Experimental Physics and Industrial Control System
|
In your firewall, you open the 506* ports used by Channel Access:
Ports… 5064/tcp 5065/tcp 5064/udp 5065/udp
That’s great for channel access, but PV access uses ports 5075 and 5076:
EPICS_PVAS_BROADCAST_PORT = 5076
EPICS_PVAS_SERVER_PORT = 5075
2023-09-14T17:27:50.066 Sending 59 …->
…:5076.
Update your firewall config to include uses ports 5075 and 5076
From:
Tech-talk <tech-talk-bounces at aps.anl.gov> on behalf of Ignacio Arriagada via Tech-talk <tech-talk at aps.anl.gov>
Date: Thursday, September 14, 2023 at 4:53 PM
To: tech-talk at aps.anl.gov <tech-talk at aps.anl.gov>
Subject: [EXTERNAL] PVA connection problem
I'm running into an issue trying to communicate between 2 VMs using pva. In VM1 I have a softIOC running with PVAccess enabled with the following standard configuration.
epics> pvasr
pvAccess Server v7.1.6
Active configuration (w/ defaults)
EPICS_PVAS_INTF_ADDR_LIST =
0.0.0.0:5075
EPICS_PVAS_BEACON_ADDR_LIST =
EPICS_PVAS_AUTO_BEACON_ADDR_LIST = YES
EPICS_PVAS_BEACON_PERIOD = 15
EPICS_PVAS_BROADCAST_PORT = 5076
EPICS_PVAS_SERVER_PORT = 5075
EPICS_PVAS_PROVIDER_NAMES = QSRV
epics> pval
testSCS:TX
testSCS:RX
testSCS:gcbTx
testSCS:page0
From VM2, I'm trying to execute
pvget to get the testSCS:gcbTx. I have set the address using EPICS_PVA_ADDR_LIST, but this doesn't work, with the following debug log
I can get it to work by disabling the firewall (systemctl stop firewalld). Then I get the following
From VM2, caget works without issues, with and without the firewall enabled
$ caget testSCS:gcbTx
testSCS:gcbTx 0
$ cainfo testSCS:gcbTx
testSCS:gcbTx
State: connected
Host:
192.168.1.140:5064
Access: read, write
Native data type: DBF_LONG
Request type: DBR_LONG
Element count: 1
The firewall config for the VMs is the following
$ sudo firewall-cmd --list-all
public (active)
target: default
icmp-block-inversion: no
interfaces: enp0s3
sources:
services: cockpit dhcpv6-client ssh
ports: 8888/tcp 8888/udp 5064/tcp 5065/tcp 5064/udp 5065/udp
protocols:
forward: no
masquerade: no
forward-ports:
source-ports:
icmp-blocks:
rich rules:
$ sudo firewall-cmd --list-all
public (active)
target: default
icmp-block-inversion: no
interfaces: enp0s3
sources:
services: cockpit dhcpv6-client ssh
ports: 8888/tcp 8888/udp
protocols:
forward: no
masquerade: no
forward-ports:
source-ports:
icmp-blocks:
rich rules:
For security reasons I need to be able to find a configuration for the firewall that works with PVAccess. Any idea what I could be missing?
|
- Replies:
- Re: [EXTERNAL] PVA connection problem Ignacio Arriagada via Tech-talk
- References:
- PVA connection problem Ignacio Arriagada via Tech-talk
- Navigate by Date:
- Prev:
Re: PVA connection problem Michael Davidsaver via Tech-talk
- Next:
Re: [EXTERNAL] PVA connection problem Ignacio Arriagada via Tech-talk
- Index:
1994
1995
1996
1997
1998
1999
2000
2001
2002
2003
2004
2005
2006
2007
2008
2009
2010
2011
2012
2013
2014
2015
2016
2017
2018
2019
2020
2021
2022
<2023>
2024
- Navigate by Thread:
- Prev:
Re: PVA connection problem Michael Davidsaver via Tech-talk
- Next:
Re: [EXTERNAL] PVA connection problem Ignacio Arriagada via Tech-talk
- Index:
1994
1995
1996
1997
1998
1999
2000
2001
2002
2003
2004
2005
2006
2007
2008
2009
2010
2011
2012
2013
2014
2015
2016
2017
2018
2019
2020
2021
2022
<2023>
2024
|
ANJ, 15 Sep 2023 |
·
Home
·
News
·
About
·
Base
·
Modules
·
Extensions
·
Distributions
·
Download
·
·
Search
·
EPICS V4
·
IRMIS
·
Talk
·
Bugs
·
Documents
·
Links
·
Licensing
·
|