EPICS Controls Argonne National Laboratory

Experimental Physics and
Industrial Control System

1994  1995  1996  1997  1998  1999  2000  2001  2002  2003  2004  2005  2006  2007  2008  2009  2010  2011  <20122013  2014  2015  2016  2017  2018  2019  2020  2021  2022  2023  2024  Index 1994  1995  1996  1997  1998  1999  2000  2001  2002  2003  2004  2005  2006  2007  2008  2009  2010  2011  <20122013  2014  2015  2016  2017  2018  2019  2020  2021  2022  2023  2024 
<== Date ==> <== Thread ==>

Subject: Re: iptables example script for EPICS CA
From: Benjamin Franksen <[email protected]>
To: <[email protected]>
Date: Mon, 2 Jul 2012 15:24:51 +0200
On Friday, June 29, 2012, John William Sinclair wrote:
> Here's a previous submission:
> 
> ---------------------------------
> 
> Thanks to input from Jeff Hill, Ralph Lange, and Andrew Johnson I think
> that the following is an accurate description of the firewall settings
> needed to support channel access.
> 
> ====================================================================
> If you want channel access clients on a machine to be able to see beacons
> and replies to broadcast PV search requests you need to permit inbound
> UDP packets with source port EPICS_CA_SERVER_PORT (default is 5064) or
> destination port EPICS_CA_REPEATER_PORT (default is 5065).  On systems
> using iptables this can be accomplished by rules like
> 	-A INPUT -s 192.168.0.0/22 -p udp --sport 5064 -j ACCEPT
> 	-A INPUT -s 192.168.0.0/22 -p udp --dport 5065 -j ACCEPT
> 
> If you want channel access servers (e.g. "soft IOCs") on a machine to be
> able to see clients you need to permit inbound TCP or UDP packets with
> source port EPICS_CA_SERVER_PORT (default is 5064).  On systems using
> iptables this can be accomplished by rules like
> 	-A INPUT -s 192.168.0.0/22 -p udp --dport 5064 -j ACCEPT
> 	-A INPUT -s 192.168.0.0/22 -p tcp --dport 5064 -j ACCEPT
> 
> The above sets of rules are complete assuming that there's no blocking of
> outbound traffic.
> 
> In all cases the "-s 192.168.0.0/22" specifies the range of addresses
> from which you wish to accept packets.
> ====================================================================

How about adding this text to the CA reference manual (possibly in an 
appendix)?

Cheers
Ben

Attachment: signature.asc
Description: This is a digitally signed message part.


Replies:
Re: iptables example script for EPICS CA Andrew Johnson
RE: iptables example script for EPICS CA Hill, Jeff
References:
iptables example script for EPICS CA Mark Rivers
Re: iptables example script for EPICS CA John William Sinclair

Navigate by Date:
Prev: Re: SynApps build error : win32-x86 Benjamin Franksen
Next: Vxworks NFS issue Chen Xue
Index: 1994  1995  1996  1997  1998  1999  2000  2001  2002  2003  2004  2005  2006  2007  2008  2009  2010  2011  <20122013  2014  2015  2016  2017  2018  2019  2020  2021  2022  2023  2024 
Navigate by Thread:
Prev: Re: iptables example script for EPICS CA John William Sinclair
Next: Re: iptables example script for EPICS CA Andrew Johnson
Index: 1994  1995  1996  1997  1998  1999  2000  2001  2002  2003  2004  2005  2006  2007  2008  2009  2010  2011  <20122013  2014  2015  2016  2017  2018  2019  2020  2021  2022  2023  2024 
ANJ, 18 Nov 2013 Valid HTML 4.01! · Home · News · About · Base · Modules · Extensions · Distributions · Download ·
· Search · EPICS V4 · IRMIS · Talk · Bugs · Documents · Links · Licensing ·