Last time, I noted how my Verizon-supplied ActionTec router seemed to flake out after a week or so of heavy use, such that its DNS requests started to fail. I switched my internal router to use OpenDNS instead of the router’s own internal DNS, thinking that would solve the problem.

Perhaps not surprisingly, it didn’t. However, when I awoke this morning to find my router performance sucking again, this time I poked around the logs on the ActionTek router a bit more. I ran across this gem in the security log:

Jun 30 11:48:52 2007    Firewall Error  Firewall internal   NAT Error : connection pool is full. No connection created

Aha. That does make sense. If the NAT table is full, new connections will come at the expense of older ones.

So, how can I increase the size of the NAT table, or somehow otherwise resolve this issue?

Well, poking around the GUI I see no options to control the size of the NAT table, so I’ll have to find a way to get it to not use a dynamic NAT table. Fortunately the router has a ‘Static NAT’ option, which allows you to configure an IP on the internal LAN, an IP on the external WAN, and instruct the NAT subsystem to map ports directly from one to the other, avoiding the need for a NAT table.

Sadly, this option doesn’t let me specify ‘whatever the current WAN IP address is’, so depending upon how often Verizon expires my public IP, I may have to fiddle with this setting. I knew FiOS was too good to be true.

UPDATE: Thanks to a pointer from Christian in the comments, I got the Actiontek router into bridge mode, and my NAT problems are over.