VanDyke Software Forums

VanDyke Software Forums (https://forums.vandyke.com/index.php)
-   General (https://forums.vandyke.com/forumdisplay.php?f=11)
-   -   Firewall chain contains a loop error (https://forums.vandyke.com/showthread.php?t=14354)

donaghq 11-24-2020 02:53 PM

Firewall chain contains a loop error
 
Hello

I have configured my sessions to go via a jumpbox. I added the firewall command to all my sessions including the jumpbox! I know I am getting the error as the jumpbox has been told to use itself as the firewall but......if i click through the error i get on the host. The curious thing is if I turn off the option of using a firewall on the jumpbox the hosts will not connect at all. They get the initial banner but will not authenticate.

Thanks

DQ

bgagnon 11-24-2020 03:50 PM

Hi DQ,
Quote:

but......if i click through the error i get on the host.
But the session is not using the firewall (as it isn't possible).

Quote:

The curious thing is if I turn off the option of using a firewall on the jumpbox the hosts will not connect at all.
I am not sure what you mean by "turn off the option of using a firewall on the jumpbox". Are you saying in the "hosts sessions" you set the firewall to None?

Please restate the issue using some relevant (but they do not have to be the actual) Session Names to avoid confusion.

donaghq 11-26-2020 11:49 AM

Hi Brenda

Thanks for your reply.

I can access Host_A and Host_B via the Jumpbox_C. I ssh to Jumpbox_C and I can ssh from there to Host_A and Host_B. All good.

Now I want to access Host_A and Host_B via Jumpbox_C. I edit the session info for Host_A and Host_B to use the firewall function and choose the Jumpbox_C as the firewall.

Now when I log on to Host_A and Host_B I get the login banner but it does not allow me to log on and eventually times out.

DQ

bgagnon 11-30-2020 11:06 AM

Hi DQ,

The requirement for using dependent session feature is that the jumphost supports port forwarding. Does the jumphost support port forwarding?

If so, please post trace options output of the connection attempts using the dependent session feature.

Since it may contain sensitive data, if you do not want to post the trace options output, send it to support@vandyke.com and reference Attn Brenda - Forum Thread #14354 in the subject line.

bgagnon 11-30-2020 11:52 AM

Hi DQ,

I will need the entire trace options output, possibly even a more verbose version so please make direct contact per my last post.


All times are GMT -6. The time now is 11:22 AM.