nf_conntrack: table full, dropping packets

Leave a reply

sysctl -a|grep -i nf_conntrack_max

To interesas conntrack:

sysctl -w net.netfilter.nf_conntrack_max=131072
echo 32768 > /sys/module/nf_conntrack/parameters/hashsize
hashsize = nf_conntrack_max / 4

to save rules on server reboot:
echo ‘net.netfilter.nf_conntrack_count = 131072’ >> /etc/sysctl.conf
vi /etc/rc.local
echo 32768 > /sys/module/nf_conntrack/parameters/hashsize

To disable conntrack:

/sbin/rmmod iptable_nat
/sbin/rmmod ipt_MASQUERADE
/sbin/rmmod rmmod nf_nat
/sbin/rmmod rmmod nf_conntrack_ipv4
/sbin/rmmod nf_conntrack
/sbin/rmmod nf_defrag_ipv4

Leave a Reply

Your email address will not be published. Required fields are marked *