[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Sks-devel] Seeking peers for sks.lockmail.net
From: |
Antony Prince |
Subject: |
Re: [Sks-devel] Seeking peers for sks.lockmail.net |
Date: |
Mon, 22 Aug 2016 19:27:05 -0400 |
On 08/22/2016 07:12 PM, Danny Horne wrote:
> I'm sorry, but unless there's a firewalld expert here I'm calling it a day
>
> It's taken me days just to get sks working right and I'm now told people
> can't connect to the recon port (11370 TCP).
>
> sks is listening on localhost on this port and I've tried everything I
> can find to open this port and forward to localhost but haven't had any
> success, so unless someone can give me ALL the settings needed to get
> firewalld working right I'll have to call it quits
>
I could be mistaken, but rather than listening on localhost, you should
be able to set it to listen on any of your external addresses in the
sksconf file with the hkp_address and recon_address directives, then
simply open the ports in the firewall rather than trying to forward to
localhost. The hkp port is recommended to be put behind a reverse proxy
[1] and in that setup the hkp port would be on the localhost interface,
but the recon port should be outward facing IIRC.
[1] https://bitbucket.org/skskeyserver/sks-keyserver/wiki/Peering
--
Antony Prince
Key ID: 0xAF3D4087301B1B19
Fingerprint: 591F F17F 7A4A A8D0 F659 C482 AF3D 4087 301B 1B19
signature.asc
Description: OpenPGP digital signature