How to fix Iptables ip_conntrack: table full, dropping packet error

How do i fix the error    ip_conntrack: table full, dropping packet

If your server / vps is reporting the following message in /var/log/messages (syslog)

ip_conntrack: table full, dropping packet

 

If you notice the above message in syslog, it looks like the conntrack database doesn't have enough entries for your environment. Connection tracking by default handles up to a certain number of simultaneous connections. This number is dependent on you system's maximum memory size.

You can easily increase the number of maximal tracked connections, but be aware that each tracked connection eats about 350 bytes of non-swappable kernel memory!

To print current limit type:

  • sysctl net.ipv4.netfilter.ip_conntrack_max

Output:

8192

To increase this limit to e.g. 12000, type:

 

  • sysctl -w net.ipv4.netfilter.ip_conntrack_max=12000

 

 

Alternatively, add the following line to /etc/sysctl.conf file:

  • net.ipv4.netfilter.ip_conntrack_max=12000

 

The following will tell you how many sessions are open right now:

  • wc -l /proc/net/ip_conntrack

 

  • 121 Users Found This Useful
Was this answer helpful?

Related Articles

Zombie Process Slayer - Script to kill defunct processes

Here is a small script that you can use to show you which processes are zombies and which user is...

How can i cancel my dedicated server?

How Do I Cancel My Dedicated Server & Account? To cancel your account you need to login to your...

How can I move a xen LVM based virtual machine from one server to another?

For those running servers with no back-end SAN, the following instructions detail the steps...

How can i show my cpu info (linux)?

How can i show my cpu info? Log in to your server via SSH then typ;e the following command...

How can i sync hardware clock

How can i sync the hardware clock in cent os?   First make sure your clock is accurate you can...