IP Tables Max Connections
If you, like me, run a linux firewall you may find your connection doing weird things like taking a long time or sometimes dying completely – often with little to no load on the machine. One thing that is worth looking at is the maximum number of tracked connections that the firewall is maintaining:
# cat /proc/sys/net/ipv4/ip_conntrack_max 16640
# cat /proc/sys/net/ipv4/netfilter/ip_conntrack_count
The above shows that the maximum number of connections has been reached. Once this starts happening, then connections that can no longer be maintained will be dropped – causing all kinds of trouble.
kernel: ip_conntrack: table full, dropping packet.
The way around this is to increase the number of maximum connections. This can be done easily and on the fly by running the following command:
# echo 131072 > /proc/sys/net/ipv4/ip_conntrack_max # cat /proc/sys/net/ipv4/netfilter/ip_conntrack_count 44796
To make the configuration permanent across reboots the following line must be added to the /etc/sysctl.conf file:
net.ipv4.ip_conntrack_max = 131072