How do I bypass the firewall completely? As it is a hardware firewall. Date: Tue, 26 Nov 2013 10:08:53 +0100 From: [email protected] To: [email protected] Subject: Re: [Csgo_servers] Huge loss problem
Could be # concurrent connections or who knows what else. Try to connect directly bypassing the firewall eventually if you have no clue about fw specs / rulesets in use Marco PadovanChief Technical Officerhttp://www.hiperz.com On Tue, Nov 26, 2013 at 8:46 AM, arnold lam <[email protected]> wrote: So there is a firewall in between. But it shouldn't slow traffic down because if there is incoming DDOS, it will Blackhole/null route the ip. Basically it won't reach my server. Therefore it is still a bandwidth issue. I want to know what is restricting the bandwidth. I can download upload files at a high speed. 1 gig download 100mbps upload. But srcds can only use 13.5mbps. Basically everyone has the same amount lag no matter they are overseas or locally. Sent from my iPhone On 26 Nov, 2013, at 6:19 am, "ritual" <[email protected]> wrote: To be honest it's a bit of a cop-out answer as most script-kiddie DDOS attacks are from UDP SYN Flooding which are can be stopped by hardware firewalls. If it was a firewall issue, there would be more than one system affected and therefore more people complaining. I think we've narrowed down the problem here to limited bandwidth and that it is now up to his vendor to see if it is possible for them to provide more. Lowering tick and limiting players are all temporary fixes to the over-arching problem. Good luck with the vendor. On Mon, Nov 25, 2013 at 12:01 PM, Marco Padovan <[email protected]> wrote: Maybe then the issue relies on the hardware firewall. Post the specs and rulesets in use Marco PadovanChief Technical Officerhttp://www.hiperz.com On Mon, Nov 25, 2013 at 4:29 PM, arnold lam <[email protected]> wrote: It has hardware firewall, that's why ip tables is not needed. Btw basically I'm the system administrator, they can't do much. Sent from my iPhone On 25 Nov, 2013, at 11:17 pm, "Marco Padovan" <[email protected]> wrote: You are running without any firewall rule?!? O.o To me that is not good, nor normal. Ask your system administrator to setup a proper firewall ruleset and then to debug your performance issues, probably it's just something not setup/properly setup Marco PadovanChief Technical Officerhttp://www.hiperz.com On Mon, Nov 25, 2013 at 2:33 PM, arnold lam <[email protected]> wrote: iptables:root@arnold:~# iptables -LChain INPUT (policy ACCEPT)target prot opt source destination Chain FORWARD (policy ACCEPT) target prot opt source destination Chain OUTPUT (policy ACCEPT)target prot opt source destination cat /proc/net/udp sl local_address rem_address st tx_queue rx_queue tr tm->when retrnsmt uid timeout inode ref pointer drops 816: 00000000:6915 00000000:0000 07 00000000:00000000 00:00000000 00000000 1000 0 27068500 2 ffff880213985080 0 920: 00000000:697D 00000000:0000 07 00000000:00000000 00:00000000 00000000 1000 0 27068478 2 ffff880213982300 0 930: 00000000:6987 00000000:0000 07 00000000:00001680 00:00000000 00000000 1000 0 27068477 2 ffff880213980380 615 951: 00000000:699C 00000000:0000 07 00000000:00000000 00:00000000 00000000 1000 0 27068499 2 ffff880213983100 0 2640: 0100007F:0035 00000000:0000 07 00000000:00000000 00:00000000 00000000 0 0 13057 2 ffff880212031180 0 Is this normal? Date: Mon, 25 Nov 2013 10:19:03 -0200 From: [email protected] To: [email protected] Subject: Re: [Csgo_servers] Huge loss problem Maybe it's just a firewall limiting the number of packages per seconds, very common solution to block DDOS. You can check the status of udp sockets throgth this command: cat /proc/net/udp Then convert the local_address column to int(hex->int) match your server port, if you are using the default config(port 27015), will be something like this: XXXXXXXXX:6987. Then check the drops column in the same line. If is low(less than 2000 running at least 1 hour, with players), probably isn't a server problem, maybe a firewall, ddos protecion false positive, etc. If is too high, you have a problem in your dedicated server configuration. Check your firewall rules( sudo iptables -L). _______________________________________________ Csgo_servers mailing list [email protected] https://list.valvesoftware.com/cgi-bin/mailman/listinfo/csgo_servers _______________________________________________ Csgo_servers mailing list [email protected] https://list.valvesoftware.com/cgi-bin/mailman/listinfo/csgo_servers _______________________________________________ Csgo_servers mailing list [email protected] https://list.valvesoftware.com/cgi-bin/mailman/listinfo/csgo_servers _______________________________________________ Csgo_servers mailing list [email protected] https://list.valvesoftware.com/cgi-bin/mailman/listinfo/csgo_servers _______________________________________________ Csgo_servers mailing list [email protected] https://list.valvesoftware.com/cgi-bin/mailman/listinfo/csgo_servers _______________________________________________ Csgo_servers mailing list [email protected] https://list.valvesoftware.com/cgi-bin/mailman/listinfo/csgo_servers _______________________________________________ Csgo_servers mailing list [email protected] https://list.valvesoftware.com/cgi-bin/mailman/listinfo/csgo_servers
_______________________________________________ Csgo_servers mailing list [email protected] https://list.valvesoftware.com/cgi-bin/mailman/listinfo/csgo_servers
