SOCKS connection not allowed by ruleset.

[mr.dk]

Hello,

I'm setting up dynamic socks proxy as per "https://www.vandyke.com/support/tips/socksproxy.html

My master connection is successful. I have also tested forwarding ports manual successfully.

However when I try to connect to the detestation use the socks proxy I get this message "SOCKS connection not allowed by ruleset"


Thank you.

[bgagnon]

Hi mr.dk,

What version of SecureCRT are you using (Help / About SecureCRT...)?

What do you mean by this:

Quote:

I have also tested forwarding ports manual successfully.

Are you saying when configured via the Connection / Port Forwarding category, you can successfully connect through "JumpHostB" to reach "TargetHostA"?

If so, then the message likely means the jump host does not support dynamic/SOCKs port forwarding.

[mr.dk]

I have the same error message here on version "Version 7.2.6 (x64 build 606) - Official Release - August 19, 2014"

When I wrote the message I was connecting using the latest non-bata release 8.x .

Thank you.
Derek

[mr.dk]

Version 7.2.6 (x64 build 606) - Official Release - August 19, 2014
I also have the latest non-bata 8.x version installed with the same message.


What do you mean by this:
I have also tested forwarding ports manual successfully.

On the master, if simply forward a port, and not use socks option I can connect to the forwarded port.


Thank you.

[bgagnon]

Hi Derek,

The version of SecureCRT won't matter when the jump host doesn't support dynamic port forwarding. You would probably need to talk to the admin of the jump host to see if it's something they intentionally disabled or continue using the other port forward configuration.

[mr.dk]

Quote:

Originally Posted by bgagnon

The jump host doesn't support dynamic port forwarding.

Is there a message log that would provide technical details as a confirmation about the remote side not support dynamic mapping?

Is there a server side SSHD configuration parameter that must be enabled?


Thank you.
Derek

[bgagnon]

Hi Derek,

Note also, that in order to use dynamic port forwarding, the client that connects to the forwarded port on the SecureCRT side of things *must* be able to be configured with SOCKS4/5 in order to connect to the forwarded port.

Do you know if the client connecting to the forwarded port supports SOCKS?

It's often useful to see trace options output which provides debugging information that may help us better understand the problem that you're experiencing.

To enable trace options output:

• First, open SecureCRT's main File pull-down menu and select Trace Options. If you open the File pull down menu again you should see a checkmark next to Trace Options, indicating that troubleshooting output is now enabled.
  
• Next, connect to the remote machine. With trace options enabled, you will notice debugging information displayed in the terminal window that isn't normally there by default when SecureCRT is attempting to establish a connection, and at certain times throughout the lifetime of the connection.
  
• Once the problem occurs, please right-click inside the terminal window and choose Select All, then right-click again and choose Copy to transfer the information to the clipboard.
  
• Finally, open a text editor, paste the information from the clipboard into the editor program, and save it as a text file.

Since trace options can contain sensitive information, feel free to send it as an attachment via email to support@vandyke.com. Please reference "Attn Brenda - Forum Thread #12524" in the subject line.

NOTICE: The requested troubleshooting data may include sensitive information (usernames, passwords, publicly-accessible host names or IP addresses, etc.).

Please redact sensitive information that would not be appropriate for email communication prior to sending the requested information.

If there is sensitive information that must be conveyed in order to provide a complete picture of the scenario you're facing, please let us know and we will set up a secure upload mechanism that can be used.