Thanks for clarification. I will try LimitNOFILE = 6000. If that crashes
my NAT box, I'm going to run a bridge.
You could also consider getting a production class router (not some consumer oriented thing), these don't have to be expensive though, ex 60$ for https://mikrotik.com/product/RB750Gr3