Experimental Physics and
Industrial Control System

1994 1995 1996 1997 1998 1999 2000 2001 2002 2003 2004 2005 2006 2007 2008 2009 2010 2011 2012 2013 2014 2015 2016 2017 2018 2019 2020 2021 2022 <2023> 2024	Index	1994 1995 1996 1997 1998 1999 2000 2001 2002 2003 2004 2005 2006 2007 2008 2009 2010 2011 2012 2013 2014 2015 2016 2017 2018 2019 2020 2021 2022 <2023> 2024
<== Date ==>		<== Thread ==>

Subject:	Re: [EXTERNAL] PVA connection problem
From:	"Kasemir, Kay via Tech-talk" <tech-talk at aps.anl.gov>
To:	Ignacio Arriagada <ignacio.arriagada at noirlab.edu>, "tech-talk at aps.anl.gov" <tech-talk at aps.anl.gov>
Date:	Fri, 15 Sep 2023 12:45:29 +0000

In your firewall, you open the 506* ports used by Channel Access:

Ports… 5064/tcp 5065/tcp 5064/udp 5065/udp

That’s great for channel access, but PV access uses ports 5075 and 5076:

EPICS_PVAS_BROADCAST_PORT = 5076
EPICS_PVAS_SERVER_PORT = 5075

2023-09-14T17:27:50.066 Sending 59 …-> …:5076.

 Update your firewall config to include uses ports 5075 and 5076

From: Tech-talk <tech-talk-bounces at aps.anl.gov> on behalf of Ignacio Arriagada via Tech-talk <tech-talk at aps.anl.gov>
Date: Thursday, September 14, 2023 at 4:53 PM
To: tech-talk at aps.anl.gov <tech-talk at aps.anl.gov>
Subject: [EXTERNAL] PVA connection problem

Hello Tech-talk,

I'm running into an issue trying to communicate between 2 VMs using pva. In VM1 I have a softIOC running with PVAccess enabled with the following standard configuration.

epics> pvasr
pvAccess Server v7.1.6
Active configuration (w/ defaults)
EPICS_PVAS_INTF_ADDR_LIST = 0.0.0.0:5075
EPICS_PVAS_BEACON_ADDR_LIST =
EPICS_PVAS_AUTO_BEACON_ADDR_LIST = YES
EPICS_PVAS_BEACON_PERIOD = 15
EPICS_PVAS_BROADCAST_PORT = 5076
EPICS_PVAS_SERVER_PORT = 5075
EPICS_PVAS_PROVIDER_NAMES = QSRV

epics> pval
testSCS:TX
testSCS:RX
testSCS:gcbTx
testSCS:page0

epics>

From VM2, I'm trying to execute pvget to get the testSCS:gcbTx. I have set the address using EPICS_PVA_ADDR_LIST, but this doesn't work, with the following debug log

$ pvget testSCS:gcbTx
2023-09-14T17:27:50.066 Creating datagram socket from: 0.0.0.0:54661.
2023-09-14T17:27:50.066 Broadcast address #0: 192.168.1.140:5076. (unicast)
2023-09-14T17:27:50.066 Broadcast address #1: 192.168.1.255:5076. (not unicast)
2023-09-14T17:27:50.066 Broadcast address #2: 192.168.122.255:5076. (not unicast)
2023-09-14T17:27:50.066 Setting up UDP for interface 192.168.1.138/255.255.255.0, broadcast 192.168.1.255, dest <none>.
2023-09-14T17:27:50.066 Creating datagram socket from: 192.168.1.138:5076.
2023-09-14T17:27:50.066 Creating datagram socket from: 192.168.1.255:5076.
2023-09-14T17:27:50.066 Setting up UDP for interface 192.168.122.1/255.255.255.0, broadcast 192.168.122.255, dest <none>.
2023-09-14T17:27:50.066 Creating datagram socket from: 192.168.122.1:5076.
2023-09-14T17:27:50.066 Creating datagram socket from: 192.168.122.255:5076.
2023-09-14T17:27:50.066 Creating datagram socket from: 224.0.0.128:5076.
2023-09-14T17:27:50.066 Local multicast enabled on 127.0.0.1/224.0.0.128:5076.
2023-09-14T17:27:50.066 Sending 59 bytes 0.0.0.0:54661 -> 192.168.1.140:5076.
2023-09-14T17:27:50.066 Sending 59 bytes 0.0.0.0:54661 -> 192.168.1.255:5076.
2023-09-14T17:27:50.067 Sending 59 bytes 0.0.0.0:54661 -> 192.168.122.255:5076.
2023-09-14T17:27:50.296 Sending 59 bytes 0.0.0.0:54661 -> 192.168.1.140:5076.
2023-09-14T17:27:50.296 Sending 59 bytes 0.0.0.0:54661 -> 192.168.1.255:5076.
2023-09-14T17:27:50.296 Sending 59 bytes 0.0.0.0:54661 -> 192.168.122.255:5076.
2023-09-14T17:27:50.754 Sending 59 bytes 0.0.0.0:54661 -> 192.168.1.140:5076.
2023-09-14T17:27:50.754 Sending 59 bytes 0.0.0.0:54661 -> 192.168.1.255:5076.
2023-09-14T17:27:50.754 Sending 59 bytes 0.0.0.0:54661 -> 192.168.122.255:5076.
2023-09-14T17:27:51.670 Sending 59 bytes 0.0.0.0:54661 -> 192.168.1.140:5076.
2023-09-14T17:27:51.670 Sending 59 bytes 0.0.0.0:54661 -> 192.168.1.255:5076.
2023-09-14T17:27:51.670 Sending 59 bytes 0.0.0.0:54661 -> 192.168.122.255:5076.
^CtestSCS:gcbTx 2023-09-14T17:27:52.545 UDP socket 0.0.0.0:0 closed.
2023-09-14T17:27:52.545 UDP Client Rx (0) 0.0.0.0:54661 <- <Ukn Addr Type>
2023-09-14T17:27:52.545 UDP socket 192.168.1.138:5076 closed.
2023-09-14T17:27:52.545 UDP Client Rx (0) 192.168.1.138:5076 <- <Ukn Addr Type>
2023-09-14T17:27:52.546 UDP socket 192.168.1.255:5076 closed.
2023-09-14T17:27:52.546 UDP Client Rx (0) 192.168.1.255:5076 <- <Ukn Addr Type>
2023-09-14T17:27:52.546 UDP socket 192.168.122.1:5076 closed.
2023-09-14T17:27:52.546 UDP Client Rx (0) 192.168.122.1:5076 <- <Ukn Addr Type>
2023-09-14T17:27:52.546 UDP socket 192.168.122.255:5076 closed.
2023-09-14T17:27:52.546 UDP Client Rx (0) 192.168.122.255:5076 <- <Ukn Addr Type>
2023-09-14T17:27:52.546 UDP socket 224.0.0.128:5076 closed.
2023-09-14T17:27:52.547 UDP Client Rx (0) 224.0.0.128:5076 <- <Ukn Addr Type>

I can get it to work by disabling the firewall (systemctl stop firewalld). Then I get the following

$ pvget testSCS:gcbTx
2023-09-14T17:26:43.289 Creating datagram socket from: 0.0.0.0:37793.
2023-09-14T17:26:43.289 Broadcast address #0: 192.168.1.140:5076. (unicast)
2023-09-14T17:26:43.289 Broadcast address #1: 192.168.1.255:5076. (not unicast)
2023-09-14T17:26:43.289 Broadcast address #2: 192.168.122.255:5076. (not unicast)
2023-09-14T17:26:43.289 Setting up UDP for interface 192.168.1.138/255.255.255.0, broadcast 192.168.1.255, dest <none>.
2023-09-14T17:26:43.289 Creating datagram socket from: 192.168.1.138:5076.
2023-09-14T17:26:43.289 Creating datagram socket from: 192.168.1.255:5076.
2023-09-14T17:26:43.290 Setting up UDP for interface 192.168.122.1/255.255.255.0, broadcast 192.168.122.255, dest <none>.
2023-09-14T17:26:43.290 Creating datagram socket from: 192.168.122.1:5076.
2023-09-14T17:26:43.290 Creating datagram socket from: 192.168.122.255:5076.
2023-09-14T17:26:43.290 Creating datagram socket from: 224.0.0.128:5076.
2023-09-14T17:26:43.290 Local multicast enabled on 127.0.0.1/224.0.0.128:5076.
2023-09-14T17:26:43.290 Sending 59 bytes 0.0.0.0:37793 -> 192.168.1.140:5076.
2023-09-14T17:26:43.290 Sending 59 bytes 0.0.0.0:37793 -> 192.168.1.255:5076.
2023-09-14T17:26:43.290 Sending 59 bytes 0.0.0.0:37793 -> 192.168.122.255:5076.
2023-09-14T17:26:43.290 UDP Client Rx (59) 192.168.1.255:5076 <- 192.168.1.138:37793
2023-09-14T17:26:43.290 UDP Client Rx (59) 192.168.122.255:5076 <- 192.168.122.1:37793
2023-09-14T17:26:43.291 UDP Client Rx (53) 0.0.0.0:37793 <- 192.168.1.140:60446
2023-09-14T17:26:43.291 Connecting to PVA server: 192.168.1.140:5075.
2023-09-14T17:26:43.291 Opening socket to PVA server 192.168.1.140:5075, attempt 1.
2023-09-14T17:26:43.292 Socket connected to PVA server: 192.168.1.140:5075.
2023-09-14T17:26:43.292 Acquiring transport to 192.168.1.140:5075.
2023-09-14T17:26:43.298 Connected to PVA server: 192.168.1.140:5075.
2023-09-14T17:26:43.298 UDP Client Rx (53) 0.0.0.0:37793 <- 192.168.1.140:60446
testSCS:gcbTx <undefined> 0 INVALID DRIVER UDF
2023-09-14T17:26:43.303 Releasing TCP transport to 192.168.1.140:5075.
2023-09-14T17:26:43.303 TCP socket to 192.168.1.140:5075 is to be closed.
2023-09-14T17:26:43.303 UDP socket 0.0.0.0:0 closed.
2023-09-14T17:26:43.303 UDP Client Rx (0) 0.0.0.0:37793 <- 192.168.1.140:60446
2023-09-14T17:26:43.303 UDP socket 192.168.1.138:5076 closed.
2023-09-14T17:26:43.303 UDP Client Rx (0) 192.168.1.138:5076 <- <Ukn Addr Type>
2023-09-14T17:26:43.303 UDP socket 192.168.1.255:5076 closed.
2023-09-14T17:26:43.303 UDP Client Rx (0) 192.168.1.255:5076 <- 192.168.1.138:37793
2023-09-14T17:26:43.303 UDP socket 192.168.122.1:5076 closed.
2023-09-14T17:26:43.303 UDP Client Rx (0) 192.168.122.1:5076 <- <Ukn Addr Type>
2023-09-14T17:26:43.303 UDP socket 192.168.122.255:5076 closed.
2023-09-14T17:26:43.303 UDP Client Rx (0) 192.168.122.255:5076 <- 192.168.122.1:37793
2023-09-14T17:26:43.303 UDP socket 224.0.0.128:5076 closed.
2023-09-14T17:26:43.303 UDP Client Rx (0) 224.0.0.128:5076 <- <Ukn Addr Type>

From VM2, caget works without issues, with and without the firewall enabled

$ caget testSCS:gcbTx
testSCS:gcbTx 0

$ cainfo testSCS:gcbTx
testSCS:gcbTx
State: connected
Host: 192.168.1.140:5064
Access: read, write
Native data type: DBF_LONG
Request type: DBR_LONG
Element count: 1

The firewall config for the VMs is the following

VM1:

$ sudo firewall-cmd --list-all
public (active)
target: default
icmp-block-inversion: no
interfaces: enp0s3
sources:
services: cockpit dhcpv6-client ssh
ports: 8888/tcp 8888/udp 5064/tcp 5065/tcp 5064/udp 5065/udp
protocols:
forward: no
masquerade: no
forward-ports:
source-ports:
icmp-blocks:
rich rules:

VM2:

$ sudo firewall-cmd --list-all
public (active)
target: default
icmp-block-inversion: no
interfaces: enp0s3
sources:
services: cockpit dhcpv6-client ssh
ports: 8888/tcp 8888/udp
protocols:
forward: no
masquerade: no
forward-ports:
source-ports:
icmp-blocks:
rich rules:

For security reasons I need to be able to find a configuration for the firewall that works with PVAccess. Any idea what I could be missing?

Replies:: Re: [EXTERNAL] PVA connection problem Ignacio Arriagada via Tech-talk

References:: PVA connection problem Ignacio Arriagada via Tech-talk

Navigate by Date:: Prev: Re: PVA connection problem Michael Davidsaver via Tech-talk; Next: Re: [EXTERNAL] PVA connection problem Ignacio Arriagada via Tech-talk; Index: 1994 1995 1996 1997 1998 1999 2000 2001 2002 2003 2004 2005 2006 2007 2008 2009 2010 2011 2012 2013 2014 2015 2016 2017 2018 2019 2020 2021 2022 <2023> 2024
Navigate by Thread:: Prev: Re: PVA connection problem Michael Davidsaver via Tech-talk; Next: Re: [EXTERNAL] PVA connection problem Ignacio Arriagada via Tech-talk; Index: 1994 1995 1996 1997 1998 1999 2000 2001 2002 2003 2004 2005 2006 2007 2008 2009 2010 2011 2012 2013 2014 2015 2016 2017 2018 2019 2020 2021 2022 <2023> 2024

ANJ, 15 Sep 2023

· Home · News · About · Base · Modules · Extensions · Distributions · Download ·
· Search · EPICS V4 · IRMIS · Talk · Bugs · Documents · Links · Licensing ·

Experimental Physics and Industrial Control System

Experimental Physics and
Industrial Control System