I noticed that I’ve been getting erratic behaviour with my router whenever I had bittorrent running. After a while it would always slow down to a crawl - where I had to reboot the router to get things back to normal. While rebooting the router manually (or via GUI, after much waiting) solves this. The problem always returned, which suggests that there’s something wrong with how the router handles P2P connections. I decided to look around for cases of the same problem.

The default firmware for Linksys and most routers track old connections for five days, then start to clear dead connections - which causes the router to hang when using P2P apps, or any software that generates a lot of connections which the router can’t take. DHT only aggravates the situation because of the number of connections it generates.

Linksys has yet to address this issue, but there is a fix. If you use alternative WRT54G firmware, you can put in a start-up script to fix this problem.

I just applied the fix they mention down this post, only time will tell if it actually worked.

It is worth mentioning, as the quote above stated, that you need 3rd party firmware for your router. Basically what you need is a Linux box which allows you to input custom commands/scripts. Since the advent of the WRT54G hacking craze, all 3rd party firmware basically install Linux into your router, instead of the default Linksys firmware.

I personally use DD-WRT on my WRT54G. No particular reason why I chose it - I just don’t have the patience to re-flash and test all available 3rd party firmware to find what’s best for me. Not to mention the constant risk of turning my router into a brick on every attempt - which I have already done before.

1. Look for the part in your router GUI which lets you enter custom start-up commandline options/scripts
2. Cut any one script below and paste it into the command field (not sure which one works best but all of them are said to work)
3. Save and reboot your router.

Here are the choices of code:

echo 1 > /proc/sys/net/ipv4/icmp_echo_ignore_broadcasts
echo 1 > /proc/sys/net/ipv4/icmp_ignore_bogus_error_responses
echo '600 1800 120 60 120 120 10 60 30 120' > /proc/sys/net/ipv4/ip_conntrack_tcp_timeouts

or

echo 4096 > /proc/sys/net/ipv4/ip_conntrack_max  
echo 1 > /proc/sys/net/ipv4/icmp_echo_ignore_broadcasts  
echo 1 > /proc/sys/net/ipv4/icmp_ignore_bogus_error_responses  
echo 512 > /proc/sys/net/ipv4/neigh/default/gc_thresh1  
echo 2048 > /proc/sys/net/ipv4/neigh/default/gc_thresh2  
echo 4096 > /proc/sys/net/ipv4/neigh/default/gc_thresh3  
echo "600 1800 120 60 120 120 10 60 30 120" > /proc/sys/net/ipv4/ip_conntrack_tcp_timeouts

or

echo 2048 > /proc/sys/net/ipv4/ip_conntrack_max  
echo 2048 > /proc/sys/net/ipv4/tcp_max_orphans  
echo 512 > /proc/sys/kernel/threads-max  
echo 0 > /proc/sys/net/ipv4/tcp_orphan_retries  
echo 1 > /proc/sys/net/ipv4/tcp_abort_on_overflow  
echo "60 180" > /proc/sys/net/ipv4/ip_conntrack_udp_timeouts  
echo 1 > /proc/sys/net/ipv4/icmp_echo_ignore_broadcasts  
echo 1 > /proc/sys/net/ipv4/icmp_ignore_bogus_error_responses  
echo "300 1800 120 60 120 120 10 60 30 120" > /proc/sys/net/ipv4/ip_conntrack_tcp_timeouts

or

echo 2048 > /proc/sys/net/ipv4/ip_conntrack_max  
echo 2048 > /proc/sys/net/ipv4/tcp_max_orphans  
echo 512 > /proc/sys/kernel/threads-max  
echo 4096 > /proc/sys/fs/file-max  
echo 0 > /proc/sys/net/ipv4/tcp_orphan_retries  
echo 1 > /proc/sys/net/ipv4/tcp_abort_on_overflow  
echo "60 180" > /proc/sys/net/ipv4/ip_conntrack_udp_timeouts  
echo "300 2400 120 60 120 120 10 60 30 120" > /proc/sys/net/ipv4/ip_conntrack_tcp_timeouts  
echo "50 500 0 0 200 1000 60 20 0" > /proc/sys/vm/bdflush  
echo "0 0" > /proc/sys/vm/pagetable_cache

UPDATE

A little bird told me that doing a paste on the web GUI startup textfield may truncate some characters, while this may or may not be an issue, it’s better to play it safe and enter these manually via SSH

This is [roughly] how your SSH session should go:

~ # nvram set rc_startup="
> echo 1 > /proc/sys/net/ipv4/icmp_echo_ignore_broadcasts
> echo 1 > /proc/sys/net/ipv4/icmp_ignore_bogus_error_responses
> echo '600 1800 120 60 120 120 10 60 30 120' > /proc/sys/net/ipv4/ip_conntrack_tcp_timeouts
> "
~ # nvram commit
~ # reboot

Also, it’s worth mentioning that you should set your “maximum ports” in the administration page to 4096 (default is 512 I believe)

post updated on August 16, 2006 @ 06:38PM