Facing an issue with the kernel module, ‘ip_conntrack‘ ?
Checking /var/log/messages gives something like this ?
host kernel: ip_conntrack: VPS xxx table full, dropping packet. host kernel: ip_conntrack: VPS xxx table full, dropping packet.
If you run an iptables firewall and have rules that act upon the state of a packet, then the kernel uses ‘ip_conntrack’ to keep track of what state what connections are in so that the firewall rule logic can be applied against them.
If you have a system that’s getting a lot of network activity then the table will accumulate entries.
Increase ip_conntrack to a higher value by editing /etc/sysctl.conf
Add/edit this line,
net.ipv4.ip_conntrack_max=xxxx
Run # sysctl -p after making the changes.
Check the current value using the command,
# sysctl net.ipv4.netfilter.ip_conntrack_max
Do not keep on increasing the above value beyond a limit, if you still see the error after the increase.
This error might indicate the start of something more destructive attack on your server’s network, something like a DDoS attack. The amount of packets sent/received during this period would be on the higher side and as a result the kernel module is not able to process them all, which results in the above error.
So check for the server traffic using commands like iftop or tcpdump and isolate if the issue is related to any attacks.