Experimental Physics and
Industrial Control System
| 1994 1995 1996 1997 1998 1999 2000 2001 2002 2003 2004 2005 2006 2007 2008 2009 <2010> 2011 2012 2013 2014 2015 2016 2017 2018 2019 2020 2021 2022 2023 2024 | Index | 1994 1995 1996 1997 1998 1999 2000 2001 2002 2003 2004 2005 2006 2007 2008 2009 <2010> 2011 2012 2013 2014 2015 2016 2017 2018 2019 2020 2021 2022 2023 2024 |
| <== Date ==> | <== Thread ==> |
|---|
| Subject: | Re: Firewall (iptables) issues? |
| From: | Matthieu Bec <[email protected]> |
| To: | Mark Rivers <[email protected]> |
| Cc: | Eric Norum <[email protected]>, EPICS Techtalk <[email protected]> |
| Date: | Thu, 4 Nov 2010 12:48:41 -0300 |
Hi Mark,
I left it as an unanswered question but came to the conclusion the udp destination needed to be widely open:
# anything on VLAN65:
-A INPUT -m state --state NEW -m udp -p udp -s 172.16.65.0/24 --dport 5000:65535 -j ACCEPT
get 'wireshark' if you cannot find ethereal for your distribution.
Matthieu
On 11/04/10 12:24, Mark Rivers wrote:
Hi Eric,
I suspect the problem is that the broadcast messages from the client are not making it through the firewall. I had a similar problem with a Windows firewall.
You can run ethereal on another machine and see if it is seeing the client broadcasts.
Mark
________________________________
From: [email protected] on behalf of Eric Norum Sent: Thu 11/4/2010 10:22 AM To: EPICS Techtalk Subject: Firewall (iptables) issues?
Apologies if this is a FAQ. I'm new to the intricacies of Linux firewalls.
I'm trying to get a linux system Linux xildev2 2.6.18-194.11.3.el5.lbl1 #1 SMP Thu Sep 16 14:50:58 PDT 2010 x86_64 x86_64 x86_64 GNU/Linux to work as a channel access client.
If I use EPICS_CA_ADDR_LIST to explicitly provide the address of my IOC things work fine. If I leave EPICS_CA_ADDR_LIST undefined my client applications see no PVs.
I poked holes in the firewall for the channel-access ports: iptables -L . . ACCEPT udp -- anywhere anywhere udp dpt:ca-1 ACCEPT udp -- anywhere anywhere udp dpt:ca-2 ACCEPT tcp -- anywhere anywhere tcp dpt:ca-1 ACCEPT tcp -- anywhere anywhere tcp dpt:ca-2 . . but that didn't seem to make any difference. I restarted caRepeater after making the firewall changes. Still no PVs.
Suggestions? -- Eric Norum [email protected]
-- Matthieu Bec Gemini Observatory Tel: +56 51 205785 c/o AURA, Casilla 603 Fax: +56 51 205650 La Serena, Chile
- Replies:
- Re: Firewall (iptables) issues? Eric Norum
- References:
- Firewall (iptables) issues? Eric Norum
- RE: Firewall (iptables) issues? Mark Rivers
- Navigate by Date:
- Prev: Re: Firewall (iptables) issues? Eric Norum
- Next: Re: Firewall (iptables) issues? Eric Norum
- Index: 1994 1995 1996 1997 1998 1999 2000 2001 2002 2003 2004 2005 2006 2007 2008 2009 <2010> 2011 2012 2013 2014 2015 2016 2017 2018 2019 2020 2021 2022 2023 2024
- Navigate by Thread:
- Prev: Re: Firewall (iptables) issues? Eric Norum
- Next: Re: Firewall (iptables) issues? Eric Norum
- Index: 1994 1995 1996 1997 1998 1999 2000 2001 2002 2003 2004 2005 2006 2007 2008 2009 <2010> 2011 2012 2013 2014 2015 2016 2017 2018 2019 2020 2021 2022 2023 2024
·
Home
·
News
·
About
·
Base
·
Modules
·
Extensions
·
Distributions
·
Download
·
· Search · EPICS V4 · IRMIS · Talk · Bugs · Documents · Links · Licensing ·