ip_conntrack: table full, dropping packet.

Most of you might have faced "ip_conntrack: table full, dropping packet." errors on Linux system. You will see these errors in "dmesg" output.

printk: 260 messages suppressed.
ip_conntrack: table full, dropping packet.
printk: 212 messages suppressed.
ip_conntrack: table full, dropping packet.
printk: 229 messages suppressed.

Here is the solution to you problem:

Errors are occurring because you have full utilized the limit of ip_conntrack table, time to increase the same.

• First check the default size of ip_conntrack on linux

# sysctl net.ipv4.netfilter.ip_conntrack_max
net.ipv4.netfilter.ip_conntrack_max = 65536

• With this limit on the connection to track, we are seeing dropping of packets. Time to double the limit.

# echo 131072 > /proc/sys/net/ipv4/netfilter/ip_conntrack_max

• Also change the ip_conntrack_tcp_timeout_time_wait to the following
  

# echo 30 > /proc/sys/net/ipv4/netfilter/ip_conntrack_tcp_timeout_time_wait