[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Sks-devel] How can I tell if the server running recon properly
From: |
Phil Pennock |
Subject: |
Re: [Sks-devel] How can I tell if the server running recon properly |
Date: |
Mon, 17 Jul 2017 16:49:10 -0400 |
On 2017-07-18 at 00:03 +0800, Shengjing Zhu wrote:
> Reconciliation attempt from unauthorized host <ADDR_INET [172.17.0.1]:43239>
So something in the setup is terminating external TCPv4 connections and
opening new ones to proxy onwards, or masquerading inbound connections.
This won't work well with SKS.
> I don't know why the host ip(where the docker runs) is shown there.
> Maybe the log means every peer's ip, that sks sees, is the ip of the docker
> host, not the real ip which peer's domain resolves. So I wonder do all
> my peers successfully recon with me in the past year?...
At a guess: IPv6. [2001:da8:d800:f001::99] is probably routed directly
to the container. So any of your peers with IPv6 connectivity is
exchanging keys with you over IPv6.
> Then I setup another instance to peer with it. It seems there's no
> problem even the confused log showed.
That will not be going through the docker host's masquerading.
> But I do want to know how can I ensure the recon is working properly in
> my docker environment.
Test with IPv4 connections _from_ outside the Docker
host/cluster/whatever.