Question OVH AntiDDOS TCP settings.

Joined
Dec 22, 2015
Messages
5
Likes
0
Points
35
Age
30
#1
Hello,

I have OVH VPS CLOUD to host my TeamSpeak server. I am blocking all ports excluding TeamSpeak ones (I have secondary secret IP to manage the server with SSH). So I refused all connections and I am adding "accept" rules with higher priority.
I enabled 9987 UDP. Now I want to add server query, file transfer and other ports.

What I want to ask you is...what should I set to "TCP options" as you can see here:




Thank you so much for your time and answers.

DJ_Ironic
 
Joined
Nov 17, 2015
Messages
40
Likes
13
Points
46
Location
Czech Republic
#2
Hi,
I think you should leave it blank all but, I dont understand what is your reason to use OVH Anti-DDOS PRO. The protection is just basic anti-ddos solution, any advanced attack will null your server.
There are several good price and quality OVH Anti-DDoS GAME resellers, For example:
OMGSERV - OpenVZ, - Hosted on MC32 Dedicated server
C38Host - KVM - Hosted on MC64-OC Dedicated server (now I'm using for my TS3 server)
 

MrWolf

Moderator
Joined
Dec 27, 2016
Messages
361
Likes
247
Points
112
Age
21
Location
Croatia
#3
Hi,
I think you should leave it blank all but, I dont understand what is your reason to use OVH Anti-DDOS PRO. The protection is just basic anti-ddos solution, any advanced attack will null your server.
There are several good price and quality OVH Anti-DDoS GAME resellers, For example:
OMGSERV - OpenVZ, - Hosted on MC32 Dedicated server
C38Host - KVM - Hosted on MC64-OC Dedicated server (now I'm using for my TS3 server)
You can also try ExtraVM, there is allot of OVH GAME resellers out there.
 

MrWolf

Moderator
Joined
Dec 27, 2016
Messages
361
Likes
247
Points
112
Age
21
Location
Croatia
#5
Yeah, ExtraVM is also good. But when you have a legit Teamspeak license or you're hosting 32 slot TS3 only, because their TOS doesn't allow cracked servers.
They can't detect the crack if you use binary patched license :rolleyes:
 
Joined
Dec 22, 2015
Messages
5
Likes
0
Points
35
Age
30
#6
So I am using it because I don't have any other option...so I know it´s not ideal, but I must deal with what I have.

I set it up like this:

but TeamSpeak will not connect, also TS query will not connect, just time out. The only thing working is ICMP, I can ping the server. Any idea why?
Nmap says "ports is closed".

But I have another IP on the server for SSH access without any rules (yet), and TS will connect there fine. It will work here also when I remove the "refuse IPv4" rule.
 
Joined
Dec 22, 2015
Messages
5
Likes
0
Points
35
Age
30
#7
I know there is an option to buy it. Long story short, I am stuck on the OVH PRO...I will not ask if I will have any other option.
 
Joined
Nov 17, 2015
Messages
40
Likes
13
Points
46
Location
Czech Republic
#8
So I am using it because I don't have any other option...so I know it´s not ideal, but I must deal with what I have.

I set it up like this:

but TeamSpeak will not connect, also TS query will not connect, just time out. The only thing working is ICMP, I can ping the server. Any idea why?
Nmap says "ports is closed".

But I have another IP on the server for SSH access without any rules (yet), and TS will connect there fine. It will work here also when I remove the "refuse IPv4" rule.
I think you are blocking IPv4 protocol, Try to refuse all TCP and UDP expect allowed ports and IPs instead of refusing IPv4 protocol. I have not set up the OVH PRO Firewall for a long time so my advice may not work, but you can try it.

@Private-Hosting I sent you PM
 
Joined
Dec 22, 2015
Messages
5
Likes
0
Points
35
Age
30
#9
I can't set rule to block TCP connections without port and port range is not able to be filled.
But I read OVH docs about the firewall, they are suggesting using the same configuration as I have with different ports for webserver.

"For example, a packet for TCP port 80 will be captured by rule 2 and the rules that come after will not be tested. A packet for TCPport 25 will only be captured at the last rule (19) which will block it, because OVH does not authorise communication on port 25 in the previous rules." Taken from
You do not have permission to view link Log in or register now.
.
 

Top