1994 1995 1996 1997 1998 1999 2000 2001 2002 2003 2004 2005 2006 2007 2008 2009 <2010> 2011 2012 2013 2014 2015 2016 2017 2018 2019 2020 2021 2022 2023 2024 | Index | 1994 1995 1996 1997 1998 1999 2000 2001 2002 2003 2004 2005 2006 2007 2008 2009 <2010> 2011 2012 2013 2014 2015 2016 2017 2018 2019 2020 2021 2022 2023 2024 |
<== Date ==> | <== Thread ==> |
---|
Subject: | Re: Firewall (iptables) issues? |
From: | Eric Norum <[email protected]> |
To: | Phillip Sorensen <[email protected]> |
Cc: | EPICS Techtalk <[email protected]> |
Date: | Fri, 5 Nov 2010 08:28:12 -0700 |
To summarize: If you want channel access clients on a machine to be able to see replies to broadcast PV search requests you need to permit inbound UDP packets with source port EPICS_CA_SERVER_PORT (default is 5064). On systems using iptables this can be accomplished by a rule like -A INPUT -s 192.168.0.0/22 -p udp --sport 5064 -j ACCEPT If you want channel access servers (e.g. "soft IOCs") on a machine to be able to see clients you need to permit inbound TCP and UDP packets with source port EPICS_CA_SERVER_PORT (default is 5064). On systems using iptables this can be accomplished by rules like -A INPUT -s 192.168.0.0/22 -p udp --dport 5064 -j ACCEPT -A INPUT -s 192.168.0.0/22 -p tcp --dport 5064 -j ACCEPT In all cases the "-s 192.168.0.0/22" specifies the range of addresses from which you wish to accept packets. -- Eric Norum [email protected]