Saturday, November 7, 2009

ip_conntrack table full, dropping packet error

If you are getting error
kernel: ip_conntrack: CT 87726*: table full, dropping packet.

Generally, the ip_conntrack_max is set to the total MB of RAM installed multiplied by 16.

You need to increase

# echo 37072 > /proc/sys/net/ipv4/ip_conntrack_max
This will increase ip_conntrack number to 37072

Command to check the current count
# cat /proc/sys/net/ipv4/ip_conntrack_max

To make this persistent you have to add a line like
‘net.ipv4.ip_conntrack_max=37072′ to /etc/sysctl.conf


1 comment:

Anonymous said...
This comment has been removed by a blog administrator.

View My Stats