Topic: NAT table size?

23 Jan 2013, 17:42

What NAT table sizes does OpenWrt support?
I'm currentyl using DD-WRT (development seems dead) which appears to be limited to 4K which isn't enough.

23 Jan 2013, 18:03

Any.

23 Jan 2013, 18:07

Initial default size is 16k.
And you can adjust it by editing a config file in a live system.

Line 20 here: https://dev.openwrt.org/browser/trunk/p … ysctl.conf

(Last edited by hnyman on 23 Jan 2013, 18:08)

23 Jan 2013, 18:37

Maybe the default value should be related to the RAM size as is default in linux.

23 Jan 2013, 20:52

Nice! Is it possible to set a per-IP limit on the number of NAT entries?

29 Jan 2013, 17:34

How much memory do the NAT entries take?

4 Feb 2013, 19:47

Somebody?

4 Feb 2013, 20:05

Well, based on quick googling, each NAT table entry takes about 160 bytes.
http://lmgtfy.com/?q=linux+nat+table+size+bytes+memory

(Last edited by hnyman on 4 Feb 2013, 20:05)

5 Feb 2013, 05:43

Why do you need so much entries in NAT table?

5 Feb 2013, 10:18

We're running out of the 4906 entries DD-WRT provides. AFAIK there's no way to increase the value and DD-WRT development seems kinda dead.

5 Feb 2013, 11:04

Still do not know why you put so many entries into NAT.
Have you tried to reduce your entries by subnet mask?

5 Feb 2013, 12:21

No, what exactly would that do and how would I do it?

(Last edited by XTF on 5 Feb 2013, 13:01)

5 Feb 2013, 15:42

E.g.
Suppose you have a rule that applies to
192.168.0.1
192.168.0.2
192.168.0.3
with three entries respectively.
you could simply make that rule apply to
192.168.0.0/30
with a single entry .

(Last edited by test0x01 on 5 Feb 2013, 17:02)

5 Feb 2013, 15:49

I've no idea what you're talking about. We've only got a single subnet anyway.

6 Feb 2013, 03:50

The point is each machine (or set of machines) can be limited to, e.g. 1000 connections so no individual user can max out the router for everyone else. DD-WRT is capable of per IP/mask limits but last I knew Openwrt was not.

6 Feb 2013, 09:27

Ah, where do I find these settings? I've only found "IP Filter Settings (adjust these for P2P)" in Administration - Management, this is the table size.

8 Feb 2013, 02:59

You have to use the command line and iptables:

http://www.dd-wrt.com/phpBB2/viewtopic.php?t=34476

8 Feb 2013, 08:35

Thanks. Is there no way to just increase the table capacity via the command line?

8 Feb 2013, 09:55

XTF wrote:

Thanks. Is there no way to just increase the table capacity via the command line?

Default value is here:

~# cat /proc/sys/net/nf_conntrack_max
16384

If you want to increase it to 65535, just write the new desired value:

~# echo 65535 > /proc/sys/net/nf_conntrack_max