EPICS Home EPICS Controls Argonne National Laboratory

Experimental Physics and
Industrial Control System

Format page
for printing


Search Tech-talk
1994  1995  1996  1997  1998  1999  2000  2001  2002  2003  2004  2005  2006  2007  2008  2009  2010  2011  <20122013  2014  2015  2016  2017  2018  2019  2020  2021  2022  2023  2024  Index 1994  1995  1996  1997  1998  1999  2000  2001  2002  2003  2004  2005  2006  2007  2008  2009  2010  2011  <20122013  2014  2015  2016  2017  2018  2019  2020  2021  2022  2023  2024 
<== Date ==> <== Thread ==>
Subject: RE: iptables example script for EPICS CA
From: "Hill, Jeff" <[email protected]>
To: Benjamin Franksen <[email protected]>, "[email protected]" <[email protected]>
Date: Mon, 2 Jul 2012 15:02:05 +0000 
Sounds like a good idea. I created this bug entry.

https://bugs.launchpad.net/epics-base/+bug/1020131

> -----Original Message-----
> From: [email protected] [mailto:[email protected]]
> On Behalf Of Benjamin Franksen
> Sent: Monday, July 02, 2012 7:25 AM
> To: [email protected]
> Subject: Re: iptables example script for EPICS CA
> 
> On Friday, June 29, 2012, John William Sinclair wrote:
> > Here's a previous submission:
> >
> > ---------------------------------
> >
> > Thanks to input from Jeff Hill, Ralph Lange, and Andrew Johnson I think
> > that the following is an accurate description of the firewall settings
> > needed to support channel access.
> >
> > ====================================================================
> > If you want channel access clients on a machine to be able to see
> beacons
> > and replies to broadcast PV search requests you need to permit inbound
> > UDP packets with source port EPICS_CA_SERVER_PORT (default is 5064) or
> > destination port EPICS_CA_REPEATER_PORT (default is 5065).  On systems
> > using iptables this can be accomplished by rules like
> > 	-A INPUT -s 192.168.0.0/22 -p udp --sport 5064 -j ACCEPT
> > 	-A INPUT -s 192.168.0.0/22 -p udp --dport 5065 -j ACCEPT
> >
> > If you want channel access servers (e.g. "soft IOCs") on a machine to be
> > able to see clients you need to permit inbound TCP or UDP packets with
> > source port EPICS_CA_SERVER_PORT (default is 5064).  On systems using
> > iptables this can be accomplished by rules like
> > 	-A INPUT -s 192.168.0.0/22 -p udp --dport 5064 -j ACCEPT
> > 	-A INPUT -s 192.168.0.0/22 -p tcp --dport 5064 -j ACCEPT
> >
> > The above sets of rules are complete assuming that there's no blocking
> of
> > outbound traffic.
> >
> > In all cases the "-s 192.168.0.0/22" specifies the range of addresses
> > from which you wish to accept packets.
> > ====================================================================
> 
> How about adding this text to the CA reference manual (possibly in an
> appendix)?
> 
> Cheers
> Ben
References:
iptables example script for EPICS CA Mark Rivers
Re: iptables example script for EPICS CA John William Sinclair
Re: iptables example script for EPICS CA Benjamin Franksen
Navigate by Date:
Prev: Re: iptables example script for EPICS CA Andrew Johnson
Next: scan save data problem Chen Xue
Index: 1994  1995  1996  1997  1998  1999  2000  2001  2002  2003  2004  2005  2006  2007  2008  2009  2010  2011  <20122013  2014  2015  2016  2017  2018  2019  2020  2021  2022  2023  2024 
Navigate by Thread:
Prev: Re: iptables example script for EPICS CA Benjamin Franksen
Next: Vxworks NFS issue Chen Xue
Index: 1994  1995  1996  1997  1998  1999  2000  2001  2002  2003  2004  2005  2006  2007  2008  2009  2010  2011  <20122013  2014  2015  2016  2017  2018  2019  2020  2021  2022  2023  2024 
ANJ, 18 Nov 2013 Valid HTML 4.01! · Home · News · About · Base · Modules · Extensions · Distributions · Download ·
· Search · EPICS V4 · IRMIS · Talk · Bugs · Documents · Links · Licensing ·