www kernel: printk: 1 messages suppressed.
www kernel: ip_conntrack: table full, dropping packet.
Reason behind this error:
Iptables under Linux maintains a list of connections passing
through the router. Each connection tracking entry contains defined
characteristics of the packet, including the source and destination
IP address and port number. The connection tracking entries are
ultimately stored in a hash table with a fixed size. If the router
reaches the maximum number of connection tracking entries,it will
log an error:
"ip_conntrack: table full, dropping packet"
The maximum size of the connection tracking table can be increased.
The maximum size value is stored in the router's proc filesystem
in the file /proc/sys/net/ipv4/ip_conntrack_max. Increasing the
maximum size of the connection tracking table to a value larger than
the total number of connections will eliminate the error message
and prevent the router from dropping connections due to a lack of
space in the connection tracking table.
# This tell you how many sessions arte open right now.
cat /proc/net/ip_conntrack | wc -l
# This tells you the maximum number of conntrack entries you can have
in total
cat /proc/sys/net/ipv4/ip_conntrack_max
Once the previous number hits beyond the latter, you should start
seeing these messages. I would increase the latter number by calling:
echo "" > /proc/sys/net/ipv4/ip_conntrack_max
or if you want it to span reboots, you can place the following in
/etc/sysctl.conf
sys.net.ipv4.ip_conntrack_max =3D
