[P334W] NAT table full? - dslreports.com

Author	All Replies
USR56K join:2000-05-20 Seattle, WA clubs: ·Charter Pipeline	[P334W] NAT table full? Several times a day, my connection to the internet gets reset (I notice this because all my DirectConenct hubs reconnect). I got to looking at the NAT table and it seems its full or very close to it. Plus, there are entries which have been idle for longer than the idle timeout limit of 180, why is that? P334W> ip nat iface enif1 st Iface enif1 Internet Network Address Translation: Table Size: 2048 Timeout: 180 sec Timer period: 1 sec Starting External Port: 10000 NAT Table - addr: x804e3d3c table: x806928ac Outgoing: Total 26177475, TCP 24460952, UDP 1712099, ICMP 4424, Unroutable 0 Incoming: Total 25307754, TCP 23902221, UDP 1387564, ICMP 17969, Unroutable * 3 Table: Allocated 298062, Freed 297981, Full 0, Expired 279871, Cache hit 4% Slot Prot Internal-IP :Port Outgoing-IP :Port External-IP :Port Idle ================================================================================ 2 TCP 192.168.2.108 :2371 66.190.xxx.xxx :17076 68.33.245.180 :411 6 6 UDP 192.168.2.115 :1347 66.190.xxx.xxx :17985 192.168.100.1 :161 102 7 TCP 192.168.2.108 :2373 66.190.xxx.xxx :17078 213.114.129.252:1337 2 8 UDP 192.168.2.115 :1350 66.190.xxx.xxx :17988 192.168.100.1 :161 102 10 UDP 192.168.2.108 :1141 66.190.xxx.xxx :18010 83.233.22.64 :23348 56 11 UDP 192.168.2.115 :1344 66.190.xxx.xxx :17982 192.168.100.1 :161 102 12 UDP 192.168.2.115 :1033 66.190.xxx.xxx :16888 128.95.120.1 :53 137 14 TCP 192.168.2.108 :715 66.190.xxx.xxx :715 80.222.234.81 :4796 0 15 TCP 192.168.2.108 :2812 66.190.xxx.xxx :17853 198.65.119.21 :443 148 17 TCP 192.168.2.108 :2353 66.190.xxx.xxx :17035 64.12.25.144 :5190 37 23 UDP 192.168.2.108 :1027 66.190.xxx.xxx :17969 128.95.120.1 :53 143 26 TCP 192.168.2.108 :2396 66.190.xxx.xxx :17135 206.129.202.135:143 113 28 UDP 192.168.2.53 :4331 66.190.xxx.xxx :17931 64.4.25.86 :3544 245 32 UDP 192.168.2.108 :1141 66.190.xxx.xxx :18029 80.221.239.203 :11469 0 35 UDP 192.168.2.115 :1346 66.190.xxx.xxx :17984 192.168.100.1 :161 108 39 UDP 192.168.2.53 :4331 66.190.xxx.xxx :17933 64.4.25.87 :3544 245 41 TCP 192.168.2.108 :2358 66.190.xxx.xxx :17044 64.12.26.132 :5190 28 45 UDP 192.168.2.115 :1342 66.190.xxx.xxx :17980 192.168.100.1 :161 108 48 UDP 192.168.2.110 :1033 66.190.xxx.xxx :18024 64.202.165.117 :53 26 51 UDP 192.168.2.110 :1033 66.190.xxx.xxx :18026 192.228.79.201 :53 20 55 UDP 192.168.2.115 :1442 66.190.xxx.xxx :18008 192.168.1.200 :161 64 59 TCP 192.168.2.108 :2395 66.190.xxx.xxx :17134 24.90.234.17 :3124 13 61 UDP 192.168.2.115 :1033 66.190.xxx.xxx :17972 66.189.219.30 :53 138 62 UDP 192.168.2.115 :1353 66.190.xxx.xxx :17991 192.168.100.1 :161 108 71 UDP 192.168.2.108 :1141 66.190.xxx.xxx :17958 194.152.16.100 :27988 147 72 TCP 192.168.2.108 :2367 66.190.xxx.xxx :17072 83.67.97.130 :413 4 81 TCP 192.168.2.108 :715 66.190.xxx.xxx :715 213.130.250.23 :2670 3 84 UDP 192.168.2.108 :1141 66.190.xxx.xxx :17950 81.7.19.166 :1412 106 86 TCP 192.168.2.53 :4308 66.190.xxx.xxx :17355 207.46.7.11 :80 4 90 TCP 192.168.2.108 :2359 66.190.xxx.xxx :17048 64.12.160.141 :5190 21 96 UDP 192.168.2.115 :1341 66.190.xxx.xxx :17979 192.168.100.1 :161 108 97 UDP 192.168.2.108 :1141 66.190.xxx.xxx :18009 85.204.211.145 :14279 62 98 UDP 192.168.2.108 :1141 66.190.xxx.xxx :17884 84.94.146.79 :20600 250 100 UDP 192.168.2.115 :1355 66.190.xxx.xxx :17993 192.168.100.1 :161 108 103 UDP 192.168.2.115 :1352 66.190.xxx.xxx :17990 192.168.100.1 :161 108 104 UDP 192.168.2.115 :1351 66.190.xxx.xxx :17989 192.168.100.1 :161 108 105 TCP 192.168.2.108 :2368 66.190.xxx.xxx :17073 24.222.246.199 :43210 0 106 UDP 192.168.2.115 :1343 66.190.xxx.xxx :17981 192.168.100.1 :161 108 110 UDP 192.168.2.108 :1141 66.190.xxx.xxx :1141 83.24.110.90 :27943 124 112 TCP 192.168.2.45 :2435 66.190.xxx.xxx :16984 207.46.6.78 :1863 4 114 TCP 192.168.2.108 :2813 66.190.xxx.xxx :17854 213.114.175.193:411 23 116 TCP 192.168.2.108 :2351 66.190.xxx.xxx :17033 64.233.167.125 :5222 108 119 UDP 192.168.2.115 :1348 66.190.xxx.xxx :17986 192.168.100.1 :161 108 125 UDP 192.168.2.108 :1141 66.190.xxx.xxx :17978 217.173.172.213:26978 96 128 UDP 192.168.2.108 :1141 66.190.xxx.xxx :17976 80.221.246.108 :26284 116 137 TCP 192.168.2.108 :2363 66.190.xxx.xxx :17056 213.114.34.233 :666 42 142 UDP 192.168.2.115 :1354 66.190.xxx.xxx :17992 192.168.100.1 :161 108 144 TCP 192.168.2.108 :2344 66.190.xxx.xxx :16999 207.46.6.59 :1863 5 146 TCP 192.168.2.108 :2889 66.190.xxx.xxx :17998 216.239.63.83 :80 92 151 TCP 192.168.2.108 :2348 66.190.xxx.xxx :17018 207.46.6.101 :1863 12 158 TCP 192.168.2.108 :2341 66.190.xxx.xxx :16980 207.46.6.104 :1863 20 161 TCP 192.168.2.108 :2356 66.190.xxx.xxx :17041 216.155.193.139:5050 38 163 TCP 192.168.2.108 :2375 66.190.xxx.xxx :17080 213.251.137.161:33000 2 166 TCP 192.168.2.108 :2372 66.190.xxx.xxx :17077 83.91.158.180 :2315 0 167 TCP 192.168.2.108 :715 66.190.xxx.xxx :715 83.24.110.90 :1266 0 172 TCP 192.168.2.108 :715 66.190.xxx.xxx :715 82.182.142.96 :3164 114 175 TCP 192.168.2.108 :2376 66.190.xxx.xxx :17081 66.90.101.199 :27015 1 178 UDP 192.168.2.108 :1141 66.190.xxx.xxx :17875 62.165.233.197 :10680 144 179 UDP 192.168.2.108 :1141 66.190.xxx.xxx :18023 85.76.185.103 :412 36 180 TCP 192.168.2.108 :2384 66.190.xxx.xxx :17099 213.112.233.9 :27015 32 181 UDP 192.168.2.108 :1141 66.190.xxx.xxx :17938 85.76.118.146 :16724 19 183 UDP 192.168.2.108 :1141 66.190.xxx.xxx :17743 83.102.48.86 :11469 271 186 UDP 192.168.2.115 :1349 66.190.xxx.xxx :17987 192.168.100.1 :161 109 187 UDP 192.168.2.108 :1141 66.190.xxx.xxx :18006 81.227.65.140 :1412 72 188 UDP 192.168.2.115 :1345 66.190.xxx.xxx :17983 192.168.100.1 :161 109 190 UDP 192.168.2.108 :1141 66.190.xxx.xxx :18000 82.141.117.101 :2144 91 191 TCP 192.168.2.108 :2473 66.190.xxx.xxx :17328 129.125.102.221:1416 8 192 TCP 192.168.2.108 :2366 66.190.xxx.xxx :17071 69.64.51.214 :3124 1 193 UDP 192.168.2.108 :1141 66.190.xxx.xxx :17957 87.49.106.144 :24189 150 194 UDP 192.168.2.108 :1025 66.190.xxx.xxx :17973 128.95.120.1 :53 55 195 UDP 192.168.2.108 :1141 66.190.xxx.xxx :17930 66.24.193.53 :25000 262 206 TCP 192.168.2.108 :2378 66.190.xxx.xxx :17085 212.214.141.158:414 3 209 TCP 192.168.2.108 :2365 66.190.xxx.xxx :17070 83.148.197.243 :411 2 210 TCP 192.168.2.108 :715 66.190.xxx.xxx :715 82.141.114.122 :2694 10 211 UDP 192.168.2.115 :1356 66.190.xxx.xxx :17994 192.168.100.1 :161 109 212 UDP 192.168.2.110 :123 66.190.xxx.xxx :17934 207.46.130.100 :123 231 213 UDP 192.168.2.108 :1141 66.190.xxx.xxx :17849 82.139.18.145 :19311 275 214 TCP 192.168.2.108 :2350 66.190.xxx.xxx :17029 64.233.167.125 :5222 102 215 TCP 192.168.2.108 :715 66.190.xxx.xxx :715 82.141.71.203 :4291 4 () WARNING 1 long line(s) split -- If it's not on Google, then it doesn't exist.* DC++ FAQ
	to forum · permalink · · 2005-10-06 13:21:47 ·
OGalati join:2005-08-19 Argentina	Idle timeouts are protocol-specific. All your idle timeouts > 180 are UDP. However the idle timeout in the header of the table is generic. You would use "ip nat timeout display" to see/change the settings. Most of the settings could be very lower than factory defaults. However I'm not sure if this could be the cause of disconnects.
	to forum · permalink · · 2005-10-06 13:44:10 ·
USR56K join:2000-05-20 Seattle, WA clubs: ·Charter Pipeline	reply to USR56K Alright, here it is: P334W> ip nat timeout display TCP opened: 150 (minute) TCP reset: 10 (second) TCP wait: 2 MSL (second) TCP other: 270 (second) UDP: 5 (minute) UDP specific port -1: 180 (second) ICMP: 3 (minute) ESP: 150 (minute) GRE: 150 (minute) Others: 3 (minute) Iamt: 151 (minute) So the current settings for TCP means it will keep a connection open for 150 minutes? -- If it's not on Google, then it doesn't exist. DC++ FAQ
	to forum · permalink · · 2005-10-06 16:29:56 ·
OGalati join:2005-08-19 Argentina	reply to USR56K That settings for TCP mean it will keep an Idle connection open for 150 min. Here are the settings on my P661 (1024 entries NAT Table), routing 30 PCs home-wise: P661> ip nat timeout display TCP opened: 59 (minute) TCP reset: 10 (second) TCP wait: 2 MSL (second) TCP other: 30 (second) UDP: 1 (minute) UDP specific port -1: 180 (second) ICMP: 1 (minute) ESP: 150 (minute) GRE: 150 (minute) Others: 1 (minute) Iamt: 151 (minute)
	to forum · permalink · · 2005-10-06 18:35:50 ·
ttgpm join:2005-05-30 UK	Interesting configuration, here are the default values from a Zywall 5 zy5> ip nat timeout display TCP opened: 150 (minute) TCP reset: 10 (second) TCP wait: 2 MSL (second) TCP other: 270 (second) UDP: 5 (minute) UDP specific port -1: 300 (second) ICMP: 3 (minute) ESP: 150 (minute) GRE: 150 (minute) Others: 3 (minute) Iamt: 151 (minute) How do I go about changing the various options?
	to forum · permalink · · 2005-11-04 09:21:56 ·
OGalati join:2005-08-19 Argentina	You'd use >ip nat timeout gre [timeout] >ip nat timeout iamt [timeout] >ip nat timeout generic [timeout] >ip nat timeout reset [timeout] >ip nat timeout tcp [timeout] >ip nat timeout tcpother [timeout] >ip nat timeout udp [port] value
	to forum · permalink · · 2005-11-04 10:48:12 ·
ttgpm join:2005-05-30 UK	Unfortunately none of these command, (maybe exception udp) are valid commands on a Zywall 5 :-(
	to forum · permalink · · 2005-11-04 13:25:04 ·
Brano I hate Vogons Premium,MVM join:2002-06-25 Burlington, ON	You have to use sys tos timeout command(s) to view and modify.
	to forum · permalink · · 2005-11-04 13:42:35 ·
Innuendo Premium join:2002-12-20	reply to USR56K To address the original poster's problem....didn't I read in this forum that the P334W has a very very small NAT table? Something like 256 entries or somesuch? If so, no wonder there's horrible problems regarding the NAT table. An upgrade to a P334WT may be the answer as I think it has 2,048 entries.
	to forum · permalink · · 2005-11-04 13:55:24 ·
Brano I hate Vogons Premium,MVM join:2002-06-25 Burlington, ON	As you can see on the 3rd line of the original poster's dump the table is 2048 entries long.
	to forum · permalink · · 2005-11-04 14:14:47 ·
Shootist Premium join:2003-02-10 Decatur, GA	reply to Innuendo said by Innuendo : To address the original poster's problem....didn't I read in this forum that the P334W has a very very small NAT table? Something like 256 entries or somesuch? If so, no wonder there's horrible problems regarding the NAT table. An upgrade to a P334WT may be the answer as I think it has 2,048 entries. I think what you are referring to is the NAT sessions WAS SET to 256 by default but you can increase it to the 2048 mark. I think the P334WT was like that also with the old/default firmware and the default settings. -- Shooter Ready--Stand By BEEP ********
	to forum · permalink · · 2005-11-04 14:20:40 ·
OGalati join:2005-08-19 Argentina	reply to Brano Because said by Brano , now I'm not sure, but I always thought "sys tos timeout" commands control the firewall sessions timeouts, and "ip nat timeout" control the NAT session timeout. If this is the case, "sys tos" will not clear the NAT table. May be someone can explain what TOS is and how it works, pls. O.
	to forum · permalink · · 2005-11-04 14:37:03 ·
Brano I hate Vogons Premium,MVM join:2002-06-25 Burlington, ON	These functions are mainly un-documented. But simple test by changing sys tos time tcp reveals that the value of ip nat time tcp changes as well (to the same value).
	to forum · permalink · · 2005-11-04 14:42:01 ·
OGalati join:2005-08-19 Argentina 1 edit	Thanks!! I'll try it tonight. Edit: After testing my P661 with V3.40(UT.5), I can see that TOS and NAT have completely different and independent timeout values. I don't know why and what does it mean.
	to forum · permalink · · 2005-11-04 14:50:20 ·
Innuendo Premium join:2002-12-20	reply to USR56K Brano, Well, crap...color me blind then. Sorry about that. Now 2,048 entries should be fine. I don't see any of the usual P2P port number ranges in that log, either.
	to forum · permalink · · 2005-11-04 15:34:09 ·


Thursday, 26-Nov 08:37:39	Terms of Use \| Privacy Policy \| Hosting by www.nac.net - DSL,Hosting & Co-lo \| feedback \| contact over 10 years online! © 1999-2009 dslreports.com. page compression OFF