Community discussions

 
anttech
just joined
Topic Author
Posts: 1
Joined: Mon Jan 14, 2019 12:05 am

Whatsapp video being blocked

Mon Jan 14, 2019 12:18 am

Hi
I am having issues with WhatsApp being blocked. I have added all the ports it needs or what it seems it needs but still does not work.

Here is my config if anyone can see anything that looks wrong.

Thanks

Anthony


/interface list
add comment=defconf name=WAN
add comment=defconf name=LAN
/interface wireless security-profiles
set [ find default=yes ] supplicant-identity=MikroTik
/ip pool
add name=dhcp ranges=192.168.1.1-192.168.1.254
add name=vpn ranges=192.168.89.2-192.168.89.255
add name=l2tp ranges=192.168.100.1-192.168.100.30
/ip dhcp-server
add address-pool=dhcp disabled=no interface=bridge name=defconf
/ppp profile
add local-address=192.168.100.1 name=lt2p1 remote-address=l2tp
set *FFFFFFFE dns-server=192.168.1.100 local-address=dhcp remote-address=vpn
/interface bridge port
add bridge=bridge comment=defconf interface=ether2
add bridge=bridge comment=defconf interface=ether3
add bridge=bridge comment=defconf interface=ether4
add bridge=bridge comment=defconf interface=ether5
add bridge=bridge comment=defconf interface=ether6
add bridge=bridge comment=defconf interface=ether7
add bridge=bridge comment=defconf interface=ether8
add bridge=bridge comment=defconf interface=ether9
add bridge=bridge comment=defconf interface=ether10
add bridge=bridge comment=defconf interface=sfp-sfpplus1
/ip neighbor discovery-settings
set discover-interface-list=LAN
/interface l2tp-server server
set default-profile=lt2p1 enabled=yes ipsec-secret+=@@@@@@@@@@ use-ipsec=yes
/interface list member
add comment=defconf interface=bridge list=LAN
add comment=defconf interface="ether1 - WAN" list=WAN
/interface pptp-server server
set enabled=yes
/interface sstp-server server
set default-profile=default-encryption enabled=yes
/ip address
add address=192.168.1.100/24 comment=defconf interface=ether2 network=192.168.1.0
/ip cloud
set ddns-enabled=yes
/ip dhcp-client
add comment=defconf dhcp-options=hostname,clientid disabled=no interface="ether1 - WAN"
/ip dhcp-server network
add address=192.168.1.0/24 comment=defconf dns-server=208.67.222.123,208.67.220.123 gateway=192.168.1.100 netmask=24
add address=192.168.80.0/24 comment="VPN- dhcp" dns-server=192.168.1.100 gateway=192.168.1.100 netmask=24
/ip dns
set allow-remote-requests=yes
/ip dns static
add address=192.168.1.100 name=router.lan
/ip firewall filter
add action=accept chain=input comment="defconf: accept established,related,untracked" connection-state=established,related,untracked
add action=accept chain=input comment="allow IPsec NAT" dst-port=4500 protocol=udp
add action=accept chain=input comment="allow IKE" dst-port=500 protocol=udp
add action=accept chain=input comment="allow l2tp" dst-port=1701 protocol=udp
add action=accept chain=input comment="allow pptp" dst-port=1723 protocol=tcp
add action=accept chain=input comment="allow sstp" dst-port=443 protocol=tcp
add action=accept chain=input comment="HTTP WAN Admin" dst-port=80 protocol=tcp
add action=accept chain=input comment=winbox dst-port=8291 protocol=tcp
add action=accept chain=forward comment="Whatsapp tcp" dst-port=443,4244,5222,5223,5228,5242,8443 out-interface-list=WAN protocol=tcp
add action=accept chain=forward comment="whatsapp 2" dst-port=59234,50318 protocol=tcp
add action=accept chain=forward comment="defconf: accept out ipsec policy" ipsec-policy=out,ipsec
add action=accept chain=forward comment="whatsapp udp1" dst-port=59234,50318 protocol=udp
add action=accept chain=forward comment="defconf: accept in ipsec policy" ipsec-policy=in,ipsec
add action=accept chain=forward comment="whatsapp udp 2" dst-port=3478,45395 protocol=udp
add action=accept chain=input comment="defconf: accept ICMP" protocol=icmp
add action=accept chain=forward comment="defconf: accept established,related, untracked" connection-state=established,related,untracked
add action=drop chain=input comment="defconf: drop invalid" connection-state=invalid
add action=drop chain=input comment="defconf: drop all not coming from LAN" in-interface-list=!LAN
add action=fasttrack-connection chain=forward comment="defconf: fasttrack" connection-state=established,related
add action=drop chain=forward comment="defconf: drop invalid" connection-state=invalid
add action=drop chain=forward comment="defconf: drop all from WAN not DSTNATed" connection-nat-state=!dstnat connection-state=new in-interface-list=WAN
/ip firewall nat
add action=masquerade chain=srcnat comment="defconf: masquerade" ipsec-policy=out,none out-interface-list=WAN
add action=masquerade chain=srcnat comment="masq. vpn traffic" src-address=192.168.89.0/24
add action=redirect chain=dstnat dst-address-type=!local dst-port=!53 protocol=udp to-addresses=0.0.0.0 to-ports=53
/system clock
set time-zone-name=Europe/London
/system routerboard settings
set silent-boot=no
/tool mac-server
set allowed-interface-list=LAN
/tool mac-server mac-winbox
set allowed-interface-list=LAN
 
User avatar
Jotne
Forum Veteran
Forum Veteran
Posts: 904
Joined: Sat Dec 24, 2016 11:17 am
Location: Magrathean

Re: Whatsapp video being blocked

Mon Jan 14, 2019 8:31 am

I did have the same problem at my previous house. Whatsapp text and voice message worked fine, but no video call.
It was my ISP that did block something. Changing location, all ok.

Try to find what outging port that are needed. Some like this:
TCP Ports; 80, 443, 4244, 5222, 5223, 5228, 5242, 50318, 59234
UDP Ports: 34784, 45395, 50318, 59234
You can test them for TCP like this:
http://portquiz.net:80/
http://portquiz.net:5222/
It should respond some like this "You have reached this page on port 5222."
.
Use Splunk to monitor your MikroTik Router

MikroTik->Splunk
 
anav
Forum Guru
Forum Guru
Posts: 2239
Joined: Sun Feb 18, 2018 11:28 pm
Location: Nova Scotia, Canada

Re: Whatsapp video being blocked

Mon Jan 14, 2019 7:11 pm

Wrong, I use whatsapp all the time behind my mikrotik. It has to be your ISP.

Looking at your rules its hard to figure out what you are doing wrt to DNS but if it works for you great. :-)
I didnt realize 208.67.222.123 or 208.67.220.[flash=]123[/flash] were valid servers.........
I thought they were 208.67.220.220 and 208.67.222.222

Recommended to me that un-tracked is not required except for specific circumstances (tied in with specific raw rules).

These rules are not generally required. Assuming you have a basic LAN to WAN rule in there somewhere and a drop all else rule at the end, that traffic is not being blocked.
add action=accept chain=forward comment="Whatsapp tcp" dst-port=443,4244,5222,5223,5228,5242,8443 out-interface-list=WAN protocol=tcp
add action=accept chain=forward comment="whatsapp 2" dst-port=59234,50318 protocol=tcp
add action=accept chain=forward comment="whatsapp udp1" dst-port=59234,50318 protocol=udp
add action=accept chain=forward comment="whatsapp udp 2" dst-port=3478,45395 protocol=udp

I don't see one so add this rule....
add action=accept chain=forward comment="ENABLE LAN to WAN" in-interface=\
bridge out-interface-list=WAN \
(If you only have one wan, then use out-interface=WAN)

What is the purpose of this Firewall rule???
add action=accept chain=input comment="HTTP WAN Admin" dst-port=80 protocol=tcp

This rule normally is made to allow admin access to the router so take this one
add action=accept chain=input comment=winbox dst-port=8291 protocol=tcp

and change it to this
add action=accept chain=input comment="Allow ADMIN to Router" \
in-interface-list=LAN src-address-list=adminaccess
(you will need to identify which IPs or blocks or subnets you should be able to access the router from within your LANs and in this case I named the list 'adminaccess').
(By the way, now we all know which port your Winbox runs on........... I changed mine to a different number).

Change this rule as your last INPUT chain rule.....
add action=drop chain=input comment="defconf: drop all not coming from LAN" in-interface-list=!LAN

To
add action=drop chain=input comment="DROP ALL ELSE"

Change this forward rule
add action=drop chain=forward comment="defconf: drop all from WAN not DSTNATed" connection-nat-state=!dstnat connection-state=new in-interface-list=WAN

To
add action=accept chain=forward comment=\
"Allow Port Forwarding" connection-nat-state=dstnat

and add a last rule to the forward chain
add action=drop chain=forward comment=\
"DROP ALL other FORWARD traffic"
I'd rather manage rats than software. Follow my advice at your own risk! (Sob & mkx forced me to write that!)
 
User avatar
ariosvelez
newbie
Posts: 29
Joined: Mon Mar 11, 2013 5:39 pm
Location: Ocala, FL
Contact:

Re: Whatsapp video being blocked

Fri Jan 18, 2019 9:36 pm

I tried all of that and whatsapp is still blocked for CALLS AND VIDEO CALLS
MTCNA, MTCRE, MTCINE
 
User avatar
ariosvelez
newbie
Posts: 29
Joined: Mon Mar 11, 2013 5:39 pm
Location: Ocala, FL
Contact:

Re: Whatsapp video being blocked

Sat Jan 19, 2019 12:01 am

WhatsApp Calling and Video Calling been Blocked

Solution:
/ip firewall filter
add action=accept chain=forward comment="Allow Whatsapp address list" dst-address-list=whatsapp_list

/ip firewall address-list
add address=31.13.64.51 list=whatsapp_list
add address=31.13.65.48 list=whatsapp_list
add address=31.13.65.49 list=whatsapp_list
add address=31.13.66.49 list=whatsapp_list
add address=31.13.66.53 list=whatsapp_list
add address=31.13.67.51 list=whatsapp_list
add address=31.13.68.52 list=whatsapp_list
add address=31.13.69.240 list=whatsapp_list
add address=31.13.70.49 list=whatsapp_list
add address=31.13.71.48 list=whatsapp_list
add address=31.13.71.49 list=whatsapp_list
add address=31.13.72.52 list=whatsapp_list
add address=31.13.73.49 list=whatsapp_list
add address=31.13.74.49 list=whatsapp_list
add address=31.13.75.52 list=whatsapp_list
add address=31.13.76.81 list=whatsapp_list
add address=31.13.77.49 list=whatsapp_list
add address=31.13.78.53 list=whatsapp_list
add address=31.13.80.53 list=whatsapp_list
add address=31.13.81.53 list=whatsapp_list
add address=31.13.82.51 list=whatsapp_list
add address=31.13.83.51 list=whatsapp_list
add address=31.13.84.51 list=whatsapp_list
add address=31.13.85.51 list=whatsapp_list
add address=31.13.86.51 list=whatsapp_list
add address=31.13.87.51 list=whatsapp_list
add address=31.13.88.49 list=whatsapp_list
add address=31.13.90.51 list=whatsapp_list
add address=31.13.91.51 list=whatsapp_list
add address=31.13.92.52 list=whatsapp_list
add address=31.13.93.51 list=whatsapp_list
add address=31.13.94.52 list=whatsapp_list
add address=31.13.95.63 list=whatsapp_list
add address=50.22.198.204/30 list=whatsapp_list
add address=50.22.210.32/30 list=whatsapp_list
add address=50.22.210.128/27 list=whatsapp_list
add address=50.22.225.64/27 list=whatsapp_list
add address=50.22.235.248/30 list=whatsapp_list
add address=50.22.240.160/27 list=whatsapp_list
add address=50.23.90.128/27 list=whatsapp_list
add address=50.97.57.128/27 list=whatsapp_list
add address=75.126.39.32/27 list=whatsapp_list
add address=108.168.174.0/27 list=whatsapp_list
add address=108.168.176.192/26 list=whatsapp_list
add address=108.168.177.0/27 list=whatsapp_list
add address=108.168.180.96/27 list=whatsapp_list
add address=108.168.254.65 list=whatsapp_list
add address=108.168.255.224 list=whatsapp_list
add address=108.168.255.227 list=whatsapp_list
add address=157.240.0.53 list=whatsapp_list
add address=157.240.1.53 list=whatsapp_list
add address=157.240.2.53 list=whatsapp_list
add address=157.240.3.53 list=whatsapp_list
add address=157.240.6.53 list=whatsapp_list
add address=157.240.7.54 list=whatsapp_list
add address=157.240.8.53 list=whatsapp_list
add address=157.240.9.53 list=whatsapp_list
add address=157.240.10.53 list=whatsapp_list
add address=157.240.11.53 list=whatsapp_list
add address=157.240.12.53 list=whatsapp_list
add address=157.240.13.54 list=whatsapp_list
add address=158.85.0.96/27 list=whatsapp_list
add address=158.85.5.192/27 list=whatsapp_list
add address=158.85.46.128/27 list=whatsapp_list
add address=158.85.48.224/27 list=whatsapp_list
add address=158.85.58.0/25 list=whatsapp_list
add address=158.85.61.192/27 list=whatsapp_list
add address=158.85.224.160/27 list=whatsapp_list
add address=158.85.233.32/27 list=whatsapp_list
add address=158.85.249.128/27 list=whatsapp_list
add address=158.85.254.64/27 list=whatsapp_list
add address=169.44.23.192/27 list=whatsapp_list
add address=169.44.36.0/25 list=whatsapp_list
add address=169.44.57.64/27 list=whatsapp_list
add address=169.44.58.64/27 list=whatsapp_list
add address=169.44.80.0/26 list=whatsapp_list
add address=169.44.82.96/27 list=whatsapp_list
add address=169.44.82.128/27 list=whatsapp_list
add address=169.44.82.192/26 list=whatsapp_list
add address=169.44.83.0/26 list=whatsapp_list
add address=169.44.83.96/27 list=whatsapp_list
add address=169.44.83.128/27 list=whatsapp_list
add address=169.44.83.192/26 list=whatsapp_list
add address=169.44.84.0/24 list=whatsapp_list
add address=169.44.85.64/27 list=whatsapp_list
add address=169.44.87.160/27 list=whatsapp_list
add address=169.44.167.0/27 list=whatsapp_list
add address=169.45.71.32/27 list=whatsapp_list
add address=169.45.71.96/27 list=whatsapp_list
add address=169.45.87.128/26 list=whatsapp_list
add address=169.45.169.192/27 list=whatsapp_list
add address=169.45.182.96/27 list=whatsapp_list
add address=169.45.210.64/27 list=whatsapp_list
add address=169.45.214.224/27 list=whatsapp_list
add address=169.45.219.224/27 list=whatsapp_list
add address=169.45.237.192/27 list=whatsapp_list
add address=169.45.238.32/27 list=whatsapp_list
add address=169.45.248.96/27 list=whatsapp_list
add address=169.45.248.160/27 list=whatsapp_list
add address=169.46.52.224/27 list=whatsapp_list
add address=169.46.111.144/28 list=whatsapp_list
add address=169.47.5.192/26 list=whatsapp_list
add address=169.47.6.64/27 list=whatsapp_list
add address=169.47.33.128/27 list=whatsapp_list
add address=169.47.35.32/27 list=whatsapp_list
add address=169.47.37.128/27 list=whatsapp_list
add address=169.47.40.128/27 list=whatsapp_list
add address=169.47.42.96/27 list=whatsapp_list
add address=169.47.42.160/27 list=whatsapp_list
add address=169.47.42.192/26 list=whatsapp_list
add address=169.47.47.160/27 list=whatsapp_list
add address=169.47.130.96/27 list=whatsapp_list
add address=169.47.192.192/27 list=whatsapp_list
add address=169.47.194.128/27 list=whatsapp_list
add address=169.47.198.128/27 list=whatsapp_list
add address=169.47.212.160/27 list=whatsapp_list
add address=169.53.29.128/27 list=whatsapp_list
add address=169.53.48.32/27 list=whatsapp_list
add address=169.53.71.224/27 list=whatsapp_list
add address=169.53.81.64/27 list=whatsapp_list
add address=169.53.250.128/26 list=whatsapp_list
add address=169.53.252.64/27 list=whatsapp_list
add address=169.53.255.64/27 list=whatsapp_list
add address=169.54.2.160/27 list=whatsapp_list
add address=169.54.44.224/27 list=whatsapp_list
add address=169.54.51.32/27 list=whatsapp_list
add address=169.54.55.192/27 list=whatsapp_list
add address=169.54.193.160/27 list=whatsapp_list
add address=169.54.210.0/27 list=whatsapp_list
add address=169.54.222.128/27 list=whatsapp_list
add address=169.55.67.224/27 list=whatsapp_list
add address=169.55.69.128/26 list=whatsapp_list
add address=169.55.74.32/27 list=whatsapp_list
add address=169.55.75.96/27 list=whatsapp_list
add address=169.55.100.160/27 list=whatsapp_list
add address=169.55.126.64/26 list=whatsapp_list
add address=169.55.210.96/27 list=whatsapp_list
add address=169.55.235.160/27 list=whatsapp_list
add address=173.192.162.32/27 list=whatsapp_list
add address=173.192.219.128/27 list=whatsapp_list
add address=173.192.222.160/27 list=whatsapp_list
add address=173.192.231.32/27 list=whatsapp_list
add address=173.193.205.0/27 list=whatsapp_list
add address=173.193.230.96/27 list=whatsapp_list
add address=173.193.230.128/27 list=whatsapp_list
add address=173.193.230.192/27 list=whatsapp_list
add address=173.193.239.0/27 list=whatsapp_list
add address=174.36.208.128/27 list=whatsapp_list
add address=174.36.210.32/27 list=whatsapp_list
add address=174.36.251.192/27 list=whatsapp_list
add address=174.37.199.192/27 list=whatsapp_list
add address=174.37.217.64/27 list=whatsapp_list
add address=174.37.243.64/27 list=whatsapp_list
add address=174.37.251.0/27 list=whatsapp_list
add address=179.60.192.51 list=whatsapp_list
add address=179.60.195.51 list=whatsapp_list
add address=184.173.136.64/27 list=whatsapp_list
add address=184.173.147.32/27 list=whatsapp_list
add address=184.173.161.64 list=whatsapp_list
add address=184.173.173.116 list=whatsapp_list
add address=184.173.179.32/27 list=whatsapp_list
add address=185.60.216.53 list=whatsapp_list
add address=185.60.218.53 list=whatsapp_list
add address=185.60.219.53 list=whatsapp_list
add address=192.155.212.192/27 list=whatsapp_list
add address=198.11.193.182/31 list=whatsapp_list
add address=198.11.251.32/27 list=whatsapp_list
add address=198.23.80.0/27 list=whatsapp_list
add address=208.43.115.192/27 list=whatsapp_list
add address=208.43.117.79 list=whatsapp_list
add address=208.43.122.128/27 list=whatsapp_list
MTCNA, MTCRE, MTCINE
 
anav
Forum Guru
Forum Guru
Posts: 2239
Joined: Sun Feb 18, 2018 11:28 pm
Location: Nova Scotia, Canada

Re: Whatsapp video being blocked

Sat Jan 19, 2019 2:23 am

What are you doing?
All those rules basically make a great gaping hole in your security plan.
All those IP addresses if coming from the WAN side external now have access to all your devices

THe default setup on a MT router DOES NOT BLOCK WHATSAPP!!
Your configuration if changed from default is the cause of the issue
OR
Your ISP blocks whatsapp.

Ive used whatsapp for years, fine with two hex routers and now an RB450Gx4.
I just tested two of us behind the router via wifi and then one of us on wifi and the other using cellular data.
Works great for text, call and video call.

The more mess you make of rules the worse its going to be with all kinds of unexpected results.
I'd rather manage rats than software. Follow my advice at your own risk! (Sob & mkx forced me to write that!)
 
User avatar
ariosvelez
newbie
Posts: 29
Joined: Mon Mar 11, 2013 5:39 pm
Location: Ocala, FL
Contact:

Re: Whatsapp video being blocked

Sat Jan 19, 2019 2:35 am

@anav

Can you please share your configuration
MTCNA, MTCRE, MTCINE
 
anav
Forum Guru
Forum Guru
Posts: 2239
Joined: Sun Feb 18, 2018 11:28 pm
Location: Nova Scotia, Canada

Re: Whatsapp video being blocked

Sat Jan 19, 2019 4:47 am

# jan/04/2019 09:35:46 by RouterOS 6.43.8
# model = RB450Gx4
/interface bridge
add admin-mac=6 auto-mac=no comment=defconf \
    ingress-filtering=yes name=HomeBridge protocol-mode=none vlan-filtering=\
    yes
/interface ethernet
set [ find default-name=ether5 ] comment=Port5 name=Bell_eth5 speed=100Mbps
set [ find default-name=ether1 ] comment=Port1 name=Eastlink_eth1 speed=\
    100Mbps
set [ find default-name=ether2 ] comment=LAN1-Home speed=100Mbps
set [ find default-name=ether3 ] comment=LAN1-Home speed=100Mbps
set [ find default-name=ether4 ] comment=LAN2-DMZ speed=100Mbps
/interface vlan
add interface=HomeBridge name=GuestWifi_T&B_V100 vlan-id=100
add interface=HomeBridge name=Guests_WIFI-v200 vlan-id=200
add interface=HomeBridge name=MediaStreaming_V40 vlan-id=40
add interface=HomeBridge name=NAS_V33 vlan-id=33
add interface=HomeBridge name=TheoVLAN vlan-id=666
add interface=HomeBridge name=VideoCamVLAN vlan-id=99
add interface=HomeBridge name=Wifi-SDevices_cap1 vlan-id=30
add interface=HomeBridge name=Wifi_SDevices_cap2 vlan-id=45
add interface=Bell_eth5 name=vlanbell vlan-id=35
/interface list
add comment=defconf name=WAN
add comment=defconf name=LAN
/interface wireless security-profiles
set [ find default=yes ] supplicant-identity=MikroTik
/ip pool
add name=dhcp-HomeLAN ranges=192.168.0.33-192.168.0.150
add name=dhcp_DMZ ranges=192.168.2.2-192.168.2.100
add name=dhcp_SDcap1 ranges=192.168.30.5-192.168.30.20
add name=dhcp_MB ranges=192.168.40.5-192.168.40.20
add name=dhcp_WIFI_T&B ranges=192.168.100.5-192.168.100.50
add name=dhcp_WIFI_Guests ranges=192.168.200.5-192.168.200.100
add name=dhcp_SDcap2 ranges=192.168.45.5-192.168.45.30
add name=Theo_pool ranges=192.168.66.5-192.168.66.10
add name=VCAM_pool ranges=192.168.99.5-192.168.99.15
add name=NAS_pool ranges=192.168.33.5-192.168.33.15
/ip dhcp-server
add address-pool=dhcp-HomeLAN disabled=no interface=HomeBridge lease-time=1d \
    name=HoMeLAN
add address-pool=dhcp_SDcap1 disabled=no interface=Wifi-SDevices_cap1 \
    lease-time=1d name=SmartDServer1
add address-pool=dhcp_MB disabled=no interface=MediaStreaming_V40 lease-time=\
    1d name=Media_Server
add address-pool=dhcp_WIFI_T&B disabled=no interface=GuestWifi_T&B_V100 \
    lease-time=1d name="Wifi-Guests T&B_Server"
add address-pool=dhcp_WIFI_Guests disabled=no interface=Guests_WIFI-v200 \
    lease-time=1d name=Wifi_Guests
add address-pool=dhcp_SDcap2 disabled=no interface=Wifi_SDevices_cap2 \
    lease-time=1d name=SmartD_Server2
add address-pool=Theo_pool disabled=no interface=TheoVLAN lease-time=1d name=\
    TheoServer
add address-pool=VCAM_pool disabled=no interface=VideoCamVLAN lease-time=1d \
    name=VCAM_Server
add address-pool=NAS_pool disabled=no interface=NAS_V33 lease-time=1d name=\
    NAS_server
add address-pool=dhcp_DMZ disabled=no interface=ether4 lease-time=1d name=\
    DMZ_server
/interface bridge port
add bridge=HomeBridge comment=defconf interface=ether2
add bridge=HomeBridge comment=defconf interface=ether3
/ip neighbor discovery-settings
set discover-interface-list=none
/ip settings
set allow-fast-path=no icmp-rate-limit=100 rp-filter=loose
/interface bridge vlan
add bridge=HomeBridge tagged=HomeBridge,ether3,ether2 vlan-ids=\
    100,30,45,200,666,99,40,33
/interface list member
add comment=defconf interface=Eastlink_eth1 list=WAN
add interface=vlanbell list=WAN
add interface=ether4 list=LAN
add interface=HomeBridge list=LAN
add interface=GuestWifi_T&B_V100 list=LAN
add interface=Wifi-SDevices_cap1 list=LAN
add interface=Wifi_SDevices_cap2 list=LAN
add interface=Guests_WIFI-v200 list=LAN
add interface=TheoVLAN list=LAN
add interface=VideoCamVLAN list=LAN
add interface=MediaStreaming_V40 list=LAN
add interface=NAS_V33 list=LAN
/ip address
add address=192.168.2.1/24 interface=ether4 network=192.168.2.0
add address=192.168.0.1/24 interface=HomeBridge network=192.168.0.0
add address=192.168.100.1/24 interface=GuestWifi_T&B_V100 network=\
    192.168.100.0
add address=192.168.200.1/24 interface=Guests_WIFI-v200 network=192.168.200.0
add address=192.168.30.1/24 interface=Wifi-SDevices_cap1 network=192.168.30.0
add address=192.168.40.1/24 interface=MediaStreaming_V40 network=192.168.40.0
add address=192.168.45.1/24 interface=Wifi_SDevices_cap2 network=192.168.45.0
add address=192.168.66.1/24 interface=TheoVLAN network=192.168.66.0
add address=192.168.99.1/24 interface=VideoCamVLAN network=192.168.99.0
add address=192.168.33.1/24 interface=NAS_V33 network=192.168.33.0
/ip dhcp-client
add add-default-route=no comment=defconf dhcp-options=hostname,clientid \
    disabled=no interface=Eastlink_eth1 use-peer-dns=no use-peer-ntp=no
add add-default-route=no dhcp-options=hostname,clientid disabled=no \
    interface=vlanbell use-peer-dns=no use-peer-ntp=no
/ip dhcp-server lease

/ip dhcp-server network
add address=192.168.0.0/24 comment=HomeDHCP dns-server=192.168.0.1 gateway=\
    192.168.0.1
add address=192.168.2.0/24 comment=DMZLan_Network dns-server=192.168.2.1 \
    gateway=192.168.2.1
add address=192.168.30.0/24 comment=SmartDevices_cap1 dns-server=192.168.30.1 \
    gateway=192.168.30.1
add address=192.168.33.0/24 comment="NAS dhcp" dns-server=192.168.33.1 \
    gateway=192.168.33.1
add address=192.168.40.0/24 comment=MediaBoxes dns-server=192.168.40.1 \
    gateway=192.168.40.1
add address=192.168.45.0/24 comment=SmartDevices_Cap2 dns-server=192.168.45.1 \
    gateway=192.168.45.1
add address=192.168.66.0/24 comment="DHCP for THeo" dns-server=192.168.66.1 \
    gateway=192.168.66.1
add address=192.168.99.0/24 comment=VideoSurv dns-server=192.168.99.1 \
    gateway=192.168.99.1
add address=192.168.100.0/24 comment=Guests_T&B dns-server=192.168.100.1 \
    gateway=192.168.100.1
add address=192.168.200.0/24 comment="Wifi_Guests- RM" dns-server=\
    192.168.200.1 gateway=192.168.200.1
/ip dns
set allow-remote-requests=yes servers=\
    8.8.4.4,8.8.8.8,208.67.220.220,208.67.222.222

/ip firewall filter
add action=jump chain=input comment="Jump for icmp input flow" \
    jump-target=ICMP protocol=icmp
add chain=input comment="Accept to established connections" \
    connection-state=established protocol=tcp
add chain=input comment="Accept to related connections" \
    connection-state=related protocol=tcp
add action=drop chain=input comment="defconf: drop invalid" connection-state=\
    invalid
add action=accept chain=input comment="Accept Established DNS - UDP" \
    connection-state=established port=53 protocol=udp
add action=accept chain=input comment="Accept Established DNS - TCP" \
    connection-state=established port=53 protocol=tcp
add action=accept chain=input comment="Allow ADMIN to Router" \
    in-interface-list=LAN src-address-list=adminaccess
add action=drop chain=input comment="Drop anything else!"
add action=fasttrack-connection chain=forward comment="defconf: fasttrack" \
    connection-state=established,related
add action=accept chain=forward comment=\
    "defconf: accept established,related, " connection-state=\
    established,related
add action=drop chain=forward comment="drop invalid" connection-state=\
    invalid
add action=jump chain=forward comment="Jump for icmp forward flow" \
    jump-target=ICMP protocol=icmp
add action=accept chain=forward comment="ENABLE LAN to WAN" in-interface=\
    HomeBridge log-prefix="ALLOWED LAN 2 WAN TRAFFIC" out-interface-list=WAN
add action=accept chain=forward comment="ENABLE DMZ to WAN" in-interface=\
    ether4 out-interface-list=WAN 
add action=accept chain=forward comment="ENABLE VLAN100 to WAN" in-interface=\
    GuestWifi_T&B_V100 out-interface-list=WAN 
add action=accept chain=forward comment="ENABLE VLAN30 to WAN" in-interface=\
    Wifi-SDevices_cap1 out-interface-list=WAN
add action=accept chain=forward comment="ENABLE VLAN45 to WAN" in-interface=\
    Wifi_SDevices_cap2 out-interface-list=WAN
add action=accept chain=forward comment="ENABLE VLAN200 to WAN" in-interface=\
    Guests_WIFI-v200 out-interface-list=WAN 
add action=accept chain=forward comment="ENABLE VLAN666 to WAN" in-interface=\
    TheoVLAN log-prefix=TheoTraffic out-interface-list=WAN 
add action=accept chain=forward comment="ENABLE VLAN99 to WAN" in-interface=\
    VideoCamVLAN out-interface-list=WAN 
add action=accept chain=forward comment="ENABLE VLAN40 to WAN" in-interface=\
    MediaStreaming_V40 out-interface-list=WAN 
add action=accept chain=forward comment="ENABLE VLAN33 to WAN" in-interface=\
    NAS_V33 out-interface-list=WAN 
add action=accept chain=forward comment=\
    " Allow Port Forwarding" connection-nat-state=dstnat
add action=drop chain=forward comment=\
    "DROP ALL other  FORWARD traffic"
add action=drop chain=output comment="Drop Access to WebUI" protocol=\
    tcp src-port=80
add action=jump chain=output comment="Jump for icmp output" \
    jump-target=ICMP protocol=icmp
add chain=ICMP comment=Echo request - Avoiding Ping Flood" \
    icmp-options=8:0 limit=1,5:packet protocol=icmp
add chain=ICMP comment=" Echo reply" icmp-options=0:0 protocol=icmp
add chain=ICMP comment="Time Exceeded" icmp-options=11:0 protocol=\
    icmp
add chain=ICMP comment="Destination unreachable" icmp-options=3:0-1 \
    protocol=icmp
add chain=ICMP comment="PMTUD" icmp-options=3:4 protocol=icmp
add action=drop chain=ICMP comment="Drop to the other ICMPs" \
    protocol=icmp
/ip firewall nat
add action=masquerade chain=srcnat comment="SCR_NAT for LAN Users" \
    ipsec-policy=out,none out-interface=Eastlink_eth1
add action=masquerade chain=srcnat comment="SCR_NAT FOR LAN USERS" \
    out-interface=vlanbell
add action=dst-nat chain=dstnat comment=Orenco_TCP dst-port=\
    -,-- in-interface-list=WAN log=yes protocol=tcp \
    src-address-list=Septic_Technicians to-addresses=192.168.y.yy
add action=dst-nat chain=dstnat comment=Orenco_UDP dst-port=\
    -,--,--- in-interface-list=WAN log=yes protocol=udp \
    src-address-list=Septic_Technicians to-addresses=192.168.y.yy
add action=dst-nat chain=dstnat comment=Solar_TCP dst-port=zz \
    in-interface-list=WAN log=yes protocol=tcp src-address-list=Solar_City \
    to-addresses=192.168.z.zz
add action=dst-nat chain=dstnat comment=Solar_UDP dst-port=zz \
    in-interface-list=WAN log=yes protocol=udp src-address-list=Solar_City \
    to-addresses=192.168.z.zz
add action=redirect chain=dstnat comment=\
    "Force Users to Router for DNS - TCP" disabled=yes dst-port=53 protocol=\
    tcp src-address-list=!VLAN_Interfaces
add action=redirect chain=dstnat comment=\
    "Force Users to Router for DNS - UDP" disabled=yes dst-port=53 protocol=\
    udp src-address-list=!VLAN_Interfaces

/ip firewall service-port
set ftp disabled=yes
set tftp disabled=yes
set irc disabled=yes
set h323 disabled=yes
set sip disabled=yes sip-direct-media=no sip-timeout=55m
set pptp disabled=yes
set udplite disabled=yes
set dccp disabled=yes
set sctp disabled=yes
/ip route
add check-gateway=ping distance=2 gateway=8.8.4.4 target-scope=30
add check-gateway=ping distance=3 gateway=208.67.220.220 target-scope=30
add distance=10 gateway=ispgateway target-scope=30
add distance=2 dst-address=8.8.4.4/32 gateway=ispgateway
add comment=Email_bypass distance=1 dst-address=24.222.0.20/32 gateway=\
  ispgateway
add distance=3 dst-address=208.67.220.220/32 gateway=ispgateway
/ip service
set telnet disabled=yes
set ftp disabled=yes
set www disabled=yes
set ssh address=192.168.x port=??
set api disabled=yes
set winbox address=192.168.xport=??
set api-ssl disabled=yes
/ip ssh
set strong-crypto=yes
/system clock
set time-zone-name=America/Halifax

/system ntp client
set enabled=yes server-dns-names=time.nrc.ca,nrc.chu.ca
/tool mac-server
set allowed-interface-list=LAN
/tool mac-server mac-winbox
set allowed-interface-list=LAN
I'd rather manage rats than software. Follow my advice at your own risk! (Sob & mkx forced me to write that!)
 
User avatar
Jotne
Forum Veteran
Forum Veteran
Posts: 904
Joined: Sat Dec 24, 2016 11:17 am
Location: Magrathean

Re: Whatsapp video being blocked

Sat Jan 19, 2019 9:56 am

@ariosvelez

Take a backup of your current config.
Reset router to default config.
If Whatsapp works, then you have a faulty configuration.
If it does not work, your IS block its.

As anav write, no need for special rules for Whatsapp
.
Use Splunk to monitor your MikroTik Router

MikroTik->Splunk

Who is online

Users browsing this forum: No registered users and 22 guests