Well that is the problem, the number of IP’s that are left too long in the NAT-table.
I saw on my router at 3Gbps setting a clear >50K sessions, but the router can only handle 60K.
With limited IP’s this is never a problem, but with large number of IP’s the tables get exhausted and problems start in the local-network.
DrayTek confirmed this also.
But as I need Voip as well, I can’t reduce it under 30s.
Those abusive IP’s you see, I see them too and my ratelimit blocks them.
I’m very glad you confirm my previous problems! I think it should be told to home-users behind NAT that they have to reduce the NAT-IP-timeout.
Not many soho routers can handle this. On the MikroTik forum they also complained about this.
In my opinion routers should be aware that port 123 (NTP) should be able to set the limit to e.g. 5 seconds and drop it. Where it leaves it 30 sec (or more) for other services.
I tried to explain this to DrayTrek, they did not tell me to alter the firmware. Last year I told AVM Fritzboxes, they didn’t believe me and ignored my request.
How do we get modem-router firmware makers be aware of a very low timeout for NTP? As that solves all problems behind NAT.