Account Links: Cart | Your Account | Logout

Skip to content

Red Hat Knowledgebase

Red Hat Knowledgebase Search:

Updated Within the Last:

New Solutions within the last day New Solutions within the last week New Solutions within the last month

Browse by topics:


Click to View a Topic
Red Hat Enterprise Linux > Networking > Issue <<  324 of 351 >>

Solution Tools:


Email a Solution Postcard Printer version Submit a comment on this answer Update notifications Request an answer Back

Article Reference

Article ID: 11238
Last update: 08-27-07
Issue:
What does the message 'ip_conntrack: table full, dropping packet.' in my system's messages log file mean? How can I fix this problem?
Resolution:

The ip_conntrack module uses a portion of the system memory to track connections called a connection tracking table. The size of this table is set when the ip_conntrack module is loaded, and is usually determined automatically by a hash of the installed system RAM. For example, a system with 256MB RAM will typically have a conntrack table of 8192 entries by default.

To check the maximum conntrack entries available, look at the proc file system:

[root@localhost ~]# cat /proc/sys/net/ipv4/ip_conntrack_max
8192

If you are seeing the message in the system's logs ip_conntrack: table full, dropping packet. it means that the table is full, and packets that are traversing the system's firewall are being dropped.

First verify that the table is full by checking how many connections are currently being tracked:

[root@localhost ~]# cat /proc/sys/net/ipv4/netfilter/ip_conntrack_count 
8192

Then compare to the maximum the system is set to handle in the ip_conntrack_max entry:

[root@localhost ~]# cat /proc/sys/net/ipv4/netfilter/ip_conntrack_max 
8192

The ip_conntrack_max setting must be increased to resolve the problem.


How well did this entry answer your question?


good wrong incomplete out of date
Red Hat Enterprise Linux > Networking > Issue <<   324  of  351  >>