Experimental Physics and Industrial Control System
|
The IOC servers can't do what you're trying, any port they accept connections through will be r/w unless you configure Access Security for the clients, in which case you don't need the second port. Michael
added IP address support to the access security system fairly recently (I forget if you have to turn it on though), so if you know what all the IP addresses or DNA names are of one or the other client groups (r/w or r/o) you can just set up an access security
file with a HAG containing just those addresses. I forget whether it allows for subnet addresses. However, that only works for IOCs recent-enough versions of Base.
It would be relatively easy to run separate CA (and PVA) gateways on a other ports to provide read-only access; this would work for all EPICS versions.
- Andrew
Complexity comes for free, Simplicity you have to work for.
On 1/26/24, 10:50 AM, "Core-talk" <core-talk-bounces at aps.anl.gov> wrote:
Hi folks,
Today someone asked me if it is possible to filter write access to records with
a firewall. The idea is to run a read/write server and a read-only server on the
same IOC on two different ports.
I guess the answer is no. At least my attempts to start two CA server on the
same IP address failed. I tried:
EPICS_CAS_INTF_ADDR_LIST="<my IP> <my IP>:5070"
But it seems ports are ignored in EPICS_CAS_INTF_ADDR_LIST.
Also, I would not know how to make a server readonly. All
Would this be a "simple" way to handle write access filtering per firewall
rules, opening the r/w port only to selected client IP addresses?
Dirk
|
- Replies:
- Re: separate ca/pva ports for r/w and r/o access? Ralph Lange via Core-talk
- References:
- separate ca/pva ports for r/w and r/o access? Zimoch Dirk via Core-talk
- Navigate by Date:
- Prev:
separate ca/pva ports for r/w and r/o access? Zimoch Dirk via Core-talk
- Next:
Re: separate ca/pva ports for r/w and r/o access? Ralph Lange via Core-talk
- Index:
2002
2003
2004
2005
2006
2007
2008
2009
2010
2011
2012
2013
2014
2015
2016
2017
2018
2019
2020
2021
2022
2023
<2024>
- Navigate by Thread:
- Prev:
separate ca/pva ports for r/w and r/o access? Zimoch Dirk via Core-talk
- Next:
Re: separate ca/pva ports for r/w and r/o access? Ralph Lange via Core-talk
- Index:
2002
2003
2004
2005
2006
2007
2008
2009
2010
2011
2012
2013
2014
2015
2016
2017
2018
2019
2020
2021
2022
2023
<2024>
|
ANJ, 26 Jan 2024 |
·
Home
·
News
·
About
·
Base
·
Modules
·
Extensions
·
Distributions
·
Download
·
·
Search
·
EPICS V4
·
IRMIS
·
Talk
·
Bugs
·
Documents
·
Links
·
Licensing
·
|