Setting Up Teamspeak 3 on Debian Wheezy

This article will show you how to run a Teamspeak 3 server under Debian Wheezy. Before you can start with it, you should do some preparation on your VPS.

If you already have a firewall in place, make sure that traffic to the TeamSpeak server is allowed by adding the following rules:

iptables -A INPUT -p udp --dport 9987 -j ACCEPT
iptables -A INPUT -p udp --sport 9987 -j ACCEPT
iptables -A INPUT -p tcp --dport 30033 -j ACCEPT
iptables -A INPUT -p tcp --sport 30033 -j ACCEPT
iptables -A INPUT -p tcp --dport 10011 -j ACCEPT
iptables -A INPUT -p tcp --sport 10011 -j ACCEPT

Otherwise, here is a basic list of rules that allows SSH and ICMP traffic (as well as traffic for Teamspeak, of course) and drops everything else, IPv4 and IPv6:

iptables -A INPUT -i lo -j ACCEPT # Since a lot of interprocess-communication goes over the loopback-interface you should allow it to avoid very, very weird and difficult problems
iptables -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT # Accept packets that respond to outgoing requests
iptables -A INPUT -p icmp -j ACCEPT
iptables -A INPUT -p tcp --dport 22 -j ACCEPT
iptables -A INPUT -p udp --dport 9987 -j ACCEPT
iptables -A INPUT -p tcp --dport 30033 -j ACCEPT
iptables -A INPUT -p tcp --dport 10011 -j ACCEPT
iptables -P INPUT DROP # DROP everything else

ip6tables -A INPUT -i lo -j ACCEPT
ip6tables -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
ip6tables -A INPUT -p icmpv6 -j ACCEPT
ip6tables -A INPUT -p tcp --dport 22 -j ACCEPT
ip6tables -A INPUT -p udp --dport 9987 -j ACCEPT
ip6tables -A INPUT -p tcp --dport 30033 -j ACCEPT
ip6tables -A INPUT -p tcp --dport 10011 -j ACCEPT
ip6tables -P INPUT DROP

After spinning up your server, log in as root. While permanently working as root is generally frowned upon by the internet community, it also has serious implications for the security of your server. According to the Internet Storm Center, 90% of all brute-force attacks on SSH are targeting the root account. There are hundreds, if not thousands, of automated scans out there trying to break into servers with weak administrative passwords – so it’s a good idea to use a separate user in combination with sudo.

First, add another user and give it a strong password:

useradd -m -s /bin/bash yourusername
passwd yourusername

Next, edit /etc/sudoers to allow yourself to use it:

yourusername    ALL=(ALL:ALL) ALL

Then, log out and log back into the machine with your new user. You can then disable root login in /etc/ssh/sshd_config:

PermitRootLogin no
AllowUsers yourusername

For even more security, you can consider implementing password-less authentication using SSH keys. For more information on password-less authentication. Congratulations, you saved yourself from over 90% of attackers out there. Now, onto installing the TeamSpeak server.

It is bad practice to run a service as root, so create a user solely for Teamspeak:

sudo useradd -m -s /bin/bash teamspeak

Afterwards, log in to that user account and switch to the home directory:

sudo su teamspeak
cd

Download Teamspeak. Depending on your architecture, you will need either the x64 version:

wget http://dl.4players.de/ts/releases/3.0.11.1/teamspeak3-server_linux-amd64-3.0.11.1.tar.gz

Or the x86 version:

wget http://dl.4players.de/ts/releases/3.0.11.1/teamspeak3-server_linux-x86-3.0.11.1.tar.gz

Unpack the downloaded archive:

tar -xzvf .tar.gz && rm .tar.gz

Now, you have a folder named teamspeak3-server_linux-amd64 with some scripts in it. Switch back to your normal user:

exit

Set up a script to automatically start your server after a reboot. This script also easily stops or restarts the TeamSpeak service. Paste the following into /etc/init.d/teamspeak:

#!/bin/sh
### BEGIN INIT INFO
# Provides: teamspeak
# Required-Start: $local_fs $network
# Required-Stop: $local_fs $network
# Default-Start: 2 3 4 5
# Default-Stop: 0 1 6
# Description: Teamspeak 3 Server
### END INIT INFO

USER="teamspeak"
DIR="/home/teamspeak/teamspeak3-server_linux-amd64"
###### Teamspeak 3 server start/stop script ######
case "$1" in
start)
su $USER -c "$DIR/ts3server_startscript.sh start"
;;
stop)
su $USER -c "$DIR/ts3server_startscript.sh stop"
;;
restart)
su $USER -c "$DIR/ts3server_startscript.sh restart"
;;
status)
su $USER -c "$DIR/ts3server_startscript.sh status"
;;
*)
echo "Usage: " >&2
exit 1
;;
esac
exit 0

Make that file executable:

sudo chmod 700 /etc/init.d/teamspeak

Now, make TeamSpeak start at boot:

sudo update-rc.d teamspeak defaults

All that’s left is to start the service:

sudo service teamspeak start

Happy chatting!