Should that second rule be WAN then like further down the list is?
Email notifications not working - firewall settings?
- Thread starter Whoaru99
- Start date
I wonder why that 2nd rule shows WAN1 as the source interface...odd.
Sorry...I got that backwards. WAN 1 is the only related choice in the dropdown. There is not just plain WAN.
The WAN you see towards the bottom is one of three default rules that cannot be modified nor disabled. The defaults can only be bypassed by actions of rules higher up the list in order of operations.
My opinion is it says WAN rather than WAN 1 probably because the default rule to block all WAN to LAN applies regardless if there is one or two WAN ports.
The WAN you see towards the bottom is one of three default rules that cannot be modified nor disabled. The defaults can only be bypassed by actions of rules higher up the list in order of operations.
My opinion is it says WAN rather than WAN 1 probably because the default rule to block all WAN to LAN applies regardless if there is one or two WAN ports.
Last edited:
@Whoaru99 sorry mate, if you enable the rule and it blocks traffic but you cannot find any entries in the logs I'm stuck on what to try next. Normally if something isn't working (i.e. XBox cross platform, VPN, so forth) I am able to find the entry in the logs that is being blocked which helps get to the bottom of the problem. I don't have that same router which is surely confounding the issue further.
Based on your wireshark trace, I am only seeing the port you have open, you could try adding other SMTP related ports just to eliminate those as the issue (repeat the rule for 25, 465, 587) but honestly that's just a hail mary, so you might be better to wait for someone with more expertise than I.
Based on your wireshark trace, I am only seeing the port you have open, you could try adding other SMTP related ports just to eliminate those as the issue (repeat the rule for 25, 465, 587) but honestly that's just a hail mary, so you might be better to wait for someone with more expertise than I.
Shouldn't be this hard based on the info shown in the logs. I recent cross posted on the Linksys forum to see if they might be able to offer any other advice too.
Weird thing is I received some notifications last night or night before after I'd messed with the settings, but then with no subsequent changes made the notices stopped coming and the test emails fail.
I'm about ready to break out a system I'd been using to run Smoothwall just to try something different to see if that works. Probably will hold off though until I see what shakes out from Linksys forum.
I'm still open to ideas from here but, personally, I'm out of ideas too.
It's almost like the router learns something then changes behavior.
Couple things not going right. This deal, then I ordered 8GB more RAM for the box I planned to run Blue Iris, but it's not recognizing more than 8GB. It's not the RAM itself, it's exactly the same make and model as has been in the computer. Trying to go from 4GB x 2 to 4GB x 4. There are two dual-channel slots and it looks like one pair of the slots isn't working.
Weird thing is I received some notifications last night or night before after I'd messed with the settings, but then with no subsequent changes made the notices stopped coming and the test emails fail.
I'm about ready to break out a system I'd been using to run Smoothwall just to try something different to see if that works. Probably will hold off though until I see what shakes out from Linksys forum.
I'm still open to ideas from here but, personally, I'm out of ideas too.
It's almost like the router learns something then changes behavior.
Couple things not going right. This deal, then I ordered 8GB more RAM for the box I planned to run Blue Iris, but it's not recognizing more than 8GB. It's not the RAM itself, it's exactly the same make and model as has been in the computer. Trying to go from 4GB x 2 to 4GB x 4. There are two dual-channel slots and it looks like one pair of the slots isn't working.
Last edited:
What I wonder, is on the Linksys do you have to do anything to "reload" the firewall rules? i.e. when you disable that one problematic rule, does it instantly start working?
The reason I ask is because on my firewall after I make a rule change I have to reboot the firewall (I guess it's a program which is handling this job) for the change to go into effect.
The reason I ask is because on my firewall after I make a rule change I have to reboot the firewall (I guess it's a program which is handling this job) for the change to go into effect.
And you have logging turned on for all the rules but you don't see any log entries (System, Incoming or Outgoing logs?) when the process is in the "not working" state? Just for stupidity sake, is there an option to allow TCP/UDP on that connection (shouldnt be needed because wireshark identifies it as TCP traffic), and were you able to add the additional rules for ports 25 and 465 "just in case"?
Since I dont have one of these I found a basic UI simulator I am poking around in: Web Management
Since I dont have one of these I found a basic UI simulator I am poking around in: Web Management
Ok cool, if you figure out how to get the logs then we can go from there and pick this up again.
I feel like you should be able to see logged events, it really bothers me that we can't seem to get those gritty details, and I'm not sure why its not working for you. I run a syslogd server to grab the messages on another computer (my BI computer pulls double duty here) could try that temporarily until we figure out whats going on, would require setting up something like Kiwi Syslog server (unless you got a linux box or something), and pointing the router to log events to it. That's quite a bit more work than SHOULD be required. I would say you could EMAIL the events to yourself, we could try it, but it would beg the question (if it worked) why it worked from the router and not the ip cameras hehe.
I feel like you should be able to see logged events, it really bothers me that we can't seem to get those gritty details, and I'm not sure why its not working for you. I run a syslogd server to grab the messages on another computer (my BI computer pulls double duty here) could try that temporarily until we figure out whats going on, would require setting up something like Kiwi Syslog server (unless you got a linux box or something), and pointing the router to log events to it. That's quite a bit more work than SHOULD be required. I would say you could EMAIL the events to yourself, we could try it, but it would beg the question (if it worked) why it worked from the router and not the ip cameras hehe.
alastairstevenson
Staff member
All good questions, kinduv match my own thoughts on reading the posts.
The logs, suitably enabled, should provide good clues.
@Whoaru99 - I hear what you say, but I'm still surprised you can't grab the logs content as text in the browser even if the box has no save/export facility.
On the other ports - from the wireshark interpretation it seems the initial 3-way handshake for the TCP/587 setup just does not complete.
That's pretty much at the base level.
Oh, I can and have copy/pasted from the webpage log into Excel. Just had not posted it here.
The problem is when the LAN block rule is enabled I don't see any reference to hitting/trying to hit port 587. It's like it's just not happening at all.
Yet, with the rule disabled, the firewall log shows the camera IP high port to Google port 587 and Google port 587 coming back just as Wireshark shows (although significantly less total detail in the router log than from Wireshark).
The problem is when the LAN block rule is enabled I don't see any reference to hitting/trying to hit port 587. It's like it's just not happening at all.
Yet, with the rule disabled, the firewall log shows the camera IP high port to Google port 587 and Google port 587 coming back just as Wireshark shows (although significantly less total detail in the router log than from Wireshark).
Last edited:
I'm beginning to wonder if the problem isn't more basic than the firewall rules.
In the camera's email settings the SMTP server is set up as smtp.gmail.com. If I have LAN to WAN blocked (no DNS??) how will it understand what to do with smtp.gmail.com?
In the camera's email settings the SMTP server is set up as smtp.gmail.com. If I have LAN to WAN blocked (no DNS??) how will it understand what to do with smtp.gmail.com?
Hey looking around the interface, can you make sure that both "Allow Policy" and "Deny Policy" boxes are checked on the System Logs tab? I have limited experience in this area, but in my limited experience we should be able to get both allowed and denied log entries.
Good point, maybe you have to allow DNS? Honestly though I thought the router would handle those DNS lookups for you. But maybe that's not true since you aren't getting the camera IPs via DHCP, they might need a DNS server configured or something. I would first try pointing them at the Linksys Router for their DNS, so you dont have to grant them WAN access.
Still nothing that I can ID re. 587 with the rule in place.Re: Post 54, I responded in post #55, but it was via an Edit, but anyway it would be pretty easy to allow cameras DNS access at least temporarily to test if that's the problem. That should be a standard application port.
That didn't work either.
Kept messing with the DNS-related stuff and have now received a couple nuisance alerts in the last hour so keeping my fingers crossed.
Where it's at now is what we've thought should work all along for firewall rules.
Rule 1 is to allow 587 from the camera IPs to any destination.
Rule 2 is to block all LAN traffic from the camera IPs to any destination.
Next, I changed the DNS settings in the cameras from Google DNS to the IP of the router. Still not working at this point.
I think what may be the key allowing all that to work was changing the DNS Server setting in the router from "DNS Proxy" to "Use DNS from ISP".
*beep* just got another email notification
Now seems I may need to work on the motion detection settings.
Kept messing with the DNS-related stuff and have now received a couple nuisance alerts in the last hour so keeping my fingers crossed.
Where it's at now is what we've thought should work all along for firewall rules.
Rule 1 is to allow 587 from the camera IPs to any destination.
Rule 2 is to block all LAN traffic from the camera IPs to any destination.
Next, I changed the DNS settings in the cameras from Google DNS to the IP of the router. Still not working at this point.
I think what may be the key allowing all that to work was changing the DNS Server setting in the router from "DNS Proxy" to "Use DNS from ISP".
*beep* just got another email notification
Now seems I may need to work on the motion detection settings.
Last edited: