Here's a previous submission:
---------------------------------
Thanks to input from Jeff Hill, Ralph Lange, and Andrew Johnson I think that the
following is an accurate description of the firewall settings needed to support
channel access.
====================================================================
If you want channel access clients on a machine to be able to see beacons and
replies to broadcast PV search requests you need to permit inbound UDP packets
with source port EPICS_CA_SERVER_PORT (default is 5064) or destination port
EPICS_CA_REPEATER_PORT (default is 5065). On systems using iptables this can be
accomplished by rules like
-A INPUT -s 192.168.0.0/22 -p udp --sport 5064 -j ACCEPT
-A INPUT -s 192.168.0.0/22 -p udp --dport 5065 -j ACCEPT
If you want channel access servers (e.g. "soft IOCs") on a machine to be able to
see clients you need to permit inbound TCP or UDP packets with source port
EPICS_CA_SERVER_PORT (default is 5064). On systems using iptables this can be
accomplished by rules like
-A INPUT -s 192.168.0.0/22 -p udp --dport 5064 -j ACCEPT
-A INPUT -s 192.168.0.0/22 -p tcp --dport 5064 -j ACCEPT
The above sets of rules are complete assuming that there's no blocking of
outbound traffic.
In all cases the "-s 192.168.0.0/22" specifies the range of addresses from which
you wish to accept packets.
====================================================================
On 06/29/2012 08:32 AM, Mark Rivers wrote:
Folks,
I am trying to help someone who is new to EPICS get it running on a Linux host that needs to run the iptables firewall. He needs to run both a soft IOC and EPICS clients on this machine. He's having trouble configuring the iptables firewall correctlly. If he disables iptables things work fine, but with it enabled EPICS does not work.
Can someone send an example of an iptables script that allows CA to run on the default ports of 5064 and 5065, UDP and TCP?
Thanks,
Mark
- Replies:
- Re: iptables example script for EPICS CA Benjamin Franksen
- References:
- iptables example script for EPICS CA Mark Rivers
- Navigate by Date:
- Prev:
Re: SynApps build error : win32-x86 Brands Helge
- Next:
Re: ethernet-based Gamma ion pump controller (mpc) Wesley Moore
- Index:
1994
1995
1996
1997
1998
1999
2000
2001
2002
2003
2004
2005
2006
2007
2008
2009
2010
2011
<2012>
2013
2014
2015
2016
2017
2018
2019
2020
2021
2022
2023
2024
- Navigate by Thread:
- Prev:
iptables example script for EPICS CA Mark Rivers
- Next:
Re: iptables example script for EPICS CA Benjamin Franksen
- Index:
1994
1995
1996
1997
1998
1999
2000
2001
2002
2003
2004
2005
2006
2007
2008
2009
2010
2011
<2012>
2013
2014
2015
2016
2017
2018
2019
2020
2021
2022
2023
2024
|