Table full, dropping packet.

The following content appears in the system log/var/log/messages

Jan 31 16 : 46 : 41 ahmobileblivemedia02 kernel: nf_conntrack: table full, dropping packet. Jan 31 16 : 46 : 41 ahmobileblivemedia02 kernel: nf_conntrack: table full, dropping packet. Jan 31 16 : 46 : 41 ahmobileblivemedia02 kernel: nf_conntrack: table full, dropping packet. Jan 31 16 : 46 : 41 ahmobileblivemedia02 kernel: nf_conntrack: table full, dropping packet. Jan 31 16 : 46 : 41 ahmobileblivemedia02 kernel: nf_conntrack: table full, dropping packet.

Execute command, check system parameters, find Nf_conntrack_max set too little

sysctl -a|grep nf_conntrack_max net.netfilter.nf_conntrack_max = 65536 net.nf_conntrack_max = 65536

To edit/etc/sysctl.conf, add the following:

net.nf_conntrack_max = 25000000 net.netfilter.nf_conntrack_max = 25000000 net.netfilter.ip_conntrack_tcp_timeout_established = 3600 net.netfilter.nf_conntrack_tcp_timeout_close_wait = 60 net.netfilter.nf_conntrack_tcp_timeout_fin_wait = 120 net.netfilter.nf_conntrack_tcp_timeout_time_wait = 120 #以下是可选配置 #net.ipv4.tcp_tw_reuse = 1 #net.ipv4.tcp_tw_recycle = 1 #net.ipv4.tcp_timestamps = 1 #net.ipv4.tcp_syncookies = 1

After the add is complete, execute the command sysctl-p

Not in force

Icon

/etc/sysctl.conf settings are invalidated when the firewall is restarted

If it is found that the value displayed by Sysctl-a|grep Nf_conntrack_max is inconsistent with the/etc/sysctl.conf configuration, the command sysctl-p is not executed after restarting Iptable, in which case only sysctl-p is performed, No need to modify/etc/sysctl.conf

This article is from the "Intelligent Future _XFICC" blog, please be sure to keep this source http://xficc.blog.51cto.com/1189288/1812428

Table full, dropping packet.