• ip_conntrack: table full, dropping packet

    How to increase ip_conntrack ?
    If you got the following message ‘ip_conntrack: table full, dropping packet’ ,then you are under a very heavy load and also handling a high volume of network connections ,Generally, the ip_conntrack_max is set to the total MB of RAM installed multiplied by 16.

    However, this server had 4GB of RAM, but ip_conntrack_max was set to 65536 (4 X 1024 X16):
    # cat /proc/sys/net/ipv4/ip_conntrack_max 65536

    If you want to check your server’s current tracked connections, just run the following:
    # cat /proc/sys/net/ipv4/netfilter/ip_conntrack_count

    If you want to adjust it (as I did), just run the following as root:
    # echo 131072 > /proc/sys/net/ipv4/ip_conntrack_max


    Categories: Fireawall

    Comments are currently closed.