> > >> BTW, check your SKS DB port, it looks to be set to 17311, i.e.,
> > >> -rw-r--r-- 1 sks sks 95304 Apr 1 23:35 diff-18.9.60.141_17311.txt
> > >
> > > It is, though that port is firewalled. Apache is listening on 11371 and
> > > forwarding requests to 17311. This was needed to deal with clients that
> > > were either mis-behaving, or behind a bad network.
> >=20
> > Beware: the SKS recon process sends the port of the SKS db server to
> > your peers. It means that John's recon process will try to retrieve the
> > missing keys on your port 17311 which is apparently not what you expect.
> > The result is that while your server succesfully retrieves keys from the
> > rest of the SKS network, the keys that have been uploaded to your server
> > never make it out to the rest of the world.
> >=20
> > To have your peers use port 11371 you will probably (not tried) have to
> > use a separate directories for the db and recon processes so that you
> > can configure each of them with different hkp_port.
>
> I would have thought that the simplest solution would be for Janathon to
> knock a hole in his firewall to allow his peers to communicate with his
> server directly on the port (17311) advertised by his recon process.
Thanks to everyone for the advice.
Knocking a hole in the firewall is an option, but I'd like to try one or
two other things first. I've made an attempt to convince my recon
server to report port 11371 as the hkp port. I'd appreciate it if one
of you could touch your membership file, and see if key retrevals are
now working.
Additionally, if there's any way for me to externally probe my recon
server to see what it is reporting, I'd be interested in hearing about
it.
Jonathon
Jonathon Weiss <jwe...@mit.edu>
MIT/IS&T/OIS Server Operations
_______________________________________________
Sks-devel mailing list
Sks-devel@nongnu.org
http://lists.nongnu.org/mailman/listinfo/sks-devel
