WhatsApp could not sending, but receiving

unique24

Hello!

I have TP-Link Accesspoints on several Mikrotik Switches and VLANs to the pfSense.

Since some time the user are not able to send a message with WhatsApp. Receiving is so far ok.

There is also no error message in the WhatsApp .. just no sending.

Other programs (youtube, web, outlook, von, ...) are ok.

I take a look in the system firewall log:

I see a lot of blocked :80 and :443 communication .. but from LAN to WAN should be no blocking.

Could this the problem?

I have 4 VLANs
1 WAN

My Rules:

VLAN 300 "Schulnetz10Gbe"

WAN

Did someone see a mistake?

Thank you!

stephenw10

That blocked traffic is not the problem. It's all TCP flagged traffic which is expected:

https://docs.netgate.com/pfsense/en/latest/troubleshooting/log-filter-blocked.html?highlight=blocked#troubleshooting-blocked-log-entries-for-legitimate-connection-packets

Steve

unique24

@stephenw10 Hello Steve!

Hmmm ... I guess I need to test it with my cellphone ... When I know my phone IP I could check the logs, right?

Is there a special debug logging neccassary?

Gertjan

@unique24 said in WhatsApp could not sending, but receiving:

When I know my phone IP I could check the logs, right?

When your phone uses wifi connection, and the AP you use is connected to VLAN300 interface called SCHULLNETZ10GBE, then there won't be any log to see as the one and only "pass all" rule that is present on that interfaces passes all traffic without logging.

Not related, but scary :

Serous ??

And rule 3 is identical to rule 2, so it will never get hit/used.

stephenw10

Yeah, opening the firewall to all incoming TCP connections on WAN is not good idea!

Steve

unique24

@gertjan Oh, thank you!

I configure remotly via Teamviewer from a PC in the LAN.

Should I remove the rule? I thought I need it to pass the traffic to the internet.

Or did I need to change the Source or Destination?

Thank you!

Gertjan

@unique24 said in WhatsApp could not sending, but receiving:

Should I remove the rule? I thought I need it to pass the traffic to the internet.

When you installed pfSense, there was no rule whatsoever on the WAN interface.
And everything was fine : every LAN device had Internet access.

When you activate an OpenVPN instance, listening on the WAN interface, port 3703 UDP, you need a firewall rule "port 3703 - UDP" on the WAN interface.
One rule, not two.

stephenw10

You should not need any rules on WAN to allow access via Teamviewer.
The internal host connects out to the Teamviewer servers and that's how your remote client then finds it.

Steve

unique24

@gertjan Thank you .. I thought I need to open the WAN port with this rule.