Facing an issue with the kernel module, ‘ip_conntrack’ ?
Checking /var/log/messages gives something like this ?
==========
Nov 13 14:45:23 host kernel: ip_conntrack: VPS xxx table full, dropping packet.
Nov 13 14:45:43 host kernel: ip_conntrack: VPS xxx table full, dropping packet.
Nov 13 14:45:48 host kernel: ip_conntrack: VPS xxx table full, dropping packet.
==========
If you run an iptables firewall, and have rules that act upon the state of a packet,
then the kernel uses ip_conntrack to keep track of what state what connections are in so that
the firewall rule logic can be applied against them. If you have a system that’s getting a lot
of network activity then the table will accumulate entries.
* Increase ip_conntrack to a higher value by editing /etc/sysctl.conf
Add/edit this line,
net.ipv4.ip_conntrack_max=xxxx
Run , #sysctl -p after making the changes.
Check the current value using the command,
# sysctl net.ipv4.netfilter.ip_conntrack_max
Dont keep on increasing the above value (ip_conntrack_max) beyond a limit, if you still see the error after the increase. This error might indicate the start of something more destructive attack on your servers network, something like a DDoS attacks. The amount of packets sent/received during this period would be on the higher side and as a result the kernel module isnt able to process them all, which results in the above error.
So check for the server traffic using commands like iftop or tcpdump and isolate if the
issue is related to any attacks.
