Reply
New Member
Posts: 15
Registered: ‎06-15-2017
Kudos: 1

I cannot received my email anymore

 

Hi, 

 

I recently updated my Unifi Cloud Key as well as the Unifi to the latest version. And since, I cannot received any email from my own server (cpres3.idig.net port 993 with ssl). At first I thought my server had an outage, and tested it with my phone. If I'm connected to the wifi, the connection is impossible. So I tried to be on LTE, and my emails pops in my inbox. I activate the wifi, then retry, still got the error. I tested with some PC/Mac, phone/tablet and when I'm on my wifi, I can't get my emails from my server. I also have a yahoo email and I can receive the emails...

 

I tried to figured what's happend and the only thing that have changed is the firmware version and the unifi version. 

I don't remember creating rules or anything else in that way to block me from having my emails...

I changed the DNS in the CK just in case, still got the issue.

Search for days an answer online and I haven't found anything useful. 

 

The only thing remaining is to wipe everything and start from scratch, but I don't want to reconfigure all my networks. I have a UniFi Security Gateway 3P (ver. 4.4.29.5124210), 2 UniFi Switch 8 POE-60W (ver. 3.9.54.9373), 2 UniFi AP-AC-Pro (ver. 4.4.29.5124210) and the UniFi Cloud Key (firmware ver. 0.12.0). Everything run smoothly excepts my emails issue

 

So I'm here to ask for help because I'm clueless. Hope someone will be able to help me

Thanks!

Highlighted
Veteran Member
Posts: 5,718
Registered: ‎01-04-2017
Kudos: 811
Solutions: 290

Re: I cannot received my email anymore

Did you try a simple reboot of devices? Post config
New Member
Posts: 36
Registered: ‎02-22-2018
Kudos: 6
Solutions: 4

Re: I cannot received my email anymore

[ Edited ]

This sounds like a firewall problem. Check your firewall entries and maybe IPS block list.

 

And check firewall on your server. It could be that server is blocking your home IP. Try to do anything else on the server, like open website (if you host it) or SSH connection or something.

One small step for LAN, a giant leap of WLAN.
New Member
Posts: 15
Registered: ‎06-15-2017
Kudos: 1

Re: I cannot received my email anymore

Yep, I tried to reboot it many times. Also, I have some trouble with my CloudKey, but that's another subject. 

New Member
Posts: 15
Registered: ‎06-15-2017
Kudos: 1

Re: I cannot received my email anymore

Hi sce-ds2 and thanks for your kind reply.

 

The email server is located in another city and I haven't any issue before the update (or it's just a coincidence). Maybe something lies in the configuration of the network... but I don't know where to search. I'm able to ssh my devices in case I'll have to do some stuff there...

 

For the firewall configuration, here what I have:

PS. Sorry for the bulk information.

 

RULES IPv4

 

WAN IN

RULE INDEX ENABLED NAME ACTION PROTOCOL SOURCE DESTINATION ACTIONS
3001 allow established/related sessions Accept All
3002 drop invalid state Drop All
3003 PortForward [Plex] Accept TCP and UDP
3004 PortForward [Torrent] Accept TCP and UDP

 

WAN LOCAL

RULE INDEX ENABLED NAME ACTION PROTOCOL SOURCE DESTINATION ACTIONS
3001 allow established/related sessions Accept All 
3002 drop invalid state Drop All 

 

LAN IN & LAN OUT

RULE INDEX ENABLED NAME ACTION PROTOCOL SOURCE DESTINATION ACTIONS
6001 accounting defined network 192.168.1.0/24 Accept All
6002 accounting defined network 192.168.2.0/24 Accept All

 

GUEST IN

RULE INDEX ENABLED NAME ACTION PROTOCOL SOURCE DESTINATION ACTIONS
3001 allow DNS packets to external name servers Accept TCP and UDP
3002 allow packets to captive portal Accept TCP
3003 allow packets to allow subnets Accept All
3004 drop packets to restricted subnets Drop All
3005 drop packets to intranet Drop All
3006 drop packets to remote user Drop All
3007 authorized guests white list Drop All

 

GUEST LOCAL

RULE INDEX ENABLED NAME ACTION PROTOCOL SOURCE DESTINATION ACTIONS
3001 allow DNS Accept TCP and UDP
3002 allow ICMP Accept ICMP
3003 allow to DHCP server Accept UDP

 

No group is defined

 

And the remaining settings

CONNTRACK MODULES
FTP = ON
GRE = ON
H.323 = ON
PPTP = ON
SIP = ON
TFTP = ON


STATE TIMEOUTS
ICMP = 30 seconds
Other = 600 seconds
TCP Close = 10 seconds
TCP Close Wait = 60 seconds
TCP Established = 7440 seconds
TCP FIN Wait = 120 seconds
TCP Last ACK = 30 seconds
TCP SYN Recv = 60 seconds
TCP SYN Sent = 120 seconds
TCP Time Wait = 120 seconds
UDP Other = 30 seconds
UDP Stream = 180 seconds


FIREWALL OPTIONS
Broadcast Ping = OFF
Receive Redirects = OFF
Send Redirects = ON
SYN Cookies = ON


DEFAULT ACTION LOGGING
WAN Rules = OFF
LAN Rules = OFF
Guest Rules = OFF

 

The port forwarding configuration:

NAME DEST IP/PORT ACTIONS
Plex * 32400 192.168.1.110:32400
Torrent * 45682 192.168.1.111:45682

 

This configuration was there before my email refused to work at home. 

I don't see anything wrong with this configuration, but if you see something, tell me. 

 

I'll think I'll contact my ISP to check if the port 993 is blocked. In the meantime, I'll continue to search for a fix...

 

Thanks for your help!

New Member
Posts: 36
Registered: ‎02-22-2018
Kudos: 6
Solutions: 4

Re: I cannot received my email anymore

Well I still think there is a firewall problem on your server. Server where you host your email. It could be that it blocked your home ip. Can you check that as well?

One small step for LAN, a giant leap of WLAN.
New Member
Posts: 15
Registered: ‎06-15-2017
Kudos: 1

Re: I cannot received my email anymore

I'll check that too!
New Member
Posts: 15
Registered: ‎06-15-2017
Kudos: 1

Re: I cannot received my email anymore

I had a talk with my ISP and they confirm what I already thought, they didn't have blocked anything that can cause this. 

 

So, I play drastically and I decided to remove completly the USG/UAP chain from the equation and everything went fine when I was directly plugged into the modem. So the issue came from a configuration somewhere in the Controller/Router/Switches/Access Point. 

 

Does someone have an idea where or how I can fix this issue? 

 

Thanks!

New Member
Posts: 5
Registered: ‎07-20-2018

Re: I cannot received my email anymore

I think I would SSH into USG and run tcpdump to look for and trace traffic from your iphone or to your mailserver.

New Member
Posts: 15
Registered: ‎06-15-2017
Kudos: 1

Re: I cannot received my email anymore

Hi, 

 

Here's the tcpdump output, but only for the port 993 (IMAP with SSL)

user@SecurityGateway:~$ sudo tcpdump port 993 -v
tcpdump: listening on eth0, link-type EN10MB (Ethernet), capture size 262144 byt                                                                                              es
20:31:21.856843 IP (tos 0x0, ttl 63, id 0, offset 0, flags [DF], proto TCP (6), length 64)
    modemcable015.78-48-24.mc.videotron.ca.49169 > cpres3.idig.net.imaps: Flags [S], cksum 0x6d98 (correct), seq 1330475841, win 65535, options [mss 1460,nop,wscale 6,nop,nop,TS val 1522825872 ecr 0,sackOK,eol], length 0
20:31:32.847149 IP (tos 0x0, ttl 63, id 0, offset 0, flags [DF], proto TCP (6), length 64)
    modemcable015.78-48-24.mc.videotron.ca.49172 > cpres3.idig.net.imaps: Flags [S], cksum 0x50bd (correct), seq 1058043260, win 65535, options [mss 1460,nop,wscale 6,nop,nop,TS val 1522836842 ecr 0,sackOK,eol], length 0
20:31:33.850630 IP (tos 0x0, ttl 63, id 0, offset 0, flags [DF], proto TCP (6), length 64)
    modemcable015.78-48-24.mc.videotron.ca.49172 > cpres3.idig.net.imaps: Flags [S], cksum 0x4cd5 (correct), seq 1058043260, win 65535, options [mss 1460,nop,wscale 6,nop,nop,TS val 1522837842 ecr 0,sackOK,eol], length 0
20:31:38.604288 IP (tos 0x0, ttl 63, id 0, offset 0, flags [DF], proto TCP (6), length 64)
    modemcable015.78-48-24.mc.videotron.ca.49173 > cpres3.idig.net.imaps: Flags [S], cksum 0xa5f6 (correct), seq 814094423, win 65535, options [mss 1460,nop,wscale 6,nop,nop,TS val 1522842591 ecr 0,sackOK,eol], length 0
20:31:38.631170 IP (tos 0x0, ttl 63, id 0, offset 0, flags [DF], proto TCP (6), length 64)
    modemcable015.78-48-24.mc.videotron.ca.49174 > sky400-1.mail.vip.bf2.yahoo.com.imaps: Flags [S], cksum 0xd6f7 (correct), seq 2369969575, win 65535, options [mss 1460,nop,wscale 6,nop,nop,TS val 1522842622 ecr 0,sackOK,eol], length 0
20:31:38.652801 IP (tos 0x0, ttl 50, id 0, offset 0, flags [DF], proto TCP (6), length 60)
    sky400-1.mail.vip.bf2.yahoo.com.imaps > modemcable015.78-48-24.mc.videotron.ca.49174: Flags [S.], cksum 0x4aa1 (correct), seq 2455453880, ack 2369969576, win 14480, options [mss 1460,sackOK,TS val 3120224168 ecr 1522842622,nop,wscale 9], length 0
20:31:38.657352 IP (tos 0x0, ttl 63, id 0, offset 0, flags [DF], proto TCP (6), length 52)
    modemcable015.78-48-24.mc.videotron.ca.49174 > sky400-1.mail.vip.bf2.yahoo.com.imaps: Flags [.], cksum 0xa9dc (correct), ack 1, win 2058, options [nop,nop,TS val 1522842647 ecr 3120224168], length 0
20:31:38.686566 IP (tos 0x0, ttl 50, id 38781, offset 0, flags [DF], proto TCP (6), length 52)
    sky400-1.mail.vip.bf2.yahoo.com.imaps > modemcable015.78-48-24.mc.videotron.ca.49174: Flags [.], cksum 0xb0dd (correct), ack 200, win 31, options [nop,nop,TS val 3120224203 ecr 1522842647], length 0
20:31:38.705395 IP (tos 0x0, ttl 63, id 0, offset 0, flags [DF], proto TCP (6), length 64)
    modemcable015.78-48-24.mc.videotron.ca.49175 > 17.36.205.4.imaps: Flags [S], cksum 0xe1d6 (correct), seq 3271586489, win 65535, options [mss 1460,nop,wscale 6,nop,nop,TS val 1522842694 ecr 0,sackOK,eol], length 0
20:31:38.753250 IP (tos 0x0, ttl 51, id 0, offset 0, flags [DF], proto TCP (6), length 60)
    17.36.205.4.imaps > modemcable015.78-48-24.mc.videotron.ca.49175: Flags [S.], cksum 0x64ef (correct), seq 573235158, ack 3271586490, win 28960, options [mss 1460,sackOK,TS val 1400686396 ecr 1522842694,nop,wscale 7], length 0
20:31:38.757608 IP (tos 0x0, ttl 63, id 0, offset 0, flags [DF], proto TCP (6), length 52)
    modemcable015.78-48-24.mc.videotron.ca.49175 > 17.36.205.4.imaps: Flags [.], cksum 0xfc9f (correct), ack 1, win 2058, options [nop,nop,TS val 1522842744 ecr 1400686396], length 0
20:31:38.800562 IP (tos 0x0, ttl 51, id 6321, offset 0, flags [DF], proto TCP (6), length 52)
    17.36.205.4.imaps > modemcable015.78-48-24.mc.videotron.ca.49175: Flags [.], cksum 0x02cd (correct), ack 195, win 235, options [nop,nop,TS val 1400686444 ecr 1522842744], length 0
20:31:39.636320 IP (tos 0x0, ttl 63, id 0, offset 0, flags [DF], proto TCP (6), length 64)
    modemcable015.78-48-24.mc.videotron.ca.49173 > cpres3.idig.net.imaps: Flags [S], cksum 0xa20e (correct), seq 814094423, win 65535, options [mss 1460,nop,wscale 6,nop,nop,TS val 1522843591 ecr 0,sackOK,eol], length 0
20:31:40.567869 IP (tos 0x0, ttl 63, id 0, offset 0, flags [DF], proto TCP (6), length 64)
    modemcable015.78-48-24.mc.videotron.ca.49176 > 17.36.205.4.imaps: Flags [S], cksum 0x40e8 (correct), seq 1914920314, win 65535, options [mss 1460,nop,wscale 6,nop,nop,TS val 1522844496 ecr 0,sackOK,eol], length 0
20:31:40.608157 IP (tos 0x0, ttl 51, id 0, offset 0, flags [DF], proto TCP (6), length 60)
    17.36.205.4.imaps > modemcable015.78-48-24.mc.videotron.ca.49176: Flags [S.], cksum 0x7dae (correct), seq 2244790482, ack 1914920315, win 28960, options [mss 1460,sackOK,TS val 1450491384 ecr 1522844496,nop,wscale 7], length 0
20:31:40.613008 IP (tos 0x0, ttl 63, id 0, offset 0, flags [DF], proto TCP (6), length 52)
    modemcable015.78-48-24.mc.videotron.ca.49176 > 17.36.205.4.imaps: Flags [.], cksum 0x1565 (correct), ack 1, win 2058, options [nop,nop,TS val 1522844540 ecr 1450491384], length 0
20:31:40.656390 IP (tos 0x0, ttl 51, id 30449, offset 0, flags [DF], proto TCP (6), length 52)
    17.36.205.4.imaps > modemcable015.78-48-24.mc.videotron.ca.49176: Flags [.], cksum 0x1b70 (correct), ack 227, win 235, options [nop,nop,TS val 1450491433 ecr 1522844541], length 0
20:31:40.665627 IP (tos 0x0, ttl 63, id 0, offset 0, flags [DF], proto TCP (6), length 64)
    modemcable015.78-48-24.mc.videotron.ca.49173 > cpres3.idig.net.imaps: Flags [S], cksum 0x9e26 (correct), seq 814094423, win 65535, options [mss 1460,nop,wscale 6,nop,nop,TS val 1522844591 ecr 0,sackOK,eol], length 0
20:31:41.684566 IP (tos 0x0, ttl 63, id 0, offset 0, flags [DF], proto TCP (6), length 64)
    modemcable015.78-48-24.mc.videotron.ca.49173 > cpres3.idig.net.imaps: Flags [S], cksum 0x9a3e (correct), seq 814094423, win 65535, options [mss 1460,nop,wscale 6,nop,nop,TS val 1522845591 ecr 0,sackOK,eol], length 0
20:31:42.697272 IP (tos 0x0, ttl 63, id 0, offset 0, flags [DF], proto TCP (6), length 64)
    modemcable015.78-48-24.mc.videotron.ca.49173 > cpres3.idig.net.imaps: Flags [S], cksum 0x9656 (correct), seq 814094423, win 65535, options [mss 1460,nop,wscale 6,nop,nop,TS val 1522846591 ecr 0,sackOK,eol], length 0
20:31:43.717834 IP (tos 0x0, ttl 63, id 0, offset 0, flags [DF], proto TCP (6), length 64)
    modemcable015.78-48-24.mc.videotron.ca.49173 > cpres3.idig.net.imaps: Flags [S], cksum 0x926e (correct), seq 814094423, win 65535, options [mss 1460,nop,wscale 6,nop,nop,TS val 1522847591 ecr 0,sackOK,eol], length 0
20:31:45.808312 IP (tos 0x0, ttl 63, id 0, offset 0, flags [DF], proto TCP (6), length 64)
    modemcable015.78-48-24.mc.videotron.ca.49173 > cpres3.idig.net.imaps: Flags [S], cksum 0x8a9e (correct), seq 814094423, win 65535, options [mss 1460,nop,wscale 6,nop,nop,TS val 1522849591 ecr 0,sackOK,eol], length 0
20:31:49.838619 IP (tos 0x0, ttl 63, id 0, offset 0, flags [DF], proto TCP (6), length 64)
    modemcable015.78-48-24.mc.videotron.ca.49173 > cpres3.idig.net.imaps: Flags [S], cksum 0x7afe (correct), seq 814094423, win 65535, options [mss 1460,nop,wscale 6,nop,nop,TS val 1522853591 ecr 0,sackOK,eol], length 0
20:31:51.341655 IP (tos 0x0, ttl 63, id 0, offset 0, flags [DF], proto TCP (6), length 64)
    modemcable015.78-48-24.mc.videotron.ca.49177 > sky400-1.mail.vip.bf2.yahoo.com.imaps: Flags [S], cksum 0x200c (correct), seq 2033154037, win 65535, options [mss 1460,nop,wscale 6,nop,nop,TS val 1522855084 ecr 0,sackOK,eol], length 0
20:31:51.366414 IP (tos 0x0, ttl 51, id 0, offset 0, flags [DF], proto TCP (6), length 60)
    sky400-1.mail.vip.bf2.yahoo.com.imaps > modemcable015.78-48-24.mc.videotron.ca.49177: Flags [S.], cksum 0x710d (correct), seq 3744595556, ack 2033154038, win 14480, options [mss 1460,sackOK,TS val 3533690664 ecr 1522855084,nop,wscale 9], length 0
20:31:51.371249 IP (tos 0x0, ttl 63, id 0, offset 0, flags [DF], proto TCP (6), length 52)
    modemcable015.78-48-24.mc.videotron.ca.49177 > sky400-1.mail.vip.bf2.yahoo.com.imaps: Flags [.], cksum 0xd044 (correct), ack 1, win 2058, options [nop,nop,TS val 1522855113 ecr 3533690664], length 0
20:31:51.404096 IP (tos 0x0, ttl 51, id 10528, offset 0, flags [DF], proto TCP (6), length 52)
    sky400-1.mail.vip.bf2.yahoo.com.imaps > modemcable015.78-48-24.mc.videotron.ca.49177: Flags [.], cksum 0xd720 (correct), ack 232, win 31, options [nop,nop,TS val 3533690702 ecr 1522855115], length 0
20:31:57.870783 IP (tos 0x0, ttl 63, id 0, offset 0, flags [DF], proto TCP (6), length 64)
    modemcable015.78-48-24.mc.videotron.ca.49173 > cpres3.idig.net.imaps: Flags [S], cksum 0x5bbe (correct), seq 814094423, win 65535, options [mss 1460,nop,wscale 6,nop,nop,TS val 1522861591 ecr 0,sackOK,eol], length 0
20:32:00.625220 IP (tos 0x0, ttl 63, id 0, offset 0, flags [DF], proto TCP (6), length 64)
    modemcable015.78-48-24.mc.videotron.ca.49178 > cpres3.idig.net.imaps: Flags [S], cksum 0x0c2e (correct), seq 1221084385, win 65535, options [mss 1460,nop,wscale 6,nop,nop,TS val 1522864342 ecr 0,sackOK,eol], length 0
20:32:01.632528 IP (tos 0x0, ttl 63, id 0, offset 0, flags [DF], proto TCP (6), length 64)
    modemcable015.78-48-24.mc.videotron.ca.49178 > cpres3.idig.net.imaps: Flags [S], cksum 0x0846 (correct), seq 1221084385, win 65535, options [mss 1460,nop,wscale 6,nop,nop,TS val 1522865342 ecr 0,sackOK,eol], length 0
20:32:02.639292 IP (tos 0x0, ttl 63, id 0, offset 0, flags [DF], proto TCP (6), length 64)
    modemcable015.78-48-24.mc.videotron.ca.49178 > cpres3.idig.net.imaps: Flags [S], cksum 0x045d (correct), seq 1221084385, win 65535, options [mss 1460,nop,wscale 6,nop,nop,TS val 1522866343 ecr 0,sackOK,eol], length 0
20:32:03.640863 IP (tos 0x0, ttl 63, id 0, offset 0, flags [DF], proto TCP (6), length 64)
    modemcable015.78-48-24.mc.videotron.ca.49178 > cpres3.idig.net.imaps: Flags [S], cksum 0x0075 (correct), seq 1221084385, win 65535, options [mss 1460,nop,wscale 6,nop,nop,TS val 1522867343 ecr 0,sackOK,eol], length 0
20:32:04.641964 IP (tos 0x0, ttl 63, id 0, offset 0, flags [DF], proto TCP (6), length 64)
    modemcable015.78-48-24.mc.videotron.ca.49178 > cpres3.idig.net.imaps: Flags [S], cksum 0xfc8c (correct), seq 1221084385, win 65535, options [mss 1460,nop,wscale 6,nop,nop,TS val 1522868343 ecr 0,sackOK,eol], length 0
20:32:05.643240 IP (tos 0x0, ttl 63, id 0, offset 0, flags [DF], proto TCP (6), length 64)
    modemcable015.78-48-24.mc.videotron.ca.49178 > cpres3.idig.net.imaps: Flags [S], cksum 0xf8a4 (correct), seq 1221084385, win 65535, options [mss 1460,nop,wscale 6,nop,nop,TS val 1522869343 ecr 0,sackOK,eol], length 0
20:32:07.644161 IP (tos 0x0, ttl 63, id 0, offset 0, flags [DF], proto TCP (6), length 64)
    modemcable015.78-48-24.mc.videotron.ca.49178 > cpres3.idig.net.imaps: Flags [S], cksum 0xf0d4 (correct), seq 1221084385, win 65535, options [mss 1460,nop,wscale 6,nop,nop,TS val 1522871343 ecr 0,sackOK,eol], length 0
20:32:08.663514 IP (tos 0x0, ttl 63, id 0, offset 0, flags [DF], proto TCP (6), length 64)
    modemcable015.78-48-24.mc.videotron.ca.49179 > cpres3.idig.net.imaps: Flags [S], cksum 0x5b52 (correct), seq 627505610, win 65535, options [mss 1460,nop,wscale 6,nop,nop,TS val 1522872361 ecr 0,sackOK,eol], length 0
20:32:09.664696 IP (tos 0x0, ttl 63, id 0, offset 0, flags [DF], proto TCP (6), length 64)
    modemcable015.78-48-24.mc.videotron.ca.49179 > cpres3.idig.net.imaps: Flags [S], cksum 0x576a (correct), seq 627505610, win 65535, options [mss 1460,nop,wscale 6,nop,nop,TS val 1522873361 ecr 0,sackOK,eol], length 0
20:32:10.665859 IP (tos 0x0, ttl 63, id 0, offset 0, flags [DF], proto TCP (6), length 64)
    modemcable015.78-48-24.mc.videotron.ca.49179 > cpres3.idig.net.imaps: Flags [S], cksum 0x5382 (correct), seq 627505610, win 65535, options [mss 1460,nop,wscale 6,nop,nop,TS val 1522874361 ecr 0,sackOK,eol], length 0
20:32:11.648974 IP (tos 0x0, ttl 63, id 0, offset 0, flags [DF], proto TCP (6), length 64)
    modemcable015.78-48-24.mc.videotron.ca.49178 > cpres3.idig.net.imaps: Flags [S], cksum 0xe134 (correct), seq 1221084385, win 65535, options [mss 1460,nop,wscale 6,nop,nop,TS val 1522875343 ecr 0,sackOK,eol], length 0
20:32:11.661799 IP (tos 0x0, ttl 63, id 0, offset 0, flags [DF], proto TCP (6), length 64)
    modemcable015.78-48-24.mc.videotron.ca.49179 > cpres3.idig.net.imaps: Flags [S], cksum 0x4f99 (correct), seq 627505610, win 65535, options [mss 1460,nop,wscale 6,nop,nop,TS val 1522875362 ecr 0,sackOK,eol], length 0
20:32:12.671992 IP (tos 0x0, ttl 63, id 0, offset 0, flags [DF], proto TCP (6), length 64)
    modemcable015.78-48-24.mc.videotron.ca.49179 > cpres3.idig.net.imaps: Flags [S], cksum 0x4bb1 (correct), seq 627505610, win 65535, options [mss 1460,nop,wscale 6,nop,nop,TS val 1522876362 ecr 0,sackOK,eol], length 0
20:32:13.664724 IP (tos 0x0, ttl 63, id 0, offset 0, flags [DF], proto TCP (6), length 64)
    modemcable015.78-48-24.mc.videotron.ca.49179 > cpres3.idig.net.imaps: Flags [S], cksum 0x47c9 (correct), seq 627505610, win 65535, options [mss 1460,nop,wscale 6,nop,nop,TS val 1522877362 ecr 0,sackOK,eol], length 0
20:32:15.669200 IP (tos 0x0, ttl 63, id 0, offset 0, flags [DF], proto TCP (6), length 64)
    modemcable015.78-48-24.mc.videotron.ca.49179 > cpres3.idig.net.imaps: Flags [S], cksum 0x3ff9 (correct), seq 627505610, win 65535, options [mss 1460,nop,wscale 6,nop,nop,TS val 1522879362 ecr 0,sackOK,eol], length 0
20:32:16.169620 IP (tos 0x0, ttl 127, id 19855, offset 0, flags [DF], proto TCP (6), length 52)
    modemcable015.78-48-24.mc.videotron.ca.53001 > cpres3.idig.net.imaps: Flags [S], cksum 0xb965 (correct), seq 1650726877, win 64240, options [mss 1460,nop,wscale 8,nop,nop,sackOK], length 0

 

I also run the command show interface [...] just in case something will be different... but no

root@SecurityGateway:~$ show interfaces ethernet eth0 capture port 993
Capturing traffic on eth0 port 993 ...
20:16:30.715906 IP 24.48.78.15.51644 > 76.74.187.4.993: Flags [S], seq 302109927                                           7, win 64240, options [mss 1460,nop,wscale 8,nop,nop,sackOK], length 0
20:16:56.208565 IP 24.48.78.15.51680 > 76.74.187.4.993: Flags [S], seq 362669669                                           3, win 64240, options [mss 1460,nop,wscale 8,nop,nop,sackOK], length 0
20:16:59.261970 IP 24.48.78.15.51680 > 76.74.187.4.993: Flags [S], seq 362669669                                           3, win 64240, options [mss 1460,nop,wscale 8,nop,nop,sackOK], length 0
20:17:05.362203 IP 24.48.78.15.51680 > 76.74.187.4.993: Flags [S], seq 362669669                                           3, win 64240, options [mss 1460,nop,wscale 8,nop,nop,sackOK], length 0
20:17:25.158141 IP 24.48.78.15.51733 > 76.74.187.4.993: Flags [S], seq 3561516600, win 64240, options [mss 1460,nop,wscale 8,nop,nop,sackOK], length 0
20:17:28.349997 IP 24.48.78.15.51733 > 76.74.187.4.993: Flags [S], seq 3561516600, win 64240, options [mss 1460,nop,wscale 8,nop,nop,sackOK], length 0
20:17:34.349978 IP 24.48.78.15.51733 > 76.74.187.4.993: Flags [S], seq 3561516600, win 64240, options [mss 1460,nop,wscale 8,nop,nop,sackOK], length 0
20:17:57.177457 IP 24.48.78.15.65534 > 74.6.106.26.993: Flags [S], seq 2932954381, win 65535, options [mss 1460,nop,wscale 6,nop,nop,TS val 1522593705 ecr 0,sackOK,eol], length 0
20:17:57.188420 IP 24.48.78.15.65535 > 17.36.205.69.993: Flags [S], seq 1379569226, win 65535, options [mss 1460,nop,wscale 6,nop,nop,TS val 1522593714 ecr 0,sackOK,eol], length 0
20:17:57.201495 IP 74.6.106.26.993 > 24.48.78.15.65534: Flags [S.], seq 529474161, ack 2932954382, win 14480, options [mss 1460,sackOK,TS val 3523913111 ecr 1522593705,nop,wscale 9], length 0
20:17:57.206030 IP 24.48.78.15.65534 > 74.6.106.26.993: Flags [.], ack 1, win 2058, options [nop,nop,TS val 1522593731 ecr 3523913111], length 0
20:17:57.215341 IP 24.48.78.15.49152 > 76.74.187.4.993: Flags [S], seq 2546202859, win 65535, options [mss 1460,nop,wscale 6,nop,nop,TS val 1522593740 ecr 0,sackOK,eol], length 0
20:17:57.216043 IP 24.48.78.15.49153 > 76.74.187.4.993: Flags [S], seq 170252115, win 65535, options [mss 1460,nop,wscale 6,nop,nop,TS val 1522593740 ecr 0,sackOK,eol], length 0
20:17:57.228975 IP 17.36.205.69.993 > 24.48.78.15.65535: Flags [S.], seq 4109486342, ack 1379569227, win 28960, options [mss 1460,sackOK,TS val 1458782156 ecr 1522593714,nop,wscale 7], length 0
20:17:57.233651 IP 24.48.78.15.65535 > 17.36.205.69.993: Flags [.], ack 1, win 2058, options [nop,nop,TS val 1522593757 ecr 1458782156], length 0
20:17:57.235024 IP 74.6.106.26.993 > 24.48.78.15.65534: Flags [.], ack 200, win 31, options [nop,nop,TS val 3523913144 ecr 1522593732], length 0
20:17:57.276041 IP 17.36.205.69.993 > 24.48.78.15.65535: Flags [.], ack 195, win 235, options [nop,nop,TS val 1458782203 ecr 1522593758], length 0
20:17:58.242231 IP 24.48.78.15.49153 > 76.74.187.4.993: Flags [S], seq 170252115, win 65535, options [mss 1460,nop,wscale 6,nop,nop,TS val 1522594740 ecr 0,sackOK,eol], length 0
20:17:58.242456 IP 24.48.78.15.49152 > 76.74.187.4.993: Flags [S], seq 2546202859, win 65535, options [mss 1460,nop,wscale 6,nop,nop,TS val 1522594740 ecr 0,sackOK,eol], length 0
20:17:59.265967 IP 24.48.78.15.49153 > 76.74.187.4.993: Flags [S], seq 170252115, win 65535, options [mss 1460,nop,wscale 6,nop,nop,TS val 1522595740 ecr 0,sackOK,eol], length 0
20:17:59.266192 IP 24.48.78.15.49152 > 76.74.187.4.993: Flags [S], seq 2546202859, win 65535, options [mss 1460,nop,wscale 6,nop,nop,TS val 1522595740 ecr 0,sackOK,eol], length 0
20:18:00.278619 IP 24.48.78.15.49153 > 76.74.187.4.993: Flags [S], seq 170252115, win 65535, options [mss 1460,nop,wscale 6,nop,nop,TS val 1522596740 ecr 0,sackOK,eol], length 0
20:18:00.278843 IP 24.48.78.15.49152 > 76.74.187.4.993: Flags [S], seq 2546202859, win 65535, options [mss 1460,nop,wscale 6,nop,nop,TS val 1522596740 ecr 0,sackOK,eol], length 0
20:18:01.290660 IP 24.48.78.15.49153 > 76.74.187.4.993: Flags [S], seq 170252115, win 65535, options [mss 1460,nop,wscale 6,nop,nop,TS val 1522597740 ecr 0,sackOK,eol], length 0
20:18:01.290871 IP 24.48.78.15.49152 > 76.74.187.4.993: Flags [S], seq 2546202859, win 65535, options [mss 1460,nop,wscale 6,nop,nop,TS val 1522597740 ecr 0,sackOK,eol], length 0
20:18:02.315111 IP 24.48.78.15.49153 > 76.74.187.4.993: Flags [S], seq 170252115, win 65535, options [mss 1460,nop,wscale 6,nop,nop,TS val 1522598740 ecr 0,sackOK,eol], length 0
20:18:02.315327 IP 24.48.78.15.49152 > 76.74.187.4.993: Flags [S], seq 2546202859, win 65535, options [mss 1460,nop,wscale 6,nop,nop,TS val 1522598740 ecr 0,sackOK,eol], length 0
20:18:03.101933 IP 24.48.78.15.49154 > 74.6.106.26.993: Flags [S], seq 2388872164, win 65535, options [mss 1460,nop,wscale 6,nop,nop,TS val 1522599519 ecr 0,sackOK,eol], length 0
20:18:03.125489 IP 74.6.106.26.993 > 24.48.78.15.49154: Flags [S.], seq 3235251482, ack 2388872165, win 14480, options [mss 1460,sackOK,TS val 3134890632 ecr 1522599519,nop,wscale 9], length 0
20:18:03.129992 IP 24.48.78.15.49154 > 74.6.106.26.993: Flags [.], ack 1, win 2058, options [nop,nop,TS val 1522599545 ecr 3134890632], length 0
20:18:03.159458 IP 74.6.106.26.993 > 24.48.78.15.49154: Flags [.], ack 232, win 31, options [nop,nop,TS val 3134890666 ecr 1522599545], length 0
20:18:04.349285 IP 24.48.78.15.49153 > 76.74.187.4.993: Flags [S], seq 170252115, win 65535, options [mss 1460,nop,wscale 6,nop,nop,TS val 1522600741 ecr 0,sackOK,eol], length 0
20:18:04.349501 IP 24.48.78.15.49152 > 76.74.187.4.993: Flags [S], seq 2546202859, win 65535, options [mss 1460,nop,wscale 6,nop,nop,TS val 1522600741 ecr 0,sackOK,eol], length 0
20:18:04.721903 IP 24.48.78.15.49154 > 74.6.106.26.993: Flags [F.], seq 2277, ack 7868, win 2048, options [nop,nop,TS val 1522601117 ecr 3134892184], length 0
20:18:04.747449 IP 74.6.106.26.993 > 24.48.78.15.49154: Flags [F.], seq 7868, ack 2278, win 42, options [nop,nop,TS val 3134892254 ecr 1522601117], length 0
20:18:08.360025 IP 24.48.78.15.49153 > 76.74.187.4.993: Flags [S], seq 170252115, win 65535, options [mss 1460,nop,wscale 6,nop,nop,TS val 1522604741 ecr 0,sackOK,eol], length 0
20:18:08.360255 IP 24.48.78.15.49152 > 76.74.187.4.993: Flags [S], seq 2546202859, win 65535, options [mss 1460,nop,wscale 6,nop,nop,TS val 1522604741 ecr 0,sackOK,eol], length 0
20:18:16.363207 IP 24.48.78.15.49153 > 76.74.187.4.993: Flags [S], seq 170252115, win 65535, options [mss 1460,nop,wscale 6,nop,nop,TS val 1522612741 ecr 0,sackOK,eol], length 0
20:18:16.363425 IP 24.48.78.15.49152 > 76.74.187.4.993: Flags [S], seq 2546202859, win 65535, options [mss 1460,nop,wscale 6,nop,nop,TS val 1522612741 ecr 0,sackOK,eol], length 0
20:18:16.540713 IP 24.48.78.15.51816 > 72.30.3.55.993: Flags [S], seq 3294482908, win 64240, options [mss 1460,nop,wscale 8,nop,nop,sackOK], length 0
20:18:16.563222 IP 72.30.3.55.993 > 24.48.78.15.51816: Flags [S.], seq 856801746, ack 3294482909, win 14600, options [mss 1460,nop,nop,sackOK,nop,wscale 9], length 0
20:18:16.564011 IP 24.48.78.15.51816 > 72.30.3.55.993: Flags [.], ack 1, win 256, length 0
20:18:16.589154 IP 72.30.3.55.993 > 24.48.78.15.51816: Flags [.], ack 183, win 31, length 0
20:18:27.178387 IP 24.48.78.15.49155 > 76.74.187.4.993: Flags [S], seq 873120666, win 65535, options [mss 1460,nop,wscale 6,nop,nop,TS val 1522623539 ecr 0,sackOK,eol], length 0
20:18:27.178693 IP 24.48.78.15.49156 > 76.74.187.4.993: Flags [S], seq 3020245125, win 65535, options [mss 1460,nop,wscale 6,nop,nop,TS val 1522623543 ecr 0,sackOK,eol], length 0
20:18:28.178355 IP 24.48.78.15.49155 > 76.74.187.4.993: Flags [S], seq 873120666, win 65535, options [mss 1460,nop,wscale 6,nop,nop,TS val 1522624539 ecr 0,sackOK,eol], length 0
20:18:28.178568 IP 24.48.78.15.49156 > 76.74.187.4.993: Flags [S], seq 3020245125, win 65535, options [mss 1460,nop,wscale 6,nop,nop,TS val 1522624543 ecr 0,sackOK,eol], length 0
20:18:29.182631 IP 24.48.78.15.49155 > 76.74.187.4.993: Flags [S], seq 873120666, win 65535, options [mss 1460,nop,wscale 6,nop,nop,TS val 1522625539 ecr 0,sackOK,eol], length 0
20:18:29.182944 IP 24.48.78.15.49156 > 76.74.187.4.993: Flags [S], seq 3020245125, win 65535, options [mss 1460,nop,wscale 6,nop,nop,TS val 1522625543 ecr 0,sackOK,eol], length 0
20:18:30.184404 IP 24.48.78.15.49155 > 76.74.187.4.993: Flags [S], seq 873120666, win 65535, options [mss 1460,nop,wscale 6,nop,nop,TS val 1522626539 ecr 0,sackOK,eol], length 0
20:18:30.184628 IP 24.48.78.15.49156 > 76.74.187.4.993: Flags [S], seq 3020245125, win 65535, options [mss 1460,nop,wscale 6,nop,nop,TS val 1522626543 ecr 0,sackOK,eol], length 0
20:18:31.186570 IP 24.48.78.15.49155 > 76.74.187.4.993: Flags [S], seq 873120666, win 65535, options [mss 1460,nop,wscale 6,nop,nop,TS val 1522627539 ecr 0,sackOK,eol], length 0
20:18:31.186788 IP 24.48.78.15.49156 > 76.74.187.4.993: Flags [S], seq 3020245125, win 65535, options [mss 1460,nop,wscale 6,nop,nop,TS val 1522627543 ecr 0,sackOK,eol], length 0
20:18:32.187980 IP 24.48.78.15.49155 > 76.74.187.4.993: Flags [S], seq 873120666, win 65535, options [mss 1460,nop,wscale 6,nop,nop,TS val 1522628539 ecr 0,sackOK,eol], length 0
20:18:32.188227 IP 24.48.78.15.49156 > 76.74.187.4.993: Flags [S], seq 3020245125, win 65535, options [mss 1460,nop,wscale 6,nop,nop,TS val 1522628543 ecr 0,sackOK,eol], length 0
20:18:34.186652 IP 24.48.78.15.49155 > 76.74.187.4.993: Flags [S], seq 873120666, win 65535, options [mss 1460,nop,wscale 6,nop,nop,TS val 1522630539 ecr 0,sackOK,eol], length 0
20:18:34.189467 IP 24.48.78.15.49156 > 76.74.187.4.993: Flags [S], seq 3020245125, win 65535, options [mss 1460,nop,wscale 6,nop,nop,TS val 1522630543 ecr 0,sackOK,eol], length 0
20:18:38.193300 IP 24.48.78.15.49155 > 76.74.187.4.993: Flags [S], seq 873120666, win 65535, options [mss 1460,nop,wscale 6,nop,nop,TS val 1522634539 ecr 0,sackOK,eol], length 0
20:18:38.193527 IP 24.48.78.15.49156 > 76.74.187.4.993: Flags [S], seq 3020245125, win 65535, options [mss 1460,nop,wscale 6,nop,nop,TS val 1522634543 ecr 0,sackOK,eol], length 0
20:18:46.195531 IP 24.48.78.15.49155 > 76.74.187.4.993: Flags [S], seq 873120666, win 65535, options [mss 1460,nop,wscale 6,nop,nop,TS val 1522642539 ecr 0,sackOK,eol], length 0
20:18:46.195751 IP 24.48.78.15.49156 > 76.74.187.4.993: Flags [S], seq 3020245125, win 65535, options [mss 1460,nop,wscale 6,nop,nop,TS val 1522642543 ecr 0,sackOK,eol], length 0

If someone have an idea!

 

Thanks!

 

New Member
Posts: 5
Registered: ‎07-20-2018

Re: I cannot received my email anymore

I'm guessing that 24.48.78.15 is your IP?

Atleast it looks like traffic is going out the right way.

 

Maybe do a dump filtered on IP instead of port so you might see if there is traffic back in response to traffic out.

New Member
Posts: 15
Registered: ‎06-15-2017
Kudos: 1

Re: I cannot received my email anymore

Hi, yes that's my IP. I executed the tcpdump only for the cpres3.idig.net host. The log is attached. 

 

Thanks for your time!

New Member
Posts: 5
Registered: ‎07-20-2018

Re: I cannot received my email anymore

Seens to me that there is only traffic going out? Nothing coming back?

New Member
Posts: 15
Registered: ‎06-15-2017
Kudos: 1

Re: I cannot received my email anymore

Exactly, but if I connect directly to the modem, it works!

 

is it possible that the firewall on the USG block those incoming packets for... whatever reason?

New Member
Posts: 5
Registered: ‎07-20-2018

Re: I cannot received my email anymore

With the ruleset you showed that would be weird..

But could you try something else against the remote host?

 

If you do a trace or a ping against your mailserver from the usg, do those work?

 

New Member
Posts: 15
Registered: ‎06-15-2017
Kudos: 1

Re: I cannot received my email anymore

Hi, I tried to ping from the Debug Terminal from one of my UAP and the ping cpres3.idig.net just never return anything. I have to kill the command after few minutes (~5min). The USG doesn't have any debut terminal accessible from the controller. So I SSHed my USG then launch the ping cpres3.idig.net, here's the result:

user@SecurityGateway:~$ ping cpres3.idig.net
PING cpres3.idig.net (76.74.187.4) 56(84) bytes of data.

Nothing else... I presume my "server provider" just doesn't answer to a ping request... Also, since the IP is returned... the DNS had worked...

Now, for the traceroute command:

users@SecurityGateway:~$ traceroute cpres3.idig.net
traceroute to cpres3.idig.net (76.74.187.4), 30 hops max, 38 byte packets
 1  *  *  *
 2  216.113.124.6 (216.113.124.6)  15.678 ms  14.754 ms  13.061 ms
 3  216.113.124.126 (216.113.124.126)  14.353 ms  13.791 ms  17.453 ms
 4  videotron-gw.peer1.net (216.187.115.253)  14.038 ms  13.909 ms  13.970 ms
 5  *  *  *
 6  *  *  *
 7  *  *  *
 8  *  *  *
 9  64.34.109.172 (64.34.109.172)  69.964 ms  70.072 ms  72.685 ms
10  *  *  *
11  *  *  *
12  *  *  *
13  *  *  *
14  *  *  *
15  *  *  *
16  *  *  *
17  *  *  *
18  *  *  *
19  *  *  *
20  *  *  *
21  *  *  *
22  *  *  *
23  *  *  *
24  *  *  *
25  *  *  *
26  *  *  *
27  *  *  *
28  *  *  *
29  *  *  *
30  *  *  *
user@SecurityGateway:~$

I have something similar with online tracert.

 

I'm in "nothingness",,, 

New Member
Posts: 5
Registered: ‎07-20-2018

Re: I cannot received my email anymore

This is my ping result:
PING cpres3.idig.net (76.74.187.4) 56(84) bytes of data.
64 bytes from cpres3.idig.net (76.74.187.4): icmp_seq=1 ttl=47 time=177 ms
64 bytes from cpres3.idig.net (76.74.187.4): icmp_seq=2 ttl=47 time=191 ms
64 bytes from cpres3.idig.net (76.74.187.4): icmp_seq=3 ttl=47 time=177 ms
64 bytes from cpres3.idig.net (76.74.187.4): icmp_seq=4 ttl=47 time=177 ms
64 bytes from cpres3.idig.net (76.74.187.4): icmp_seq=5 ttl=47 time=177 ms
64 bytes from cpres3.idig.net (76.74.187.4): icmp_seq=6 ttl=47 time=177 ms

So it does most definitely respond to pings.
Try ping with modem direct-attached? Man Embarassed
New Member
Posts: 15
Registered: ‎06-15-2017
Kudos: 1

Re: I cannot received my email anymore

Hi, I finally had time to do some tests. If I'm connected directly to the ISP modem and I try a ping:

PING choum.ca (76.74.187.4): 56 data bytes
64 bytes from 76.74.187.4: icmp_seq=0 ttl=56 time=77.726 ms
64 bytes from 76.74.187.4: icmp_seq=1 ttl=56 time=70.717 ms
64 bytes from 76.74.187.4: icmp_seq=2 ttl=56 time=69.782 ms
64 bytes from 76.74.187.4: icmp_seq=3 ttl=56 time=70.491 ms
64 bytes from 76.74.187.4: icmp_seq=4 ttl=56 time=69.792 ms
64 bytes from 76.74.187.4: icmp_seq=5 ttl=56 time=71.195 ms
64 bytes from 76.74.187.4: icmp_seq=6 ttl=56 time=69.644 ms
64 bytes from 76.74.187.4: icmp_seq=7 ttl=56 time=72.599 ms
64 bytes from 76.74.187.4: icmp_seq=8 ttl=56 time=71.246 ms
64 bytes from 76.74.187.4: icmp_seq=9 ttl=56 time=70.439 ms
64 bytes from 76.74.187.4: icmp_seq=10 ttl=56 time=70.184 ms
64 bytes from 76.74.187.4: icmp_seq=11 ttl=56 time=70.774 ms
64 bytes from 76.74.187.4: icmp_seq=12 ttl=56 time=79.746 ms

So there is something inside my local configuration that cause this issue...

 

I also try to reset to factory my USG... but the problem persist...

 

Is there a way to get all firewall rules by SSHing the USG, or the Controller, or... 

 

Thanks!

New Member
Posts: 15
Registered: ‎06-15-2017
Kudos: 1

Re: I cannot received my email anymore

So, no one can help me with this?

 

Does the controller or router have utility command to reset the firewall? Or which files are used by the system to read rules...

 

Thanks!

New Member
Posts: 15
Registered: ‎06-15-2017
Kudos: 1

Re: I cannot received my email anymore

Hi, no one can help me with this weird behaviour?

 

does it exist a way to reset the firewall setting in the controller/router from scratch to see if it was the issue? 

 

Someone ne know a command that I can do with ssh? 

 

I’m starting to feel depress about this hardware...

Reply