Active Connections running full (100% usage)

ph14454 · October 26, 2019, 12:09pm

Hey guys!
I'm using OpenWRT since begin of this year and to be hones - I'm in love.
Unfortunately, I recognized an issue which makes my network kind of hang-up.
The Active connections are running temporary full (to 100%), which means the router is not able to create new sessions/connections.
This is only temporary, nothing special done in my network. To give a quick overview..
I have VLANs (Clients, Smarthome, Guests) - most traffic is coming from/to Clients, ofc
The realtime graph of the connections is showing a lot of UDP traffic on CLI I tried so see something with iftop but hm - didn't see something useful to go ahead.

As the realtime graph for connections shows a lot of UDP traffic (but I cannot have it "real time" as the page hang up my browser all the time.

The UDP traffic looks like DNS traffic to my configured external DNS servers, so it looks like a DNS issues in my network..?
I have pihole configured as local DNS server and OpenWRT's firewall has custom rules to forward all the DNS traffic to my pihole. The pihole will send it to the internet if needed (also via the same router).

Anyone a idea how to proceed and fix this?
Thanks for any ideas and support.

best regards

lleachii · October 26, 2019, 12:38pm

@ph14454, welcome to the community!

This isn't abnormal, every client lookup to the OpenWrt, the correlating forwarded requests to the PiHole and the respective PiHole requests to the Internet - are all being tracked. So such high UDP traffic isn't odd, given your DNS configuration.
Also, if you open the Active Connections page, a Reverse DNS lookup is done on all IPs with active connections - so these lookups are being done in triplicate too.

ph14454 · October 26, 2019, 12:58pm

Thanks @lleachii!
During your reply it looks like I found the issue..my custom forwards in the firewall config looked like:

#keep network on pi-hole
#redirecting traffic to the router, which redirects itself to the pihole
iptables -t nat -I PREROUTING -s <netip-of-client-network>/24 -p tcp --dport 53 -j DNAT --to <router-ip>
iptables -t nat -I PREROUTING -s <netip-of-client-network>/24 -p udp --dport 53 -j DNAT --to <router-ip>
iptables -t nat -I PREROUTING -s <netip-of-guest-network>/24 -p tcp --dport 53 -j DNAT --to <router-ip>
iptables -t nat -I PREROUTING -s <netip-of-guest-network>/24 -p udp --dport 53 -j DNAT --to <router-ip>

And to be honest - I don't know why I'm forwarding to my routers IP
First I deleted it and saw no increasing sessions, running at 2-5% for the last 10mins.
Now adjusted the above snippet with forwarding to my pihole - I think that should work out.

So absolutely my config fault - looks like it was too late the last config-nights..

lleachii · October 26, 2019, 1:47pm

Hummm...I wasn't aware you were using some kind of firewall rules to accomplish getting packets to the PiHole...

I donno why you'd be doing this either. Since you identified something that definitely makes more tracked connections, there's no need to suggest increasing the connections in sysctl or lowering queried DNS servers.

Glad to assist!

ph14454 · October 26, 2019, 2:08pm

I'm doing this because some devices / apps have kind of "hard coded" DNS servers and don't use your defined once which you give them via DHCP, neither they use static configured ones from the system itself.
This is why I had to adjust the firewall settings to forward every packet which is DNS to my pihole - otherwise the apps/devices can bypass my pihole, which I don't want them to do.

system · November 5, 2019, 2:08pm

This topic was automatically closed 10 days after the last reply. New replies are no longer allowed.