I do not receive and send whatsapp messages

Hello. I use the shalla blacklist. and I blocked whatsapp, acting on the “chat” category. now I have removed the block and of course I can go to the site of whatsapp but the messages on the app are not sent. so I browse the website, but the app does not send and receive messages.

Without more information on your setup this becomes crystal ball stuff to diagnose m8 …

I presume you are using a client to connect to internet with Nethserver as your router/gateway ?
Is whatsapp perhaps using more ports then you opened on the firewall ?

Any errors in the logs ?

Sorry, yes I use an android device to connect to internet and Nethserver is my gateway/firewall. I have not open ports, and I dont know where read the logs. Sorry

I would start with

var/log/squid/access.log

At the following site you find a list with the WhatsApp ports:

3 Likes

in access.log I find:
1521533903.238 114 192.168.179.190 TCP_MISS/503 0 CONNECT web.whatsapp.com:443 - HIER_NONE/- -
1521533903.238 118 192.168.179.190 TCP_MISS/503 0 CONNECT web.whatsapp.com:443 - HIER_NONE/- -

is this useful for my goal?

Is 443 a safe port at your squid.conf?

Please post your configuration.

/etc/squid/squid.conf

How can I view the file you have indicated? can I enter the URL in the browser, if it is possible what is the complete URL?

No, you have to open it in a shell. For example you can use putty from a client and open it with an editor.
For example:

vi /etc/squid/squid.conf

I started putty and I entered ip address and port (in my case 222) … does not work. what am I doing wrong?

Did you choose ssh as connection type? What message did you get?

icap_enable on
icap_send_client_ip on
icap_send_client_username on
icap_client_username_encode off
icap_client_username_header X-Authenticated-User
icap_preview_enable on
icap_preview_size 1024

90options

forward_max_tries 25
shutdown_lifetime 1 seconds
buffered_logs on
max_filedesc 16384
logfile_rotate 0
icap_service clamav_req reqmod_precache bypass=1 icap://127.0.0.1:1344/squidclamav
adaptation_access clamav_req allow all
icap_service clamav_resp respmod_precache bypass=1 icap://127.0.0.1:1344/squidclamav
adaptation_access clamav_resp allow all

There is a sector with acl safe ports at the beginning of your config, can you post it too?

# ================= DO NOT MODIFY THIS FILE =================
#
# Manual changes will be lost when this file is regenerated.
#
# Please read the developer's guide, which is available
# at https://dev.nethesis.it/projects/nethserver/wiki/NethServer
# original work from http://www.contribs.org/development/
#
# Copyright (C) 2013 Nethesis S.r.l.
# http://www.nethesis.it - support@nethesis.it
#
 
# Uncomment this to enable debug
#debug_options ALL,1 33,2 28,9
 
# Sites not cached
acl no_cache dstdomain "/etc/squid/acls/no_cache.acl"
no_cache deny no_cache
 
# Allow access from green and trusted networks.
acl localnet src 192.168.176.0/21
acl localnet_dst src 192.168.176.0/21
acl localnet src 192.168.78.0/24
acl localnet_dst src 192.168.78.0/24
 
# Safe ports
acl SSL_ports port 443
acl SSL_ports port 980          # httpd-admin (server-manager)
acl Safe_ports port 80          # http
acl Safe_ports port 21          # ftp
acl Safe_ports port 443         # https
acl Safe_ports port 70          # gopher
acl Safe_ports port 210         # wais
acl Safe_ports port 1025-65535  # unregistered ports
acl Safe_ports port 280         # http-mgmt
acl Safe_ports port 488         # gss-http
acl Safe_ports port 591         # filemaker
acl Safe_ports port 777         # multiling http
acl Safe_ports port 980         # httpd-admin (server-manager)
acl CONNECT method CONNECT
 
#
# 20acl_00_portscustom
#
 
 
# Allow access from localhost
http_access allow localhost
 
# Deny requests to certain unsafe ports
http_access deny !Safe_ports
 
# Deny CONNECT to other than secure SSL ports
http_access deny CONNECT !SSL_ports
 
# Only allow cachemgr access from localhost
http_access allow localhost manager
http_access deny manager
 
#
# Skip URL rewriter for local addresses
#
acl self dst 192.168.178.75
acl self_port port 80
acl self_port port 443
url_rewrite_access deny self localnet  self_port
 
 
# No authentication on green and trusted networks
http_access allow localnet
 
 
# And finally deny all other access to this proxy
http_access deny all
 
cache_mem 256 MB
# Leave coredumps in the first cache dir
coredump_dir /var/spool/squid
 
#
# Add any of your own refresh_pattern entries above these.
#
refresh_pattern ^ftp:           1440    20%     10080
refresh_pattern ^gopher:        1440    0%      1440
refresh_pattern -i (/cgi-bin/|\?) 0     0%      0
refresh_pattern .               0       20%     4320
refresh_pattern ([^.]+.|)(download|(windows|)update|).(microsoft.|)com/.*\.(cab|exe|msi|msp) 4320 100% 43200 reload-into-ims
 
# Always enable manual proxy
http_port 3128
 
 
 
 
# Enable squidGuard
url_rewrite_program /usr/bin/squidGuard
url_rewrite_children 20 startup=5 idle=5
 
icap_enable on
icap_send_client_ip on
icap_send_client_username on
icap_client_username_encode off
icap_client_username_header X-Authenticated-User
icap_preview_enable on
icap_preview_size 1024
 
#
# 90options
#
forward_max_tries 25
shutdown_lifetime 1 seconds
buffered_logs on
max_filedesc 16384
logfile_rotate 0
icap_service clamav_req reqmod_precache bypass=1 icap://127.0.0.1:1344/squidclamav
adaptation_access clamav_req allow all
icap_service clamav_resp respmod_precache bypass=1 icap://127.0.0.1:1344/squidclamav
adaptation_access clamav_resp allow all

a question. this information that I have pasted now could be a danger if some evil intentionally gets to know it?

I don’t think it’s dangerous, you only posted internal IP addresses and some internal networks. Public IPs or real MACs are more dangerous as they may directly be misused or identify you.

2 Likes

Your config looks good. I’ve no other idea at the moment. Somebody else? @support_team

Could you post your “Web Proxy” configuration page from dashboard?

it is set to manual for all zones. http and https port blocking is enabled

Try removing “block http and https ports”

If this works, you can try to configure your Android device to use the proxy when you are connected to this particular WiFi:

https://www.howtogeek.com/295048/how-to-configure-a-proxy-server-on-android/

2 Likes

I do not use the proxy configuration of this guide. currently, only on some android phones (the most modern ones?) and on the apple pc (it seems only macbook), I have to enter the address of the wpad.dat file, otherwise it is not possible to browse.