Aug 272014

I have several Xen and KVM vps servers and they all suffer with the same problem of “nf_conntrack: table full, dropping packet” but its an easy fix

You can check what the current number of nf_conntrack_max is set to.
cat /proc/sys/net/nf_conntrack_max
the default is 65535 but all mine were set to 15000.

Now to increase the number of nf_conntrack_max
echo 100000 > /proc/sys/net/nf_conntrack_max
Now if you check again it should be the new value.

Now to make the change permanent we add the following to the bottom of /etc/sysctl.conf
net.nf_conntrack_max = 100000

Please note that the directory path to “nf_conntrack_max” differs between Linux distributions, the above works for CentOS

 Leave a Reply

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>