OVH AntiDDOS TCP settings.

[DJ_Ironic]

Hello,

I have OVH VPS CLOUD to host my TeamSpeak server. I am blocking all ports excluding TeamSpeak ones (I have secondary secret IP to manage the server with SSH). So I refused all connections and I am adding "accept" rules with higher priority.
I enabled 9987 UDP. Now I want to add server query, file transfer and other ports.

What I want to ask you is...what should I set to "TCP options" as you can see here:

Thank you so much for your time and answers.

DJ_Ironic

 

[MiKE1337]

Hi,
I think you should leave it blank all but, I dont understand what is your reason to use OVH Anti-DDOS PRO. The protection is just basic anti-ddos solution, any advanced attack will null your server.
There are several good price and quality OVH Anti-DDoS GAME resellers, For example:
OMGSERV - OpenVZ, - Hosted on MC32 Dedicated server
C38Host - KVM - Hosted on MC64-OC Dedicated server (now I'm using for my TS3 server)

 

[MrWolf]

Hi,
I think you should leave it blank all but, I dont understand what is your reason to use OVH Anti-DDOS PRO. The protection is just basic anti-ddos solution, any advanced attack will null your server.
There are several good price and quality OVH Anti-DDoS GAME resellers, For example:
OMGSERV - OpenVZ, - Hosted on MC32 Dedicated server
C38Host - KVM - Hosted on MC64-OC Dedicated server (now I'm using for my TS3 server)

You can also try ExtraVM, there is allot of OVH GAME resellers out there.

 

[MiKE1337]

You can also try ExtraVM, there is allot of OVH GAME resellers out there.

Yeah, ExtraVM is also good. But when you have a legit Teamspeak license or you're hosting 32 slot TS3 only, because their TOS doesn't allow cracked servers.

 

[MrWolf]

Yeah, ExtraVM is also good. But when you have a legit Teamspeak license or you're hosting 32 slot TS3 only, because their TOS doesn't allow cracked servers.

They can't detect the crack if you use binary patched license

 

[DJ_Ironic]

So I am using it because I don't have any other option...so I know it´s not ideal, but I must deal with what I have.

I set it up like this:

but TeamSpeak will not connect, also TS query will not connect, just time out. The only thing working is ICMP, I can ping the server. Any idea why?
Nmap says "ports is closed".

But I have another IP on the server for SSH access without any rules (yet), and TS will connect there fine. It will work here also when I remove the "refuse IPv4" rule.

 

[DJ_Ironic]

I know there is an option to buy it. Long story short, I am stuck on the OVH PRO...I will not ask if I will have any other option.

 

[MiKE1337]

So I am using it because I don't have any other option...so I know it´s not ideal, but I must deal with what I have.

I set it up like this:

but TeamSpeak will not connect, also TS query will not connect, just time out. The only thing working is ICMP, I can ping the server. Any idea why?
Nmap says "ports is closed".

But I have another IP on the server for SSH access without any rules (yet), and TS will connect there fine. It will work here also when I remove the "refuse IPv4" rule.

I think you are blocking IPv4 protocol, Try to refuse all TCP and UDP expect allowed ports and IPs instead of refusing IPv4 protocol. I have not set up the OVH PRO Firewall for a long time so my advice may not work, but you can try it.

@Private-Hosting I sent you PM

 

[DJ_Ironic]

I can't set rule to block TCP connections without port and port range is not able to be filled.
But I read OVH docs about the firewall, they are suggesting using the same configuration as I have with different ports for webserver.

"For example, a packet for TCP port 80 will be captured by rule 2 and the rules that come after will not be tested. A packet for TCPport 25 will only be captured at the last rule (19) which will block it, because OVH does not authorise communication on port 25 in the previous rules." Taken from OVH docs.