Categories

JavaScriptPHPHTMLCssPythonWordPressWeb developmentLinuxMySQLAndroidWindowsJavaC++ / C#LayoutReactUbuntuYiiDjangoProgramming1C-BitrixLaravelSystem administrationTelegramJSONDebianPostgreSQLIOSGoogleHtaccessWindows ServerGitMacOSGoogle ChromeCMSWooСommerceBootstrapNginxSQLUnityAPI
Make a leaderReport
A
A
Alexander Matkovsky2016-02-09 20:07:00
Skype
Alexander Matkovsky, 2016-02-09 20:07:00

How to allow only Skype on Mikrotik?

Kind.
The task is to prohibit the message "Internet" from the network on the Mikrotik router, to allow only Skype.
Please tell me how to solve this problem?
I tried to allow only 80, 443 and 33033 ports on the Skype servers (I got the list of ip addresses of the servers via sniffer), but it did not work.
In theory, this should be done through Layer7, such as Basic traffic shaping based on layer-7 protocols . But it didn't work for me either.

Reply
Answer the question

Answer the question

In order to leave comments, you need to log in

3 answer(s)
Report
A
Anton, 2016-02-09
@ADL

if you want to allow only access to certain addresses, why specify ports? enter only addresses.

Report
N
nimbo, 2016-02-09
@nimbo

https://virtualitsupport.wordpress.com/2013/12/09/...
you can jump from this

Report
L
LESHIY_ODESSA, 2016-02-10
@LESHIY_ODESSA

1. Make NAT only for allowed IPs.
The Skype IP list is taken from Google. Refine it yourself or load the entire Microsoft .

/ip firewall address-list add list=list-skype address=111.221.74.0/24
/ip firewall address-list add list=list-skype address=111.221.77.0/24
/ip firewall address-list add list=list-skype address=157.55.130.0/24
/ip firewall address-list add list=list-skype address=157.55.235.0/24
/ip firewall address-list add list=list-skype address=157.55.56.0/24
/ip firewall address-list add list=list-skype address=157.56.52.0/24
/ip firewall address-list add list=list-skype address=213.199.179.0/24
/ip firewall address-list add list=list-skype address=64.4.23.0/24
/ip firewall address-list add list=list-skype address=65.55.223.0/24

We raise NAT only from allowed IPs.
/ip firewall nat
add action=masquerade chain=srcnat out-interface=ether1 dst-address-list=list-skype

I checked it, it works for me, but double-check the IP list.
2. Of course, the same trick can be done in the Firewall with a rule that prohibits everything except the allowed Skype IP list.
/ip firewall filter
add chain=forward src-address-list=list-skype
add action=drop chain=forward dst-address-list=!list-skype

Similar questions
A
andrey69rus2016-11-28 18:36:20
Microsoft visual c++ runtime error how to fix? 0Reply
S
Sergey Pugovkin2016-12-05 01:11:08
What phone number does skype use? 2Reply
D
Denuser682016-12-11 19:42:53
How to flip the webcam image in skype? 3Reply
A
Alexander Sisyukin2017-01-14 03:52:42
Linux group call? 1Reply
U
user2k2017-02-07 09:56:03
How to set up full Skype access while prohibiting everything else through a web proxy? 1Reply

Didn't find what you were looking for?

Ask your question

Ask a Question

731 491 924 answers to any question