Sounds like a good idea. I created this bug entry.
https://bugs.launchpad.net/epics-base/+bug/1020131
> -----Original Message-----
> From: [email protected] [mailto:[email protected]]
> On Behalf Of Benjamin Franksen
> Sent: Monday, July 02, 2012 7:25 AM
> To: [email protected]
> Subject: Re: iptables example script for EPICS CA
>
> On Friday, June 29, 2012, John William Sinclair wrote:
> > Here's a previous submission:
> >
> > ---------------------------------
> >
> > Thanks to input from Jeff Hill, Ralph Lange, and Andrew Johnson I think
> > that the following is an accurate description of the firewall settings
> > needed to support channel access.
> >
> > ====================================================================
> > If you want channel access clients on a machine to be able to see
> beacons
> > and replies to broadcast PV search requests you need to permit inbound
> > UDP packets with source port EPICS_CA_SERVER_PORT (default is 5064) or
> > destination port EPICS_CA_REPEATER_PORT (default is 5065). On systems
> > using iptables this can be accomplished by rules like
> > -A INPUT -s 192.168.0.0/22 -p udp --sport 5064 -j ACCEPT
> > -A INPUT -s 192.168.0.0/22 -p udp --dport 5065 -j ACCEPT
> >
> > If you want channel access servers (e.g. "soft IOCs") on a machine to be
> > able to see clients you need to permit inbound TCP or UDP packets with
> > source port EPICS_CA_SERVER_PORT (default is 5064). On systems using
> > iptables this can be accomplished by rules like
> > -A INPUT -s 192.168.0.0/22 -p udp --dport 5064 -j ACCEPT
> > -A INPUT -s 192.168.0.0/22 -p tcp --dport 5064 -j ACCEPT
> >
> > The above sets of rules are complete assuming that there's no blocking
> of
> > outbound traffic.
> >
> > In all cases the "-s 192.168.0.0/22" specifies the range of addresses
> > from which you wish to accept packets.
> > ====================================================================
>
> How about adding this text to the CA reference manual (possibly in an
> appendix)?
>
> Cheers
> Ben
- References:
- iptables example script for EPICS CA Mark Rivers
- Re: iptables example script for EPICS CA John William Sinclair
- Re: iptables example script for EPICS CA Benjamin Franksen
- Navigate by Date:
- Prev:
Re: iptables example script for EPICS CA Andrew Johnson
- Next:
scan save data problem Chen Xue
- Index:
1994
1995
1996
1997
1998
1999
2000
2001
2002
2003
2004
2005
2006
2007
2008
2009
2010
2011
<2012>
2013
2014
2015
2016
2017
2018
2019
2020
2021
2022
2023
2024
- Navigate by Thread:
- Prev:
Re: iptables example script for EPICS CA Benjamin Franksen
- Next:
Vxworks NFS issue Chen Xue
- Index:
1994
1995
1996
1997
1998
1999
2000
2001
2002
2003
2004
2005
2006
2007
2008
2009
2010
2011
<2012>
2013
2014
2015
2016
2017
2018
2019
2020
2021
2022
2023
2024
|