This article will show you how to run a Teamspeak 3 server under Debian Wheezy. Before you can start with it, you should do some preparation on your VPS.
If you already have a firewall in place, make sure that traffic to the Teamspeak server is allowed by adding the following rules:
iptables -A INPUT -p udp --dport 9987 -j ACCEPT
iptables -A INPUT -p udp --sport 9987 -j ACCEPT
iptables -A INPUT -p tcp --dport 30033 -j ACCEPT
iptables -A INPUT -p tcp --sport 30033 -j ACCEPT
iptables -A INPUT -p tcp --dport 10011 -j ACCEPT
iptables -A INPUT -p tcp --sport 10011 -j ACCEPT
Otherwise, here is a basic list of rules that allows SSH and ICMP traffic (as well as traffic for Teamspeak of course) and drops everything else, IPv4 and IPv6:
iptables -A INPUT -i lo -j ACCEPT # Since a lot of interprocess-communication goes over the loopback-interface you should allow it to avoid very, very weird and difficult problems
iptables -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT # Accept packets that respond to outgoing requests
iptables -A INPUT -p icmp -j ACCEPT
iptables -A INPUT -p tcp --dport 22 -j ACCEPT
iptables -A INPUT -p udp --dport 9987 -j ACCEPT
iptables -A INPUT -p tcp --dport 30033 -j ACCEPT
iptables -A INPUT -p tcp --dport 10011 -j ACCEPT
iptables -P INPUT DROP # DROP everything else
ip6tables -A INPUT -i lo -j ACCEPT
ip6tables -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
ip6tables -A INPUT -p icmpv6 -j ACCEPT
ip6tables -A INPUT -p tcp --dport 22 -j ACCEPT
ip6tables -A INPUT -p udp --dport 9987 -j ACCEPT
ip6tables -A INPUT -p tcp --dport 30033 -j ACCEPT
ip6tables -A INPUT -p tcp --dport 10011 -j ACCEPT
ip6tables -P INPUT DROP
After spinning up your server, login as root. While permanently working as root is generally frowned upon by the internet community, it also has serious implications for the security of your server. According to the Internet Storm Center 90% of all brute-force attacks on SSH are targeting the root-account. There are hundreds if not thousands of automated scans out there trying to break into servers with weak administrative passwords – so it’s definitely a good idea to use a separate user in combination with sudo.
First, add another user and give it a strong password:
useradd -m -s /bin/bash yourusername
passwd yourusername
Next, edit /etc/sudoers
to allow yourself to use it:
yourusername ALL=(ALL:ALL) ALL
Then, logout and log back into the machine with your new user. You can then disable root login in /etc/ssh/sshd_config
:
PermitRootLogin no
AllowUsers yourusername
For even more security, you can consider implementing password-less authentication using SSH-keys. For more information on password-less authentication. Congratulations, you saved yourself from over 90% of attackers out there. Now, onto installing the Teamspeak server.
It is bad practice to run a service as root, so create a user solely for Teamspeak:
sudo useradd -m -s /bin/bash teamspeak
Afterwards, log into that user account and switch to the home directory:
sudo su teamspeak
cd
Download Teamspeak. Depending on your architecture, you will need either the x64 version:
wget http://dl.4players.de/ts/releases/3.0.11.1/teamspeak3-server_linux-amd64-3.0.11.1.tar.gz
Or the x86 version:
wget http://dl.4players.de/ts/releases/3.0.11.1/teamspeak3-server_linux-x86-3.0.11.1.tar.gz
Unpack the downloaded archive:
tar -xzvf *.tar.gz && rm *.tar.gz
Now, you have a folder named teamspeak3-server_linux-amd64 with some scripts in it. Switch back to your normal user:
exit
Setup a script to automatically start your server after a reboot. This script also easily stops or restarts the Teamspeak service. Paste the following into /etc/init.d/teamspeak:
#!/bin/sh
### BEGIN INIT INFO
# Provides: teamspeak
# Required-Start: $local_fs $network
# Required-Stop: $local_fs $network
# Default-Start: 2 3 4 5
# Default-Stop: 0 1 6
# Description: Teamspeak 3 Server
### END INIT INFO
USER="teamspeak"
DIR="/home/teamspeak/teamspeak3-server_linux-amd64"
###### Teamspeak 3 server start/stop script ######
case "$1" in
start)
su $USER -c "$DIR/ts3server_startscript.sh start"
;;
stop)
su $USER -c "$DIR/ts3server_startscript.sh stop"
;;
restart)
su $USER -c "$DIR/ts3server_startscript.sh restart"
;;
status)
su $USER -c "$DIR/ts3server_startscript.sh status"
;;
*)
echo "Usage: " >&2
exit 1
;;
esac
exit 0
Make that file executable:
sudo chmod 700 /etc/init.d/teamspeak
Now, make Teamspeak start at boot:
sudo update-rc.d teamspeak defaults
All that’s left is to start the service:
sudo service teamspeak start
Happy chatting!