Aug 272014

I have several Xen and KVM vps servers and they all suffer with the same problem of “nf_conntrack: table full, dropping packet” but its an easy fix

You can check what the current number of nf_conntrack_max is set to.
cat /proc/sys/net/nf_conntrack_max
the default is 65535 but all mine were set to 15000.

Now to increase the number of nf_conntrack_max
echo 100000 > /proc/sys/net/nf_conntrack_max
Now if you check again it should be the new value.

Now to make the change permanent we add the following to the bottom of /etc/sysctl.conf
net.nf_conntrack_max = 100000

Please note that the directory path to “nf_conntrack_max” differs between Linux distributions, the above works for CentOS

Aug 262014

I’ve been playing around and getting to know CentOS 7 and have decided i prefer iptables (over firewalld) which i have been using for the last few years so here’s how to swap firewalld for iptables.

Disable Firewalld Service.
systemctl disable firewalld
Stop Firewalld Service.
systemctl stop firewalld
Now we install the iptables services.
yum -y install iptables-services
Start iptables at boot.
systemctl enable iptables
Start ip6tables at boot. (skip if you don’t use ipv6)
systemctl enable ip6tables
Finally we start iptables.
systemctl start iptables
Finally we start ip6tables. (skip if you don’t use ipv6)
systemctl start ip6tables

Now our firewall uses iptables and we can add our rules like we always have.