y Red hat Enterprise Linux 5 server reporting the following message in /var/log/messages (syslog):
ip_conntrack: table full, dropping packet.
How do I fix this error?
A. If you notice the above message in syslog, it looks like the conntrack database doesn't have enough entries for your environment. Connection tracking by default handles up to a certain number of simultaneous connections. This number is dependent on you system's maximum memory size.
You can easily increase the number of maximal tracked connections, but be aware that each tracked connection eats about 350 bytes of non-swappable kernel memory!
To print current limit type:
Output:
# sysctl net.ipv4.netfilter.ip_conntrack_maxOutput:
8192
To increase this limit to e.g. 12000, type:
Alternatively, add the following line to /etc/sysctl.conf file:
The following will tell you how many sessions are open right now:
Output:
# sysctl -w net.ipv4.netfilter.ip_conntrack_max=12000Alternatively, add the following line to /etc/sysctl.conf file:
net.ipv4.netfilter.ip_conntrack_max=12000The following will tell you how many sessions are open right now:
# wc -l /proc/net/ip_conntrackOutput:
5000 /proc/net/ip_conntrack
