EPICS Home EPICS Controls Argonne National Laboratory

Experimental Physics and
Industrial Control System

Format page
for printing


Search Tech-talk
1994  1995  1996  1997  1998  1999  2000  2001  2002  2003  2004  2005  2006  2007  2008  2009  2010  2011  2012  2013  2014  2015  2016  2017  2018  2019  2020  2021  2022  <20232024  Index 1994  1995  1996  1997  1998  1999  2000  2001  2002  2003  2004  2005  2006  2007  2008  2009  2010  2011  2012  2013  2014  2015  2016  2017  2018  2019  2020  2021  2022  <20232024 
<== Date ==> <== Thread ==>
Subject: Re: PVA connection problem
From: Michael Davidsaver via Tech-talk <tech-talk at aps.anl.gov>
To: Ignacio Arriagada <ignacio.arriagada at noirlab.edu>
Cc: tech-talk at aps.anl.gov
Date: Fri, 15 Sep 2023 09:37:06 +0200 
On 9/14/23 22:52, Ignacio Arriagada via Tech-talk wrote:

...
I can get it to work by disabling the firewall (systemctl stop firewalld). Then I get the following



 From VM2, *caget* works without issues, with and without the firewall enabled


Because your firewall policy includes the CA ports.  (also 5065/tcp which is not used by default)


   ports: ... 5064/tcp 5065/tcp 5064/udp 5065/udp


The equivalent for PVA would be allowing in 5076/udp and 5075/tcp ?



    $ pvget testSCS:gcbTx

...

    testSCS:gcbTx <undefined>              0 INVALID DRIVER UDF

...

 From VM2, *caget* works without issues, with and without the firewall enabled

    $ caget testSCS:gcbTx
    testSCS:gcbTx                  0


fyi. caget by default is requesting DBR_DOUBLE, so it doesn't fetch alarm/time meta-data.
However, pvget does get alarm/time meta-data.  So the "<undefined>" and "INVALID DRIVER UDF"
are the expected output for a record which has not been processed.

A more exact comparison would be with:


caget -d TIME_DOUBLE testSCS:gcbTx




    $ cainfo testSCS:gcbTx
    testSCS:gcbTx
         State:            connected
         Host: 192.168.1.140:5064 <http://192.168.1.140:5064>
         Access:           read, write
         Native data type: DBF_LONG
         Request type:     DBR_LONG
         Element count:    1


The firewall config for the VMs is the following

*VM1*:
$ sudo firewall-cmd --list-all
public (active)
   target: default
   icmp-block-inversion: no
   interfaces: enp0s3
   sources:
   services: cockpit dhcpv6-client ssh
   ports: 8888/tcp 8888/udp 5064/tcp 5065/tcp 5064/udp 5065/udp
   protocols:
   forward: no
   masquerade: no
   forward-ports:
   source-ports:
   icmp-blocks:
   rich rules:

*VM2*:
$ sudo firewall-cmd --list-all
public (active)
   target: default
   icmp-block-inversion: no
   interfaces: enp0s3
   sources:
   services: cockpit dhcpv6-client ssh
   ports: 8888/tcp 8888/udp
   protocols:
   forward: no
   masquerade: no
   forward-ports:
   source-ports:
   icmp-blocks:
   rich rules:

*For security reasons I need to be able to find a configuration for the firewall that works with PVAccess. Any idea what I could be missing?*
References:
PVA connection problem Ignacio Arriagada via Tech-talk
Navigate by Date:
Prev: Re: Streamdevice reads weird 1 byte null data Zimoch Dirk via Tech-talk
Next: Re: Streamdevice reads weird 1 byte null data Ralph Lange via Tech-talk
Index: 1994  1995  1996  1997  1998  1999  2000  2001  2002  2003  2004  2005  2006  2007  2008  2009  2010  2011  2012  2013  2014  2015  2016  2017  2018  2019  2020  2021  2022  <20232024 
Navigate by Thread:
Prev: Re: PVA connection problem [SEC=UNOFFICIAL] Jure Varlec via Tech-talk
Next: Re: [EXTERNAL] PVA connection problem Kasemir, Kay via Tech-talk
Index: 1994  1995  1996  1997  1998  1999  2000  2001  2002  2003  2004  2005  2006  2007  2008  2009  2010  2011  2012  2013  2014  2015  2016  2017  2018  2019  2020  2021  2022  <20232024 
ANJ, 03 Oct 2023 Valid HTML 4.01! · Home · News · About · Base · Modules · Extensions · Distributions · Download ·
· Search · EPICS V4 · IRMIS · Talk · Bugs · Documents · Links · Licensing ·