OVH AntiDDOS TCP settings.

DJ_Ironic

Member
Dec 22, 2015
5
0
38
Hello,

I have OVH VPS CLOUD to host my TeamSpeak server. I am blocking all ports excluding TeamSpeak ones (I have secondary secret IP to manage the server with SSH). So I refused all connections and I am adding "accept" rules with higher priority.
I enabled 9987 UDP. Now I want to add server query, file transfer and other ports.

What I want to ask you is...what should I set to "TCP options" as you can see here:

XyCSdYc.png



Thank you so much for your time and answers.

DJ_Ironic
 

MiKE1337

Member
Nov 17, 2015
41
15
46
Hi,
I think you should leave it blank all but, I dont understand what is your reason to use OVH Anti-DDOS PRO. The protection is just basic anti-ddos solution, any advanced attack will null your server.
There are several good price and quality OVH Anti-DDoS GAME resellers, For example:
OMGSERV - OpenVZ, - Hosted on MC32 Dedicated server
C38Host - KVM - Hosted on MC64-OC Dedicated server (now I'm using for my TS3 server)
 

MrWolf

Retired Staff
Contributor
Dec 27, 2016
475
263
112
Hi,
I think you should leave it blank all but, I dont understand what is your reason to use OVH Anti-DDOS PRO. The protection is just basic anti-ddos solution, any advanced attack will null your server.
There are several good price and quality OVH Anti-DDoS GAME resellers, For example:
OMGSERV - OpenVZ, - Hosted on MC32 Dedicated server
C38Host - KVM - Hosted on MC64-OC Dedicated server (now I'm using for my TS3 server)
You can also try ExtraVM, there is allot of OVH GAME resellers out there.
 

MiKE1337

Member
Nov 17, 2015
41
15
46
You can also try ExtraVM, there is allot of OVH GAME resellers out there.
Yeah, ExtraVM is also good. But when you have a legit Teamspeak license or you're hosting 32 slot TS3 only, because their TOS doesn't allow cracked servers.
 

MrWolf

Retired Staff
Contributor
Dec 27, 2016
475
263
112
Yeah, ExtraVM is also good. But when you have a legit Teamspeak license or you're hosting 32 slot TS3 only, because their TOS doesn't allow cracked servers.
They can't detect the crack if you use binary patched license :rolleyes:
 

DJ_Ironic

Member
Dec 22, 2015
5
0
38
So I am using it because I don't have any other option...so I know it´s not ideal, but I must deal with what I have.

I set it up like this:
kfYodJc.png

but TeamSpeak will not connect, also TS query will not connect, just time out. The only thing working is ICMP, I can ping the server. Any idea why?
Nmap says "ports is closed".

But I have another IP on the server for SSH access without any rules (yet), and TS will connect there fine. It will work here also when I remove the "refuse IPv4" rule.
 

DJ_Ironic

Member
Dec 22, 2015
5
0
38
I know there is an option to buy it. Long story short, I am stuck on the OVH PRO...I will not ask if I will have any other option.
 

MiKE1337

Member
Nov 17, 2015
41
15
46
So I am using it because I don't have any other option...so I know it´s not ideal, but I must deal with what I have.

I set it up like this:
kfYodJc.png

but TeamSpeak will not connect, also TS query will not connect, just time out. The only thing working is ICMP, I can ping the server. Any idea why?
Nmap says "ports is closed".

But I have another IP on the server for SSH access without any rules (yet), and TS will connect there fine. It will work here also when I remove the "refuse IPv4" rule.
I think you are blocking IPv4 protocol, Try to refuse all TCP and UDP expect allowed ports and IPs instead of refusing IPv4 protocol. I have not set up the OVH PRO Firewall for a long time so my advice may not work, but you can try it.

@Private-Hosting I sent you PM
 

DJ_Ironic

Member
Dec 22, 2015
5
0
38
I can't set rule to block TCP connections without port and port range is not able to be filled.
But I read OVH docs about the firewall, they are suggesting using the same configuration as I have with different ports for webserver.
exemple.png

"For example, a packet for TCP port 80 will be captured by rule 2 and the rules that come after will not be tested. A packet for TCPport 25 will only be captured at the last rule (19) which will block it, because OVH does not authorise communication on port 25 in the previous rules." Taken from OVH docs.
 
Top