On 2017-07-18 at 00:03 +0800, Shengjing Zhu wrote: > Reconciliation attempt from unauthorized host <ADDR_INET [172.17.0.1]:43239>
So something in the setup is terminating external TCPv4 connections and opening new ones to proxy onwards, or masquerading inbound connections. This won't work well with SKS. > I don't know why the host ip(where the docker runs) is shown there. > Maybe the log means every peer's ip, that sks sees, is the ip of the docker > host, not the real ip which peer's domain resolves. So I wonder do all > my peers successfully recon with me in the past year?... At a guess: IPv6. [2001:da8:d800:f001::99] is probably routed directly to the container. So any of your peers with IPv6 connectivity is exchanging keys with you over IPv6. > Then I setup another instance to peer with it. It seems there's no > problem even the confused log showed. That will not be going through the docker host's masquerading. > But I do want to know how can I ensure the recon is working properly in > my docker environment. Test with IPv4 connections _from_ outside the Docker host/cluster/whatever. _______________________________________________ Sks-devel mailing list Sks-devel@nongnu.org https://lists.nongnu.org/mailman/listinfo/sks-devel