| 1994 1995 1996 1997 1998 1999 2000 2001 2002 2003 2004 2005 2006 2007 2008 2009 2010 2011 2012 2013 2014 2015 2016 2017 2018 2019 2020 <2021> 2022 2023 2024 2025 | Index | 1994 1995 1996 1997 1998 1999 2000 2001 2002 2003 2004 2005 2006 2007 2008 2009 2010 2011 2012 2013 2014 2015 2016 2017 2018 2019 2020 <2021> 2022 2023 2024 2025 |
| <== Date ==> | <== Thread ==> |
|---|
| Subject: | Re: IOC in Docker not responding to caget from another host |
| From: | "Paduan Donadio, Marcio via Tech-talk" <tech-talk at aps.anl.gov> |
| To: | Michael Davidsaver <mdavidsaver at gmail.com> |
| Cc: | EPICS tech-talk <tech-talk at aps.anl.gov> |
| Date: | Fri, 5 Nov 2021 17:53:40 +0000 |
|
Hello, again.
Sorry for a long time for a reply. We had the IOC moved to another server and, after that, I couldn't have available server time to continue to test it, as it started to be used for real.
I ended up running the Docker container in another Ubuntu machine. I'll call this Ubuntu2. To my surprise, I could caget from another container in the same machine and from an external host without any adjustment when running the container with the IOC in Ubuntu2.
Michael, this idea of using telnet was very useful. I ended up discovering that the firewall was blocking port 5064 in Ubuntu1. I've opened the port, could connect through telnet, but caget still refuses to communicate. I've tried both the broadcast address
and Ubuntu1 specific IP in EPICS_CA_ADDR_LIST.
Yong, now the IOC is running with EPICS_CA_AUTO_ADDR_LIST=YES in both Ubuntu1 and Ubuntu2. External caget works only in Ubuntu2, though.
Thank you,
Márcio
From: Michael Davidsaver <mdavidsaver at gmail.com>
Sent: Thursday, October 28, 2021 9:48 PM To: Paduan Donadio, Marcio <marcio at slac.stanford.edu> Cc: EPICS tech-talk <tech-talk at aps.anl.gov> Subject: Re: IOC in Docker not responding to caget from another host On 10/28/21 3:59 PM, Paduan Donadio, Marcio via Tech-talk wrote:
> $ sudo iptables -L -t nat Use 'sudo iptables-save' to print all tables, not just 'nat'. Also check both host and container. > DNAT udp -- anywhere <server name> udp dpt:5064 to:134.79.219.255 It might be simpler while troubleshooting to remove any *NAT or MASQUERADE targets and test only the connection between the container and the host. fyi. one quick check for firewall is to connect to the TCP port of a CA or PVA server with 'telnet'. Seeing a TCP connection establish is sufficient. Also, PVA, and newer CA, servers will send a message on connection. eg. > $ telnet localhost 5075 > Trying 127.0.0.1... > Connected to localhost. > Escape character is '^]'. > �A�@ anonymousca^] > telnet> q > Connection closed. |