Hello!
I am running Tomato Firmware v1.28.8750 ND Std on a Rosewill RNX-GX4 (Rebranded Netcore NW618) router.
The router has been running well for quite a long time (2 years?), but recently (within the last 30-45 days) I've run in to an issue where the router has been rebooting on me. In the past the router would stay on and hold the same IP address for 60 days or more. Recently I've noticed the IP address changes (due to the router rebooting) every few days.
The more I look in to the problem, the more confused I get. I hope someone can shed some light and/or offer assistance.
My router appears to be transmitting data with no clients connected. When I do have client(s) connected it's affecting my connectivity (particluarly noticeable in online gaming). The "transmitting" appears to be in spikes and according to the Tomato bandwidth monitor, it accumulates a decent amount of data being sent for a connection that should be idle. This "transmitting" appears to be intermittent. Sometimes it goes for hours on end.
I'm getting tons of information in my log about dropped packets. The majority of my log is full of messages similar to this:
May 17 17:47:36 Tomato user.warn kernel: ip_conntrack: table full, dropping packet.
May 17 17:47:39 Tomato user.warn kernel: NET: 871 messages suppressed.
May 17 17:47:39 Tomato user.warn kernel: ip_conntrack: table full, dropping packet.
May 17 17:47:44 Tomato user.warn kernel: NET: 1507 messages suppressed.
May 17 17:47:44 Tomato user.warn kernel: ip_conntrack: table full, dropping packet.
May 17 17:47:50 Tomato user.warn kernel: NET: 1217 messages suppressed.
May 17 17:47:50 Tomato user.warn kernel: ip_conntrack: table full, dropping packet.
Then when I do a cat /proc/net/ip_conntrack I get a huge (and I do mean HUGE) list of things in SYN_SENT /Unreplied status. None of the IPs are mine or even known to me. Here's a snippet:
tcp 6 104 SYN_SENT src=241.34.131.44 dst=173.214.178.151 sport=10899 dport=80 [UNREPLIED] src=173.214.178.151 dst=241.34.131.44 sport=80 dport=10899 use=1 mark=0
tcp 6 106 SYN_SENT src=228.112.2.87 dst=173.214.178.151 sport=8123 dport=80 [UNREPLIED] src=173.214.178.151 dst=228.112.2.87 sport=80 dport=8123 use=1 mark=0
tcp 6 103 SYN_SENT src=97.13.42.44 dst=173.214.178.151 sport=62853 dport=80 [UNREPLIED] src=173.214.178.151 dst=97.13.42.44 sport=80 dport=62853 use=1 mark=0
tcp 6 107 SYN_SENT src=67.136.30.13 dst=173.214.178.151 sport=28111 dport=80 [UNREPLIED] src=173.214.178.151 dst=67.136.30.13 sport=80 dport=28111 use=1 mark=0
tcp 6 104 SYN_SENT src=166.198.160.99 dst=173.214.178.151 sport=6020 dport=80 [UNREPLIED] src=173.214.178.151 dst=166.198.160.99 sport=80 dport=6020 use=1 mark=0
tcp 6 105 SYN_SENT src=179.118.196.39 dst=173.214.178.151 sport=31080 dport=80 [UNREPLIED] src=173.214.178.151 dst=179.118.196.39 sport=80 dport=31080 use=1 mark=0
tcp 6 105 SYN_SENT src=251.38.182.50 dst=173.214.178.151 sport=42606 dport=80 [UNREPLIED] src=173.214.178.151 dst=251.38.182.50 sport=80 dport=42606 use=1 mark=0
I have pictures of my bandwidth monitor screen but can't post them due to the forum restrictions on new accounts.
(imageshack-us/a/img545/4347/24hr-png (change - to .)
This is a picture of the 24hr bandwidth monitor screen. You can see the blue sections from about 2am-4am, and again from about 12pm-5pm where my router is "transmitting" data. No one was using the connection for the majority of those times, so I'm clueless as to where this is coming from. I am the only one that uses this connection, and my wifi access point is more than well secured.
imageshack-us/a/img441/8838/vlan1-png (change - to .)
This is a closer look at the "transmitting" in process. In the real-time bandwidth monitor it shows up as spikes.
My guess is that the huge list of connections in SYN_SENT status is overloading the router and causing the reboots?
I'd really appreciate some help here if anyone is willing. I am going nuts.
Thank you for reading!
