On a busy webserver, you have to be very careful that you don’t run out of connection tracking buckets.
Check how many you have set as your max:
/sbin/sysctl net.ipv4.ip_conntrack_max
Check how many you’re using:
wc -l /proc/net/ip_conntrack
A good maximum setting for most web servers with at least 2Gb RAM is 65536. Change the setting and lock it in (Redhat variants):
echo "net.ipv4.ip_conntrack_max = 65535" >> /etc/sysctl.conf
/sbin/sysctl -w
please note:
running the command: echo “net.ipv4.ip_conntrack_max = 65535” > /etc/sysctl.conf
will overwrite any other settings in sysctl.conf file.
should be :
echo “net.ipv4.ip_conntrack_max = 65535” >> /etc/sysctl.conf
Thanks for the catch! Post updated.
Running:
wc -l /proc/net/ip_conntrack
On debian 8 gives me:
wc: /proc/net/ip_conntrack: No such file or directory