Re: IOC in Docker not responding to caget from another host

["Paduan Donadio, Marcio via Tech-talk" <tech-talk at aps.anl.gov>]

Hello, again.

Sorry for a long time for a reply. We had the IOC moved to another server and, after that, I couldn't have available server time to continue to test it, as it started to be used for real.

I ended up running the Docker container in another Ubuntu machine. I'll call this Ubuntu2. To my surprise, I could caget from another container in the same machine and from an external host without any adjustment when running the container with the IOC in Ubuntu2.

Michael, this idea of using telnet was very useful. I ended up discovering that the firewall was blocking port 5064 in Ubuntu1. I've opened the port, could connect through telnet, but caget still refuses to communicate. I've tried both the broadcast address and Ubuntu1 specific IP in EPICS_CA_ADDR_LIST.

 Yong, now the IOC is running with EPICS_CA_AUTO_ADDR_LIST=YES in both Ubuntu1 and Ubuntu2. External caget works only in Ubuntu2, though.

Thank you,

Márcio

---

From: Michael Davidsaver <mdavidsaver at gmail.com>
Sent: Thursday, October 28, 2021 9:48 PM
To: Paduan Donadio, Marcio <marcio at slac.stanford.edu>
Cc: EPICS tech-talk <tech-talk at aps.anl.gov>
Subject: Re: IOC in Docker not responding to caget from another host

 

On 10/28/21 3:59 PM, Paduan Donadio, Marcio via Tech-talk wrote:
> $ sudo iptables -L -t nat

Use 'sudo iptables-save' to print all tables, not just 'nat'.
Also check both host and container.

> DNAT       udp  --  anywhere             <server name>  udp dpt:5064 to:134.79.219.255

It might be simpler while troubleshooting to remove any *NAT or
MASQUERADE targets and test only the connection between the
container and the host.


fyi. one quick check for firewall is to connect to the TCP port
of a CA or PVA server with 'telnet'.  Seeing a TCP connection
establish is sufficient.  Also, PVA, and newer CA, servers will
send a message on connection.  eg.


> $ telnet localhost 5075
> Trying 127.0.0.1...
> Connected to localhost.
> Escape character is '^]'.
> �A�@    anonymousca^]
> telnet> q
> Connection closed.