ที่มาhttp://kbase.redhat.com/faq/FAQ_45_11238.shtm
Issue:
The ip_conntrack module uses a portion of the system memory to track connections called a connection tracking table. The size of this table is set when the ip_conntrack module is loaded, and is usually determined automatically by a hash of the installed system RAM. For example, a system with 256MB RAM will typically have a conntrack table of 8192 entries by default.
To check the maximum conntrack entries available, look at the proc file system:
[root@localhost ~]# cat /proc/sys/net/ipv4/ip_conntrack_max 8192
If you are seeing the message in the system's logs ip_conntrack: table full, dropping packet. it means that the table is full, and packets that are traversing the system's firewall are being dropped.
First verify that the table is full by checking how many connections are currently being tracked:
[root@localhost ~]# cat /proc/sys/net/ipv4/netfilter/ip_conntrack_count 8192
Then compare to the maximum the system is set to handle in the ip_conntrack_max entry:
[root@localhost ~]# cat /proc/sys/net/ipv4/netfilter/ip_conntrack_max 8192
The ip_conntrack_max setting must be increased to resolve the problem.
