Symptom
/var/log/messages states that packets are being dropped due to the limit being reached. The default limit is 65536 connections.
Cause
Unless you are using the Linux box as a router then an application is probably misbehaving. The limit is placed to ensure that bad applications cannot cause havok on networks, investigate hy the application is doing this first.
- The current limit can be viewed by cating one of these files, the exact file can vary based on distro:
/proc/sys/net/netfilter/nf_conntrack_max /proc/sys/net/ipv4/netfilter/ip_conntrack_max
If the file cannot be found try:
find /proc -name '*conntrack_max*'
Resolution
If the connections are legitamate the limit can be increased by echoing the number to the conntrack_max file as shown below:
cat 250000 >/proc/sys/net/netfilter/nf_conntrack_max
To make the changes permanent edit the /etc/sysctl.conf file and edit or add a line based on the location of the /proc file in your distro:
net.netfilter.nf_conntrack_max = 250000
