It would be nice to be able to bind the different services separately. That way I can bind ports 51234 and 14534 to 127.0.0.1 (so they can only be access from the machine they are running on) and bind port 8767 to 0.0.0.0 (so my users can still connect).

why implement somthing you can easily configured with a firewall ? I don't think that's a "must have" for TS.

I want to bind the web port to the localhost because I use Apache as a reverse proxy to SSL the web interface that TeamSpeak provides. That's something the firewall can't do for me.

TeamSpeak can already selectively bind to specific interfaces. Is it that hard to specify which services bind to which interface?

Is it that hard to specify which services bind to which interface?
don't know, but you can simply block any access from the WAN, LAN to these services in your firewall
Teh webinterface should listen per default on all interfaces, so I don't see a need for binding it ?

We need individual user volume control most importantly. If the new version EVER comes out, and it doens't have it, i am switching to ventrilo.

We need individual user volume control most importantly. If the new version EVER comes out, and it doens't have it, i am switching to ventrilo.
Ummm... You are aware that this is a thread about IP-binding and not volume control, right? :confused:

Anyway, I agree with guldi. You can very easily accomplish what you want with a firewall. Heck, you can do it with a router even with DMZ turned on. Just DMZ the local computer and then go into port forwarding and forward the ports you want to block (51234 TCP and 14534 TCP/UDP) to a non-existant local IP. :p Thats what I did. I normally block ports with my firewall, but I've had trouble with people hacking my TS server in the past through WebAdmin and Telnet, so I took the extra step.

well, the machine is directly connect to the internet (so the dmz option is not available to me). i know that the firewall will do what i need it to, but as an extra measure (in case the firewall is accidentally shutdown since i'm not the only one administering it) i only bind the stuff i need to 0.0.0.0.

for instance, the box runs mysql so i bind mysql to 127.0.0.1. i also bind dovecot to 127.0.0.1. the web applications that use those services are the only ones able to connect to it even if iptables was shutdown and everything allowed through (at least, as far as i know).

my aim was to do the same thing with teamspeak. bind the telnet and web interface to 127.0.0.1 and then use apache reverse proxy to access the web interface. not only does it make the url nicer, but i can wrap ssl around the teamspeak web interface and force ssl even if the firewall is disabled.

i was thinking about binding teamspeak entirely to 127.0.0.1 and using a reverse proxy, but my attempts have so far failed (i'm trying to use dante).

thanks anyways, it may not be a priority, but hopefully individual service binding will make it into teamspeak someday.

People who "accidentally" shutdown firewalls should not touch a firewall at all. And why do you need this SSL reverse proxy whatever stuff? Who knows? Maybe TeamSpeak 3 will have native SSL support. At least, from what I heard so far, the passwords and client to server communication will be encrypted.

People who "accidentally" shutdown the firewall or reconfigure it to allow too much stuff through usually know it was a mistake. It part of the being human.

I don't rely on just my firewall to protect my servers. Anyone who does only has a basic understanding of security. Good security practice relies on multiple levels. That includes having a good firewall, keeping your software up-to-date, using strong passwords, resetting passwords at a predefined time, loading only the services you need, setting up an IDS, etc. Someone maybe able to gain access to one part of my system, but I'm gonna make it as hard as possible for them to get to other parts of the system.

If TS3 uses SSL/TLS for client/server communications and the web interface, that's great! Then I don't need to reverse proxy the web interface to get SSL.

People who "accidentally" shutdown the firewall or reconfigure it to allow too much stuff through usually know it was a mistake. It part of the being human.
Humans? I heard some really crazy storys about them. Do they really exist?