Servers
Next by Date: Re: [Sks-devel] sks recon: IP-address
Previous by thread: [Sks-devel] Sync request for other SKS
Next by thread: Re: [Sks-devel] sks recon: IP-address
Index(es):
- Date
- Thread