Fast2Host Logo
Fast2Host Logo

Linux

Ip_conntrack: table full, dropping packet

ip_conntrack: table full, dropping packet

If you notice the above message in syslog, it looks like the conntrack database doesn't have enough entries for your environment. Connection tracking by default handles up to a certain number of simultaneous connections. This number is dependent on you system's maximum memory size.

You can easily increase the number of maximal tracked connections, but be aware that each tracked connection eats about 350 bytes of non-swappable kernel memory!

To print current limit type:

# sysctl net.ipv4.netfilter.ip_conntrack_max

Output:

8192

To increase this limit to e.g. 12000, type:

# sysctl -w net.ipv4.netfilter.ip_conntrack_max=12000

Alternatively, add the following line to /etc/sysctl.conf file:

net.ipv4.netfilter.ip_conntrack_max=12000

The following will tell you how many sessions are open right now:

# wc -l /proc/net/ip_conntrack

Output:

5000 /proc/net/ip_conntrack



Maintain peace of mind with UK based support

Email any time or call 01480 26 00 00 014 80 26 00 00

Contact Fast2host
Web Hosting
Cloud Hosting
Dedicated Servers
Colocation
Services
Support
Follow Us

All Content © 2018 Fast4networks Ltd trading as Fast2host. All Rights Reserved.

All of our prices listed are exlusive of UK VAT

UK Company Registration Number: 11651120 — VAT Number: GB 310 9024 49 — BGP4 Network AS48825