kprop with multiple or NATted IP address

[Jerry Shipman]

Hello,

I’m trying to set up an additional slave KDC in a new location (different network), and I’m having trouble kprop’ing the database.

There is some tricky networking / routing going on between the network where the master KDC is and the network where the slave will be, that I am in the situation of needing to work with. 

I can go into that more if necessary, but I think the salient point is that each machine has multiple network interfaces, one with a public IP and one with a private IP (10.x.y.z). I am trying to use the private IPs when I kprop the database to the slave. (I am convinced that I eventually got this working with an iptables postrouting snat rule; I see the 10space address in logs, etc.)

I am seeing this error on the slave when I try to push the database from the master:
  kpropd: Incorrect net address while decoding database size from client
>From the master side, it looks like:
  kprop: Connection reset by peer while sending database block starting at 0

I think that kpropd is trying to look up the hostname of the master in DNS, and seeing the public IP, instead of the private IP which the connection is coming from, and then aborting because of that mismatch (or something like that).
On a lark I tried adding the master’s hostname with its private address to /etc/hosts on the slave, but it didn’t immediately seem to help.

Is there a way to do what I’m trying to do?
Or, is there a reason that it is dangerous to avoid verifying that IP match, and I shouldn’t try to work around it?

Thank you for your help,
Jerry Shipman