If you are seeing the message in the system's logs, "ip_conntrack: table full, dropping packet." it means that the table is full, and packets that are traversing the system's firewall are being dropped.
In order to increase the maximum value, you must install the kernel-devel package on the system, then reboot the server.
# yum install kernel-devel
Now, check to see what the current maximum is set to.
# cat /proc/sys/net/ipv4/ip_conntrack_max
You can now use echo to increase this number. Usually increasing it by double the existing value is good practice.
# echo 131072 > /proc/sys/net/ipv4/ip_conntrack_max
Check to make sure your ip_conntrack table is getting bigger.
# cat /proc/sys/net/ipv4/netfilter/ip_conntrack_count
Since you are inserting this into the live system, when rebooting, this will go back to the default setting. To make this a permanent change in your system, modify the /etc/sysctl.conf file, and add this value, and a comment of your choice.
# echo “net.ipv4.ip_conntrack_max = 131072” >> /etc/sysctl.conf
Some information taken from the Red Hat Knowledgebase.
This article has been provided by Codero Hosting, the leading provider of reliable dedicated, managed and cloud hosting services. Need more information on this topic or to learn more about Codero’s hosting services please visit www.codero.com, chat with us online or give us a call at 866-2-CODERO. Posted in