| 1994 1995 1996 1997 1998 1999 2000 2001 2002 2003 2004 2005 2006 2007 2008 2009 2010 2011 2012 2013 2014 2015 2016 2017 2018 2019 2020 2021 2022 2023 <2024> 2025 | Index | 1994 1995 1996 1997 1998 1999 2000 2001 2002 2003 2004 2005 2006 2007 2008 2009 2010 2011 2012 2013 2014 2015 2016 2017 2018 2019 2020 2021 2022 2023 <2024> 2025 |
| <== Date ==> | <== Thread ==> |
|---|
| Subject: | RE: Practical way to force the IOC to talk with one client |
| From: | Abdalla Ahmad via Tech-talk <tech-talk at aps.anl.gov> |
| To: | Ralph Lange <ralph.lange at gmx.de> |
| Cc: | "tech-talk at aps.anl.gov" <Tech-talk at aps.anl.gov> |
| Date: | Tue, 19 Mar 2024 08:09:51 +0000 |
|
Hello All Thanks for the suggestions. Sorry if things were not clear enough, I want certain IOCs to be “invisible” to all clients on the network except the gateway, so
I want only the gateway to be able to talk with the IOC. I would like to try changing ports, what environment variable will achieve this on both the gateway and IOC sides? Best Regards, Abdalla. From: Tech-talk <tech-talk-bounces at aps.anl.gov>
On Behalf Of Ralph Lange via Tech-talk I would say: It depends on what exactly you want to achieve... If you want the Gateway to only contact specific IOCs - that's what Paul pointed out. Configure the Gateway (client side) to not broadcast name resolution requests and send them to the specific IOCs only. If you want specific IOCs to only be contacted by the Gateway, there are multiple options: ACFs: Limit read or write (or both) access to the Gateway user on the Gateway host. You played with that. Move ports: Configure the IOCs to use a different port on their CA server and the Gateway to use that port on the client side. This will make the whole setup "invisible" to normal clients that don't know the special port number, but it
doesn't provide access limitations. Firewall: Configure the IOC host to only allow incoming CA name resolution traffic from the Gateway host. Cheers, |