- Joined
- May 19, 2017
- Messages
- 1,829
Good afternoon,
Yesterday, I discovered that my FreeNAS (11.3) could no longer contact Gmail to send me alerts when something was off. I redid the app-specific passwords, and yet nothing worked.
Every time, FreeNAS would time out with a 65 error (no route to host). As I dove deeper, I realized that in a bid to make the NAS safer, I had blocked it from all gateway / WAN traffic save for two address ranges associated with iXsystems (to allow updates). So, I thought it would be easy enough to keep those blocks as long as I allowed traffic on port 587 (which is what the FreeNAS allegedly uses to contact Gmail via STARTTLS).
However, even with that rule in place on my edgerouter (and the rule being placed ahead of the "drop anything but the stuff from iXsystems"), I can only send mail if I allow any established traffic to reach my FreeNAS. Whitelisting by host is not possible as Edgerouter only allows IP addresses to be entered. As you can imagine, gMail has a lot of servers to choose amongst.
Edgerouter does allow the use of protocol names (i.e. "Smtp") instead of specific ports (like 465 or 587). Yet setting the allowed port to "smtp" or 587 made no difference. Only if all established connections were allowed would the emails send without issues.
My pi-holes are the assigned name servers for the FreeNAS. So the route is known to FreeNAS (it resolves just fine on my phone, which uses the same name servers).
Any idea what other ports the FreeNAS might be trying to use when it contacts smtp.gmail.com?
Yesterday, I discovered that my FreeNAS (11.3) could no longer contact Gmail to send me alerts when something was off. I redid the app-specific passwords, and yet nothing worked.
Every time, FreeNAS would time out with a 65 error (no route to host). As I dove deeper, I realized that in a bid to make the NAS safer, I had blocked it from all gateway / WAN traffic save for two address ranges associated with iXsystems (to allow updates). So, I thought it would be easy enough to keep those blocks as long as I allowed traffic on port 587 (which is what the FreeNAS allegedly uses to contact Gmail via STARTTLS).
However, even with that rule in place on my edgerouter (and the rule being placed ahead of the "drop anything but the stuff from iXsystems"), I can only send mail if I allow any established traffic to reach my FreeNAS. Whitelisting by host is not possible as Edgerouter only allows IP addresses to be entered. As you can imagine, gMail has a lot of servers to choose amongst.
Edgerouter does allow the use of protocol names (i.e. "Smtp") instead of specific ports (like 465 or 587). Yet setting the allowed port to "smtp" or 587 made no difference. Only if all established connections were allowed would the emails send without issues.
My pi-holes are the assigned name servers for the FreeNAS. So the route is known to FreeNAS (it resolves just fine on my phone, which uses the same name servers).
Any idea what other ports the FreeNAS might be trying to use when it contacts smtp.gmail.com?