Hi all,
I'm facing a weird problem and I need some of your usefull help.
In my company I set squid to non-transparent + non-user authentication, and this is working quite good. The problem lies when some employees need to use Whatsapp and when I set the proxy options on these mobiles, Whatsapps is working good, you can chat, but cannot send images or voice records. This drives me crazy. I open ports on Squid and Iptables (5222, 5223 and 5228 according to some investigating) and this seems not work.
I will appreciate any help about this.
I'm facing a weird problem and I need some of your usefull help.
In my company I set squid to non-transparent + non-user authentication, and this is working quite good. The problem lies when some employees need to use Whatsapp and when I set the proxy options on these mobiles, Whatsapps is working good, you can chat, but cannot send images or voice records. This drives me crazy. I open ports on Squid and Iptables (5222, 5223 and 5228 according to some investigating) and this seems not work.
I will appreciate any help about this.
Share this post:
Responses (13)
-
Accepted Answer
You've bumped a 6 year old thread, and, in general you should avoid using FQDN's in iptables. They probably don't work as you expect. The FQDN is resolved when the firewall rule is loaded and never again until the firewall reloads. If the IP for the FQDN changes, the firewall won't track the change, This is a PITA for FQDN's which have multiple A records and round-robin them. -
Accepted Answer
I try in the Custom Firewall this rules
iptables -I FORWARD -d media.faep9-2.fna.whatsapp.net -p tcp --dport 443 -j ACCEPT
and
iptables -I FORWARD -d https://media.faep9-2.fna.whatsapp.net/ -p tcp --dport 443 -j ACCEPT
to my is work -
Accepted Answer
-
Accepted Answer
This is bad
I do not want to bypass those smartphones IP's because some people saturate web traffic using social networks and downloading apps, It is very difficult to control those apps separately, and I don't get any other solution to this. . . but thanks anyway, I will continue investigating about this terrible issue, Whatsapp has a terrible network traffic management. -
Accepted Answer
11:05:50.975363 IP 192.168.3.187.38935 > 173.192.222.186.5222: Flags [P.], seq 128:218, ack 244, win 463, options [nop,nop,TS val 2182219 ecr 144043163], length 90
11:05:51.103015 IP 173.192.222.186.5222 > 192.168.3.187.38935: Flags [.], ack 218, win 514, options [nop,nop,TS val 144052411 ecr 2182219], length 0
11:05:51.110039 IP 173.192.222.186.5222 > 192.168.3.187.38935: Flags [P.], seq 244:401, ack 218, win 514, options [nop,nop,TS val 144052417 ecr 2182219], length 157
11:05:51.111787 IP 192.168.3.187.38935 > 173.192.222.186.5222: Flags [.], ack 401, win 463, options [nop,nop,TS val 2182234 ecr 144052417], length 0
11:05:51.140184 IP 192.168.3.187.54639 > 184.173.204.57.443: Flags [S], seq 3002331119, win 14600, options [mss 1460,sackOK,TS val 2182236 ecr 0,nop,wscale 6], length 0
11:05:51.140219 IP 184.173.204.57.443 > 192.168.3.187.54639: Flags [S.], seq 3787441869, ack 3002331120, win 14480, options [mss 1460,sackOK,TS val 82925526 ecr 2182236,nop,wscale 6], length 0
11:05:51.141449 IP 192.168.3.187.54639 > 184.173.204.57.443: Flags [.], ack 1, win 229, options [nop,nop,TS val 2182237 ecr 82925526], length 0
11:05:51.153765 IP 192.168.3.187.54639 > 184.173.204.57.443: Flags [P.], seq 1:185, ack 1, win 229, options [nop,nop,TS val 2182238 ecr 82925526], length 184
11:05:51.153794 IP 184.173.204.57.443 > 192.168.3.187.54639: Flags [.], ack 185, win 243, options [nop,nop,TS val 82925540 ecr 2182238], length 0
11:05:51.154645 IP 184.173.204.57.443 > 192.168.3.187.54639: Flags [F.], seq 1, ack 185, win 243, options [nop,nop,TS val 82925540 ecr 2182238], length 0
11:05:51.158728 IP 192.168.3.187.54639 > 184.173.204.57.443: Flags [F.], seq 185, ack 2, win 229, options [nop,nop,TS val 2182238 ecr 82925540], length 0
11:05:51.158749 IP 184.173.204.57.443 > 192.168.3.187.54639: Flags [.], ack 186, win 243, options [nop,nop,TS val 82925545 ecr 2182238], length 0
Indeed pictures don't work. Here you can see the output from tcpdump. I only copied the text for the image sending.
192.168.3.187 is my phone IP
I just closed the app and added a few ports to the firewall but now it just keeps uploading endless.
I guess firewall doesnt do anything -
Accepted Answer
-
Accepted Answer
-
Accepted Answer
-
Accepted Answer
-
Accepted Answer
Please login to post a reply
You will need to be logged in to be able to post a reply. Login using the form on the right or register an account if you are new here.
Register Here »