I run my FTTN Pace 5031nv in DMZ+ mode and forward everything to a Linux host. This arrangement has served me well, aside from some minor annoyances (like intercepting NTP).
Sometime last week, I lost connectivity and found that my RG lost its firewall and DHCP configuration, causing my Linux host to lose its DMZ+ status. This coincided with what appeared to be an update in the early morning. No problem, bounce the RG, reconfigure DMZ+ and go back to business.
Since then, I've been having frequent interruptions while playing online games, in particular, services based off of P2P UDP. A tcpdump on the Linux host's interface connected to the RG shows that the inbound (from the internet) service-related UDP streams just stop, causing a disconnect message in the affected game.
Digging further, I found that despite all efforts to disable / bypass the RG's firewall, it is still connection-state tracking, and that its number of session slots is small -- 8112 to be exact. (compare to 65536 on the Linux host)
My first observation is that there is a giant discrepancy between the RG's reported session usage and the Linux host's session usage:
My second observation is that minor peaks in the background radiation from the Internet can consume all of the session slots on the RG, effectively creating a denial of service.
Is there any way to increase the session limit, or preferably, bypass the connection-state tracking for DMZ+?
FWIW, my timeouts are set to the defaults:
600s for UDP
86400s for TCP
Sometime last week, I lost connectivity and found that my RG lost its firewall and DHCP configuration, causing my Linux host to lose its DMZ+ status. This coincided with what appeared to be an update in the early morning. No problem, bounce the RG, reconfigure DMZ+ and go back to business.
Since then, I've been having frequent interruptions while playing online games, in particular, services based off of P2P UDP. A tcpdump on the Linux host's interface connected to the RG shows that the inbound (from the internet) service-related UDP streams just stop, causing a disconnect message in the affected game.
Digging further, I found that despite all efforts to disable / bypass the RG's firewall, it is still connection-state tracking, and that its number of session slots is small -- 8112 to be exact. (compare to 65536 on the Linux host)
My first observation is that there is a giant discrepancy between the RG's reported session usage and the Linux host's session usage:
Code: Select all
$ curl --silent 'http://192.168.1.254/xslt?PAGE=C_5_5' | grep -P -o 'Total sessions in use:\s*\d+'
Total sessions in use: 3292
Code: Select all
# conntrack -C
349
Is there any way to increase the session limit, or preferably, bypass the connection-state tracking for DMZ+?
FWIW, my timeouts are set to the defaults:
600s for UDP
86400s for TCP