[Dshield] Recommendation for home router

Chris Buechler dshield at chrisbuechler.com
Mon Feb 20 22:20:51 GMT 2006


Mark wrote:
> I agree - the other variable is how many NAT sessions
> can the device handle "reliably". I have seen issues
> with NAT translations falling over. I am looking for a
> nice OpenSource package that would allow me to test
> the max NAT translations a router (this level) would
> carry before breaking down. Particularly interested in
> UDP NAT translations as these have stressed some
> routers I've worked with than TCP translations.
>   

Wish I knew of something.  I've looked and came up empty.  If anybody 
has any pointers, they'd be much appreciated! 

As a poor man's test, I've setup a network on the WAN side of firewalls, 
treated as the Internet, with a BitTorrent tracker and a couple machines 
to seed a large BitTorrent file I created.  Then put a couple machines 
behind the firewall that access the seeds and tracker via NAT, and get 
them downloading the torrent.  The max throughput under those 
circumstances is a pretty good indicator of the worst-case scenario 
throughput of the firewall.  And any flaky NAT device isn't going to 
stand up to that kind of abuse. 

Though that's TCP, not UDP.  As a thought off the top of my head, maybe 
some sort of DNS stress testing tool could be used across NAT in the 
same type of private network setup to test UDP. 

-Chris


More information about the list mailing list