Firewall problem....

saintofinternet · October 8, 2013, 7:42am

i have used RouterOS firewall at a client location to allow a few of their corporate websites and Yahoo Mail and Google Mail.

everything is working fine but whenever a user tries to download a attachment in through Yahoo Mail it is not allowed.

no idea why is this happening. i have attached the screenshot of the rules print to this post…

cbrown · October 8, 2013, 8:41pm

I would guess the attachment is downloaded from a different server than what you have allowed.

saintofinternet · October 9, 2013, 1:45am

how do i get hold of that server?

i tried to see the source… but YAHOO uses so many different servers its getting really difficult to get hold of it??

anyone else here facing any similar problems??

samsung172 · October 9, 2013, 3:57am

allow *.yahoo.com

karunakar74 · October 9, 2013, 4:30am

when i connected my broad band connection through MicroTik RB 450 G Router, i am not able to access yahoo sites

saintofinternet · October 9, 2013, 9:44am

allow it as DST-HOST??

saintofinternet · October 9, 2013, 10:14am

ok got it… the answer is

allow DST HOST = :ymail

and LO!!! everything is working with Yahoo!

but now i am facing another issue… though the firewall is active and Facebook etc. is blocked… anyone accessing it from his personal mobile phone is able to access it…

rather i also want to block whatsapp etc… through the firewall…

saintofinternet · October 10, 2013, 4:42am

bump:::

routeros firewall working great on the gateway…

but all android phone users on WiFi have full access to Facebook and Whatsapp… how can i block them??

saintofinternet · October 11, 2013, 1:11am

help!! help!! for android…

users with android phones can access everything on internet…

samsung172 · October 11, 2013, 8:58pm

Just Let em. Its a feature. A benefit to have android instead of stupid iphone devices.

saintofinternet · October 12, 2013, 2:27am

true… i also support android phones… i use one myself…

but as far as my clients go i have to give them a concrete solution on this issue…

saintofinternet · October 15, 2013, 1:24am

normis!! help me with the problem please…

AlexS · October 15, 2013, 5:29am

Wild guess is it because they are not using the proxy ?

saintofinternet · October 15, 2013, 5:45am

well all port 80 traffic has been passed through the web proxy and its transparent…

still they can access websites from mobile and the same is blocked on their laptop.

AlexS · October 15, 2013, 11:29pm

can you do a packet dump on the firewall

sorry I am a newbie with routeros, this is the way I would do it on a linux box.

packet capture on the inside interface make sure they are coming through the firewall.
then craft a specific firewall rule place at the top of the forward chain, that just logs.
they check the proxy logs to see if the proxy is actually recording it.

The other thing, not sure you can transparent proxy https unless you have a certificate in the middle - that raises another set of problems.

the other thought is is the phone using wifi and not 3g

saintofinternet · October 16, 2013, 6:12am

i m using transparent proxy…

no 3G… only WiFi… and i know routeros firewall is very strong… but its very complex to setup…

need to know how to get this thing through…

normis… where are you?