Email notifications not working - firewall settings?

icecoffee

Getting the hang of it
Joined
Oct 3, 2018
Messages
85
Reaction score
55
Location
Houston
Wow...I really just don't get it. Now, with ZERO changes in any settings since last night I'm not getting notifications any more and again the test emails fail to send. WTF???
May be change to another gmail account. Google sometimes block the account if it detect high usage.
 

Whoaru99

Pulling my weight
Joined
Dec 22, 2018
Messages
422
Reaction score
159
Location
Here
Earlier I added a rule to allow DNS port 53 from the cameras, and set up the health email to send every hour. So far I have received 3 emails at the expected times.

Maybe this time is going to work...maybe.
 

Whoaru99

Pulling my weight
Joined
Dec 22, 2018
Messages
422
Reaction score
159
Location
Here
FWIW...

Has been roughly 24 hours since adding the rule to allow DNS/port 53 access from the camera IPs. Still getting the hourly health emails (and occasional motion notifications).

Added NTP too.

This I where I'm at now with firewall rules. 1 - 4 are what's been added. The last three without priority numbering are the standard/default rules -

snip1.JPG
snip2.JPG
 
Last edited:

alastairstevenson

Staff member
Joined
Oct 28, 2014
Messages
15,930
Reaction score
6,778
Location
Scotland
It seems you have fixed the problem - a good result, with some logic behind it.

I have a small supplemental question, though I suspect the answer may be lost in the detail of the changes that were tried.
Just my curiosity.
The starting pattern is clear, as you've described.

With the firewall rule turned off (email notifications working) -
  • Camera sends SYN
  • Google responds with SYN, ACK
  • Camera sends ACK

With the firewall rule turned on (email notifications not working) -
  • Camera sends SYN
  • (no SYN, ACK reply)
  • Two instances of retry with no reply
In your wireshark interpretations above the good result would be following on from the camera doing a DNS lookup to find the Google IP address.
Do you have a recollection if the camera was using your router IP address as the DNS setting, or was it set for an internet IP address?
Is your new 'DNS Allow' rule set to use TCP or UDP (or both)?
In the bad result above - do you know if the SYN that was not acknowledged was to the Google IP address, or something else?
 

Whoaru99

Pulling my weight
Joined
Dec 22, 2018
Messages
422
Reaction score
159
Location
Here
In your wireshark interpretations above the good result would be following on from the camera doing a DNS lookup to find the Google IP address.
Do you have a recollection if the camera was using your router IP address as the DNS setting, or was it set for an internet IP address?
Is your new 'DNS Allow' rule set to use TCP or UDP (or both)?
In the bad result above - do you know if the SYN that was not acknowledged was to the Google IP address, or something else?
Yes, initially the DNS settings in the camera were to Google's 8.8.8.8 and 8.8.4.4.

At some point in this ordeal I changed the DNS settings in the camera from Google to the router's IP. At first I thought that did it but then it was flakey. Seemed like it would work for a bit then not work. After struggling more with that, I noticed the DNS Server setting in the router was at "DNS Proxy". After reading a bit about what that was supposed to do, information seemed to indicate the DNS Proxy function was flakey in this router's early firmware and never really clear if it got sorted. So, I changed that setting from DNS Proxy to Use DNS from ISP. At first that seemed to work too, like a couple other things, but then it would again stop sending the mail. So, I finally resorted to opening port 53 to the cameras and they've been sending health emails and occasionally some nuisance alerts ever since.

The DNS rule is for UDP.

Yes, the SYN that was not acknowledged was to an IP in one of the ranges of IPs that Google uses for mail servers. I'm not sure if the cameras cache any DNS and that's why it worked on occasion for a short while then failed again? Maybe after some camera settings (or router settings) changed a DNS cache got flushed while the LAN was blocked and never rebuilt until I temporarily opened the LAN again or...??? Sorta wild guessing now. LOL.
 

alastairstevenson

Staff member
Joined
Oct 28, 2014
Messages
15,930
Reaction score
6,778
Location
Scotland
I noticed the DNS Server setting in the router was at "DNS Proxy". After reading a bit about what that was supposed to do, information seemed to indicate the DNS Proxy function was flakey in this router's early firmware and never really clear if it got sorted.
I'm not sure if the cameras cache any DNS and that's why it worked on occasion for a short while then failed again?
That does sound feasible, makes sense.

Your final, working rules have good logic behind them.
 
Top