WhatsApp Calls through IPFilter - How do I allow?

Odhiambo Washington odhiambo at gmail.com
Sat Feb 27 09:43:28 UTC 2016

On 26 February 2016 at 15:49, Mark Felder <feld at freebsd.org> wrote:

> On Feb 26, 2016, at 01:56, Odhiambo Washington <odhiambo at gmail.com> wrote:
> On 25 February 2016 at 18:00, Mark Felder <feld at freebsd.org> wrote:
>> On Thu, Feb 25, 2016, at 05:04, Odhiambo Washington wrote:
>> > I have a network where FreeBSD acts as the gateway. I use IPFilter as
>> the
>> > firewall.
>> >
>> > I have users with smartphones who'd like to use Whatsapp call feature
>> but
>> > the firewall is blocking these. I have googled and found
>> > https://github.com/ukanth/afwall/issues/358 which seems to talk about
>> the
>> > ports that I need to open, but even after following that, I still cannot
>> > get this working. My IPFilter rules are these ->
>> > http://pastebin.com/77YrMEEG
>> >
>> > Hopefully someone can see what I am missing or knows what I should do.
>> > I am currently away from the box and with bad Internet, I cannot easily
>> > do
>> > packet capture to analyze... I know iy sounds lazy, but I also hope this
>> > wheel has already been invented and is spinning already...
>> >
>> >
>> Do you end up getting log entries for the blocked traffic?
>> --
>>   Mark Felder
>>   ports-secteam member
>>   feld at FreeBSD.org <feld at freebsd.org>
> I do't see anything written to the logfile.
> However, I have identified the rules blocking the traffic. I just need to
> get the ports used by Whatsapp for calls and I'll get this sorted.
> After some searching I was able to find someone who claims "The voice
> server connects only, as mentioned, 59437 - 59581 (the first time) and this
> goes through port 5222."
> I also came across this URL containing all the whatsapp IPs:
> http://www.whatsapp.com/cidr.txt
> If you still can't get this sorted out I can try emailing a contact I have
> at Whatsapp to see if he can provide further details.

The version of IPFilter on my server (FreeBSD 8.4-STABLE) does not support
variable definitions/substitutions else I could have used the CIDR.
My latest attempt at opening the relevant ports can be seen at
http://goo.gl/0xnhw8 but still it did not work! Maybe it's me who's getting
confused with the rules??
I have to literally leave the firewall open for Whatsapp calls to work,
which is pretty bad!
I'll appreciate any info from your contact at Whatsapp..
But also take a look at my rules and lemme know if you can act as my 3rd
eye to see where I could be missing the point/going wrong with the rules -
which are derived from http://freebsd.therek.net/handbook/firewalls-ipf.html,
to be precise.

Best regards,
+254 7 3200 0004/+254 7 2274 3223
"Oh, the cruft."

More information about the freebsd-questions mailing list