Hi Greg,
The PVAccess uses ports 5075 and 5076 for its operation (you can also see that in your output of the ss command).
If you add the ports 5075 and 5076 to your firewall rules, I think it should work.
Best regards,
Žiga
> -----Original Message-----
> From: Tech-talk <tech-talk-bounces at aps.anl.gov> On Behalf Of Leblanc,
> Gregory via Tech-talk
> Sent: Friday, April 21, 2023 10:09 PM
> To: tech-talk at aps.anl.gov
> Subject: PV access stopped by the firewall CentOS 9 Stream
>
> Caution: This email originated from outside of Cosylab.
>
>
> Hi folks,
>
> I've just installed CentOS 9 stream on a new machine here, then added on
> epics-base, calc, asyn, and StreamDevice from git. I've also installed my work
> in progress for the Keysight 34980A mainframes, which speak SCPI. All the
> EPICS bits work, but there's something screwy with the firewall. When I do " $
> pvget KS_34980A_EPICStestswitcherMagnetCurrent" it times out in 5
> seconds. "$ caget KS_34980A_EPICStestswitcherMagnetCurrent" works just
> fine. I can turn the firewall off ($ sudo systemctl stop firewalld) and then
> pvget works fine. I added ports 5064 and 5065 in both TCP and UDP to the
> rules for the firewall, but that didn't seem to help.
>
> Firewall rules:
> $ sudo firewallcmd --list-all
> [sudo] password for leblanc:
> sudo: firewallcmd: command not found
> [leblanc@epics1 ~]$ sudo firewall-cmd --list-all public (active)
> target: default
> icmp-block-inversion: no
> interfaces: enp1s0
> sources:
> services: cockpit dhcpv6-client ssh
> ports: 5064/tcp 5065/tcp 5064/udp 5065/udp
> protocols:
> forward: yes
> masquerade: no
> forward-ports:
> source-ports:
> icmp-blocks:
> rich rules:
>
> I also used ss to see what ports pvget was trying to use
>
> $ ss -antup |grep pvget
> udp UNCONN 0 0 0.0.0.0:45383 0.0.0.0:*
> users:(("pvget",pid=49094,fd=3))
> udp UNCONN 0 0 224.0.0.128:5076 0.0.0.0:*
> users:(("pvget",pid=49094,fd=6))
> udp UNCONN 0 0 10.0.255.255:5076 0.0.0.0:*
> users:(("pvget",pid=49094,fd=5))
> udp UNCONN 0 0 10.0.0.239:5076 0.0.0.0:*
> users:(("pvget",pid=49094,fd=4))
>
> I'm not sure what else to try at this point. Any pointers appreciated.
> Greg
>
> --
> Gregory Leblanc
> Accelerator Engineer
> Edwards Accelerator Lab - Ohio University
> 123 University Terrace
> Athens, OH 45701 USA
> leblanc at ohio.edu
> M: (401) 52-OUAL1 or (401) 526-8251
- Replies:
- RE: [External] RE: PV access stopped by the firewall CentOS 9 Stream Leblanc, Gregory via Tech-talk
- References:
- PV access stopped by the firewall CentOS 9 Stream Leblanc, Gregory via Tech-talk
- Navigate by Date:
- Prev:
Re: question about ALIAS Ralph Lange via Tech-talk
- Next:
RE: opc ua client Konrad Gajewski via Tech-talk
- Index:
1994
1995
1996
1997
1998
1999
2000
2001
2002
2003
2004
2005
2006
2007
2008
2009
2010
2011
2012
2013
2014
2015
2016
2017
2018
2019
2020
2021
2022
<2023>
2024
- Navigate by Thread:
- Prev:
PV access stopped by the firewall CentOS 9 Stream Leblanc, Gregory via Tech-talk
- Next:
RE: [External] RE: PV access stopped by the firewall CentOS 9 Stream Leblanc, Gregory via Tech-talk
- Index:
1994
1995
1996
1997
1998
1999
2000
2001
2002
2003
2004
2005
2006
2007
2008
2009
2010
2011
2012
2013
2014
2015
2016
2017
2018
2019
2020
2021
2022
<2023>
2024
|