On Tue, Jan 23, 2018 at 10:48:04PM +0200, Hendrik Visage wrote: > Hi there, > > Anybody else running a SKS behind a NAT firewall? > Could you perhaps share any advice on the recon/hkp settings? (I’ll be > setting up/running nginx reverse proxy for HKP) > > Or should I rather have the outside IP bound to a virtual/loopback > interface, and then route it directly via the firewall to the SKS server? > > Reason I’m asking: I’m not quite clear in understanding the recon settings, > and I’d rather ask experience before I chase down the wrong alley. >
For hkp, I think it's quite clear since it's just HTTP, you can do whaterver you have done for other HTTP services. For recon, I think you need to use SNAT. Your sks instance will only response to ip resolved from the domains you set in your membership file. With SNAT, your sks will know the real ip of your peer. Best regards, Shengjing
signature.asc
Description: PGP signature
_______________________________________________ Sks-devel mailing list Sks-devel@nongnu.org https://lists.nongnu.org/mailman/listinfo/sks-devel
