Tag: sysctl

  • sysctl

    nf_conntrack: table full, dropping packet
    MariaDB Change Open Files Limit
    Elasticsearch

  • nf_conntrack: table full, dropping packet

    On a CentOS server, i get following error in /var/log/messages

    Jan 17 03:40:02 ss1 kernel: nf_conntrack: table full, dropping packet
    Jan 17 03:40:03 ss1 kernel: nf_conntrack: table full, dropping packet
    Jan 17 03:40:03 ss1 kernel: nf_conntrack: table full, dropping packet
    Jan 17 03:40:03 ss1 kernel: nf_conntrack: table full, dropping packet
    Jan 17 03:40:03 ss1 kernel: nf_conntrack: table full, dropping packet
    Jan 17 03:40:03 ss1 kernel: nf_conntrack: table full, dropping packet

    This is because the server is getting too much connections. This can be due to a busy server or DDoS attack.

    if you traffic is legit, you can increase maximum connection tracking.

    To see current value, run

    cat /proc/sys/net/netfilter/nf_conntrack_max

    To set value, run

    echo 64000 > /proc/sys/net/netfilter/nf_conntrack_max

    Change 64000 with your desired value.

    You can also use sysctl, for example

    sysctl -a | grep nf_conntrack_max

    To set value, run

    sysctl -w net.netfilter.nf_conntrack_max=120000

    To make it permanent, edit 

    vi /etc/sysctl.conf

    Add 

    net.netfilter.nf_conntrack_max=120000

    Now run

    sysctl -p

    See sysctl