EPICS Home EPICS Controls Argonne National Laboratory

Experimental Physics and
Industrial Control System

Format page
for printing


Search Tech-talk
1994  1995  1996  1997  1998  1999  2000  2001  2002  2003  2004  2005  2006  2007  2008  2009  2010  2011  2012  2013  2014  2015  2016  2017  2018  2019  2020  2021  <20222023  2024  Index 1994  1995  1996  1997  1998  1999  2000  2001  2002  2003  2004  2005  2006  2007  2008  2009  2010  2011  2012  2013  2014  2015  2016  2017  2018  2019  2020  2021  <20222023  2024 
<== Date ==> <== Thread ==>
Subject: Testing Rocky Linux with EPICS
From: Abdalla Ahmad via Tech-talk <tech-talk at aps.anl.gov>
To: "tech-talk at aps.anl.gov" <tech-talk at aps.anl.gov>
Date: Thu, 9 Jun 2022 11:17:19 +0000

Hi

 

I recently investigated Rocky Linux to deploy EPICS IOCs, I mainly focused on configuring the firewall (both firewall-cmd and iptables). I have tested the following cases:

·         Testing one IOC on the same host: I created an IOC and ran caget on the same host as the IOC, it did not find the PV. So I thought of enabling EPICS ports using firewall-cmd and it worked.

·         Testing multiple IOCs on the same host: It worked using the previous configuration.

·         Testing multiple IOCs from another host on the same VLAN: It did not work until I enabled both tcp and udp protocols (using –add-protocol option) along with –complete-reload.

·         Testing multiple IOCs from another host on a different VLAN: This is a very confusing one. I enabled EPICS ports, tcp and udp, now I can do caget and cainfo on PVs from the last running IOCs. When I added the UDP broadcast rule in iptables while firewalld is running, for some reason cainfo could not find the PVs but caget was working (I ran these commands from a windows 10 host). When I disabled firewalld and used iptables only, I can see the PVs on the same host, same VLAN and different VLAN.

 

Eventually, this is the configuration I used:

/usr/bin/firewall-cmd --permanent --add-port=5064/tcp

/usr/bin/firewall-cmd --permanent --add-port=5064/udp

/usr/bin/firewall-cmd --permanent --add-port=5065/tcp

/usr/bin/firewall-cmd --permanent --add-port=5065/udp

/usr/bin/firewall-cmd --permanent --add-protocol=tcp

/usr/bin/firewall-cmd --permanent --add-protocol=udp

/usr/bin/firewall-cmd –reload

 

I wonder what is the difference between RHEL 7 and 8 firewall configurations? On CentOS 7, we have firewalld running but with no configuration and we flush iptables (except for the UDP broadcast rule above). What is the best scenario here or which is better firewalld or iptables in this case? I think for some reason, firewalld does not allow UDP broadcast and I could not figure out how to do it in firewall-cmd. Any feedback is really appreciated.

 

Best Regards,

Abdalla.

Replies:
Re: Testing Rocky Linux with EPICS Hu, Yong via Tech-talk
Re: Testing Rocky Linux with EPICS Hu, Yong via Tech-talk
Navigate by Date:
Prev: RE: Strange memory leak with ADAravis Abdalla Ahmad via Tech-talk
Next: RBV value for Soft Channel motor not always being set properly on IOC startup Gregory, Ray via Tech-talk
Index: 1994  1995  1996  1997  1998  1999  2000  2001  2002  2003  2004  2005  2006  2007  2008  2009  2010  2011  2012  2013  2014  2015  2016  2017  2018  2019  2020  2021  <20222023  2024 
Navigate by Thread:
Prev: RE: trying to find information on mvme5100 battery Stone, Eric D via Tech-talk
Next: Re: Testing Rocky Linux with EPICS Hu, Yong via Tech-talk
Index: 1994  1995  1996  1997  1998  1999  2000  2001  2002  2003  2004  2005  2006  2007  2008  2009  2010  2011  2012  2013  2014  2015  2016  2017  2018  2019  2020  2021  <20222023  2024 
ANJ, 14 Sep 2022 Valid HTML 4.01! · Home · News · About · Base · Modules · Extensions · Distributions · Download ·
· Search · EPICS V4 · IRMIS · Talk · Bugs · Documents · Links · Licensing ·