Hello to all!..
I don’t know when I use Internet with Mikrotik Router I have problems with Live Tik-tok, however if I connect Internet without Mikrotik All in the house can see Live Tik-Tok.
Don’t know why in all cell phones can’t See Tik-Tok Lives.
Don’t know what else to see in mikrotik, can some help please?
Post a sketch of the network (a photo of a handmade drawing will be sufficient if the topology is clear from there) and the configuration of the Mikrotik. See my automatic signature for a mini-howto.
Some tik tok users in my house with no issues so suspect Sindy is on the right track in that something is amiss on the config
Don’t know why but the problem exist only with mikrotik router.
I use RB 750
Neither do we … as long as you don’t post full router config (the text version, use hint from signature by @sindy).
@anav, I’m afraid there may be some difference between “mere TikTok” (recording videos and then posting them) and “TikTok Live” (live broadcasting) in what protocols they use. So let’s wait until @adonato posts his configuration.
Hello to all. Please can you help me to export the information you need to see what you see please?
Don’t remember!, thank youuu.
You mean this:
/ip dhcp-server export file=dhcp
/ip address export file=address
/ip dhcp-server network export file=dhcp-server
/ip firewall nat export file=firewall
All that?
No, I mean /export hide-sensitive file=some-nice-name - it will export everything at once into a file, which you can download afterwards. Before posting the file, don’t forget to obfuscate any public IP addresses or user account names if you use them. As I write in my automatic signature here below the post. And you can post the contents of the file exactly the same way like you’ve posted the commands in your previous post.
DONE
Hm… with all those self-configured and 3rd party blacklists, complex layer7-protocol rules and caching web proxy, and the absence of a stateful firewall, there are plenty of reasons why the clients may be unable to connect to TikTok Live servers as they may get blocked by any of the above.
Have you created the firewall settings on your own, or have you copy-pasted it from multiple posts on the forum, or has someone done it for you?
Hello, I created the firewall with help.
What do you recommend first?
It depends on the character of your clients (as in “customers”). If none of them operated a server that needs to be reachable from the internet, you could actually implement a simple stateful firewall, whose first rule in chain forward of /ip firewall filter would say action=accept connection-state=established,related, i.e. it would accept all packets belonging to already recognized connections, so the vast majority of all packets would ever reach only this single rule; the next rule would selectively accept only packets with in-interface=LAN no matter the source or destination, and the third rule would drop the rest, again no matter the source or destination. Some minor additions to this basics may be added, find how the default firewall is made by Mikrotik in /system default-configuration print.
All those blacklists should only block incoming connections initiated by sources in the internet, towards the router itself (so firewall chain input) and, since there are a few servers of your customers towards which you have the action=dst-nat rules configured, also towards these servers.
There is little point in preventing clients from actively connecting to blacklisted servers in the internet, unless you know which ones of them are spreading malware via the services they provide; the 3rd party blacklists usually contain active spammers, not infected websites.
So try to place the following three rules to the beginning of the forward chain of /ip firewall filter:
chain=forward connection-state=established,related action=accept
chain=forward connection-state=invalid action=drop
chain=forward in-interface=LAN action=accept
You should also add an
action=drop in-interface=!LAN connection-nat-state=!dstnat
to the very end of chain forward.
Adding these four rules will lower the temperature of your hEX a little bit, and maybe even increase the throughput, whilst it will not lower the existing protection against incoming connections from the internet to the customers’ servers. If that alone doesn’t make the TikTok Live work, the only next step I can imagine is to stop caching the web pages - in fact, in the era of HTTPS, I don’t believe the caching really saves a noticeable portion of the bandwidth.
Thank you very much @sandy, how can I contact to you.
Did it help?
Well really, only one part and I need to get some help maby connecting directly to my mikrotik don’t know. I diable cache and web proxy as you sad.
And also I change accept
the rule:
UDP 80 - Protocol 17 ( udp) any prot: 80 - action: accept
after that tiktok live worked instantly
I can’t imagine a direct connection to improve my Spanish, but if you want, send me your e-mail address encrypted according to this post.
So have you added all the four rules I’ve suggested or you’ve just disabled the one blocking UDP traffic to port 80?
PRIVATE.
It’s not illegal. But since forum is public, potential spammers will see your e-mail address. Hence most forum members decide not to publish their e-mail addresses just like that.
It should be fine, not to many psycho paths on these forums…
I like sindys advice. Go back to basics, and the default firewall setup.
Then add the functionality your users/devices need and get it working without all the mess and distraction of a gazillion youtube bad ideas no regex crap, no proxy, no arp, no magical potion lists etc…
Then if you run into issues come back and if anything needs adding the experts (not me) will give you good advice.