Fast2Host Logo


Ip_conntrack: table full, dropping packet

ip_conntrack: table full, dropping packet

If you notice the above message in syslog, it looks like the conntrack database doesn't have enough entries for your environment. Connection tracking by default handles up to a certain number of simultaneous connections. This number is dependent on you system's maximum memory size.

You can easily increase the number of maximal tracked connections, but be aware that each tracked connection eats about 350 bytes of non-swappable kernel memory!

To print current limit type:

# sysctl net.ipv4.netfilter.ip_conntrack_max



To increase this limit to e.g. 12000, type:

# sysctl -w net.ipv4.netfilter.ip_conntrack_max=12000

Alternatively, add the following line to /etc/sysctl.conf file:


The following will tell you how many sessions are open right now:

# wc -l /proc/net/ip_conntrack


5000 /proc/net/ip_conntrack

Maintain peace of mind with UK based support

Email any time or call 01480 26 00 00 014 80 26 00 00