Hi Abdalla,
Thank for the reference.
But I think even using this script the firewall will block the other
IOCs to send data to the client, will not?
Best Regards
On 2/25/20 8:53 AM, Abdalla Ahmad wrote:
Hi Gabriel
You are right. In the case of multiple IOCs, each IOC other than the first one to run will get a random port number. See this link by Ralph https://wiki-ext.aps.anl.gov/epics/index.php/How_to_Make_Channel_Access_Reach_Multiple_Soft_IOCs_on_a_Linux_Host where you create a Network manager dispatcher script where it broadcasts UDP traffic to all processes.
Best Regards,
Abdalla.
-----Original Message-----
From: Tech-talk <tech-talk-bounces at aps.anl.gov> On Behalf Of Gabriel Fedel via Tech-talk
Sent: Monday, February 24, 2020 6:33 PM
To: tech-talk at aps.anl.gov
Subject: Re: firewalld configuration for EPICS?
Hi all,
I'm doing some tests with firewalld configuration, using yours examples, but I think they will not work if there are more than 1 IOC running on same machine, right?
Because the port for the other IOCs to transfer data will be other then the 5064/5065 for CA (and 5076/5077 for PVAccess).
Is my understanding correct?
Is there some alternative for these cases?
Best Regards
On 2/24/20 1:27 PM, Jörn Dreyer via Tech-talk wrote:
Hi,
I have the following content in an XML file under
/etc/firewalld/services/EPICSChannelAccess.xml
<?xml version="1.0" encoding="utf-8"?> <service>
<short>EPICS Channel Access service</short>
<port port="ca-1" protocol="tcp"/>
<port port="ca-1" protocol="udp"/>
<port port="ca-2" protocol="tcp"/>
<port port="ca-2" protocol="udp"/>
<source-port port="ca-1" protocol="tcp"/>
<source-port port="ca-1" protocol="udp"/>
<source-port port="ca-2" protocol="tcp"/>
<source-port port="ca-2" protocol="udp"/> </service>
But this requres a link o be set on my system from /usr/etc/services
to /etc/services. Somehow firewalld under OpenSuSE Tumbleweed does not
yet honor the new path to this file. But if you replace the symbolic
port names to the corresponding numbers it also works.
Regards,
Jörn
Am Montag, 24. Februar 2020, 14:09:57 CET schrieb Goetz Pfeiffer via
Tech-talk:
> On 4/3/19 11:51 AM, Dirk Zimoch via Tech-talk wrote:
> > Hi
> >
> > Does anyone already have a firewalld configuration to allow
Channel
> > Access? I.e. something like a
/usr/lib/firewalld/services/epics.xml
file?
> >
> > Dirk
>
> Hello Dirk,
>
> I just struggled with firewalld in order to make EPICS clients and
servers
> work and I found this solution for the command line:
>
> Settings for EPICS clients:
>
> firewall-cmd --add-rich-rule="rule source-port port=5064
protocol=tcp
> accept" firewall-cmd --add-rich-rule="rule source-port port=5064
> protocol=udp accept" firewall-cmd --add-rich-rule="rule source-port
> port=5065 protocol=tcp accept" firewall-cmd --add-rich-rule="rule
> source-port port=5065 protocol=udp accept"
>
> Additional settings for EPICS servers:
>
> firewall-cmd --add-rich-rule="rule port port=5064 protocol=tcp accept"
> firewall-cmd --add-rich-rule="rule port port=5064 protocol=udp accept"
> firewall-cmd --add-rich-rule="rule port port=5065 protocol=tcp accept"
> firewall-cmd --add-rich-rule="rule port port=5065 protocol=udp accept"
>
> Make changes permanent:
>
> firewall-cmd --runtime-to-permanent
>
> Greetings
>
> Goetz
--
Gabriel Fedel
--
Gabriel Fedel
Ship 8, Floor 2.
EPICS Integrator
Integrated Control System Division
The European Spallation Souce
Odarslövsvägen 113
224 84 Lund
mobile Sweden: 0723356030
mobile International: +46723356030
- Replies:
- RE: firewalld configuration for EPICS? Abdalla Ahmad via Tech-talk
- References:
- Re: firewalld configuration for EPICS? Goetz Pfeiffer via Tech-talk
- Re: firewalld configuration for EPICS? Jörn Dreyer via Tech-talk
- Re: firewalld configuration for EPICS? Gabriel Fedel via Tech-talk
- Navigate by Date:
- Prev:
Re: Problem in installing synApps_6_0 Kim SeongBin via Tech-talk
- Next:
RE: firewalld configuration for EPICS? Abdalla Ahmad via Tech-talk
- Index:
1994
1995
1996
1997
1998
1999
2000
2001
2002
2003
2004
2005
2006
2007
2008
2009
2010
2011
2012
2013
2014
2015
2016
2017
2018
2019
<2020>
2021
2022
2023
2024
- Navigate by Thread:
- Prev:
Re: firewalld configuration for EPICS? Gabriel Fedel via Tech-talk
- Next:
RE: firewalld configuration for EPICS? Abdalla Ahmad via Tech-talk
- Index:
1994
1995
1996
1997
1998
1999
2000
2001
2002
2003
2004
2005
2006
2007
2008
2009
2010
2011
2012
2013
2014
2015
2016
2017
2018
2019
<2020>
2021
2022
2023
2024
|