AT&T U-verse VDSL "fiber to the node" 24Mbit down / 3Mbit up
2Wire Router Model 3800HGV-B
Software Version 6.1.9.24-enh.tm
The 2Wire router appears to have a limit of 1024 TCP and UDP sessions. This limit appears to apply to all sessions regardless of any static IP, firewall off, DMZ plus, secondary router configurations.
I've tried using the 2Wire router alone and also configuring the 2Wire static IP addressing, firewall off, DMZ plus, etc. setup along with my own pfSense router/firewall. Either way it appears I exceed the 1024 session limit and sessions start being reset.
Running out of sessions isn't being caused by torrents or p2p etc. We're a business and our legitimate uses are exceeding this session limit.
AT&T tells me it's not possible to bridge the router or increase or avoid the session table limit.
I'm curious if anyone has found a way around either of these issues.
There are a couple options. It isn't clear from the question about which connections are closing and if that is configurable. For instance do you have a bunch of web browsers and then also some ssh sessions, and you want to keep your ssh sessions open? You could setup a router internally that natted controlled sessions from the clients to the server. If you use a box that supports classification you could put limits on the number of sessions available to HTTP vs SSH traffic and timeout HTTP connections that are idle before closing SSH connections. You could probably also put a shorter timeout on HTTP connections to free up more space on the silly 2wire for longer running sessions.
Second option is routing through a box off your network. Maybe a VPS on linode.com or a server in a data center related to the business. You could setup an openvpn tunnel and then route traffic through it, the 2wire would only see one session for the openvpn tunnel.
I'd be curious how the pricing worked out for this vs Ethernet-over-Copper for the business side? Here in SF we can get EoC @ 10Mbps bidirectional for ~500/mo. It might be worth researching, unless it is significantly out of budget.
I'm afraid your only real solution is a VPN. That will allow you to map all your TCP and UDP connections through what the modem/router will see as only a single session. You'll need to borrow/rent a machine on a real net connection somewhere to be the other end of your VPN and have that do your NAT.
I had a similar issue, in order to get some of my sessions back i changed the session TTL from 24 hours to 6 hours. this has freed up my sessions and I no longer run out.