I'm already using 2 OpenWrt routers and want to buy a third one, to create a DMZ to isolate my LAN from my webservers. But if the servers are in the DMZ on the WAN side of the router and my other computers on the LAN side, I need a really good NAT throughput so streaming and file transfers keep at Gbit speed.
I looked through some routers and often it is said, that OpenWRT isn't able to use the hardware NAT of the router so thoughput goes down to 450Mbit/s for example.
Is there a router able to use hardware NAT with OpenWRT? Any recommendations?
And did someone already benchmarked the NAT throughput of the TL-WDR4300?
Routing, NAT and filtering at 1 GBit/s line speed requires top end hardware, most SOCs/ devices won't get anywhere close to that.
The TL-WDR4300, like any ar71xx/ ath79 devices, is pretty much an order of magnitude off, these are way too slow for this purpose.
Easy choices would be mvebu or x86_64. If your filtering is very simple, simple enough to be done entirely in hardware, mt7621 might be another low-end/ cheap option, but I wouldn't take the gamble.
Just a note, OpenWrt had hardware nat support for mt7621 for quite a while. But I didn't see yet any benchmarking result saying it will achieve anywhere near 1Gbps NAT.
There is a cheap secondhand DIR-860L with mt7621 and preflashed OpenWRT avaible. Would that be a good choice if it has to be cheap? In the Wiki its written it has 450 to 570 Mbit/s NAT throughput which is good for a non-highend router? CPU looks fast for VPN and it got fast wifi ac. Does someone know if the wifi problems are fixed by now?
Has WiFi problems with LEDE <=17.01.2 (slow on 5 GHz, some people also report buggy on 2.4 GHz). The 5GHz-WiFi problems seem fixed on snapshots > ~2017-07-20
Besides the fast NAT throughput I need it as a fast and reliable wifi ap and OpenVPN AP, because the router doing that now is then in the DMZ.
That is not the case for mt7621, it can do (fast) hardware accelerated routing/ NAT/ firewalling (as long as you keep the rule set simple enough to be handled in hardware), but it's far from a fast VPN node.