Receiving an “ip_conntrack: table full” error.

On OpenVZ/HyperVM machines sometimes the ip_conntrack table will become full and drop packets. You can tell if it is doing this by looking in your /var/log/messages file.

To find out the current limit run:

Then to increase it edit /etc/sysctl.conf and change the linenet.ipv4.netfilter.ip_conntrack_max = to a higher number. Adding 5000 or 10000 to the current max should be fine. You do not need to go crazy.

One you have saved the file, to reload the new configuration run:

You should be all set and the machine should not be dropping any packets.

Tagged:

Rate This Article

Helpful Not Helpful
(138 out of 259 people found this article helpful)

About The Author

Kris has worn many hats at Limestone Networks, managing at the corporate level. His main focuses now are managing the Support Department and working on Strategic Partnerships with other companies.