今天查看系统日志发现大量的nf_conntrack: table full, dropping packet. 错误
cat /var/log/messages | more
Jun  7 09:52:05 localhost kernel: nf_conntrack: table full, dropping packet.
Jun  7 09:52:05 localhost kernel: nf_conntrack: table full, dropping packet.
Jun  7 09:52:05 localhost kernel: nf_conntrack: table full, dropping packet.
Jun  7 09:52:05 localhost kernel: nf_conntrack: table full, dropping packet.
Jun  7 09:52:05 localhost kernel: nf_conntrack: table full, dropping packet.
Jun  7 09:52:05 localhost kernel: nf_conntrack: table full, dropping packet.
Jun  7 09:52:05 localhost kernel: nf_conntrack: table full, dropping packet.
Jun  7 09:52:05 localhost kernel: nf_conntrack: table full, dropping packet.
Jun  7 09:52:10 localhost kernel: nf_conntrack: table full, dropping packet.
Jun  7 09:52:10 localhost kernel: nf_conntrack: table full, dropping packet.
Jun  7 09:52:10 localhost kernel: nf_conntrack: table full, dropping packet.
Jun  7 09:52:10 localhost kernel: nf_conntrack: table full, dropping packet.
Jun  7 09:52:10 localhost kernel: nf_conntrack: table full, dropping packet.
Jun  7 09:52:10 localhost kernel: nf_conntrack: table full, dropping packet.
Jun  7 09:52:10 localhost kernel: nf_conntrack: table full, dropping packet.
Jun  7 09:52:10 localhost kernel: nf_conntrack: table full, dropping packet.
Jun  7 09:52:10 localhost kernel: nf_conntrack: table full, dropping packet.
Jun  7 09:52:10 localhost kernel: nf_conntrack: table full, dropping packet.
Jun  7 09:52:15 localhost kernel: nf_conntrack: table full, dropping packet.
Jun  7 09:52:15 localhost kernel: nf_conntrack: table full, dropping packet.
Jun  7 09:52:15 localhost kernel: nf_conntrack: table full, dropping packet.
Jun  7 09:52:15 localhost kernel: nf_conntrack: table full, dropping packet.
Jun  7 09:52:15 localhost kernel: nf_conntrack: table full, dropping packet.
Jun  7 09:52:15 localhost kernel: nf_conntrack: table full, dropping packet.
Jun  7 09:52:15 localhost kernel: nf_conntrack: table full, dropping packet.
Jun  7 09:52:15 localhost kernel: nf_conntrack: table full, dropping packet.
Jun  7 09:52:15 localhost kernel: nf_conntrack: table full, dropping packet.
Jun  7 09:52:15 localhost kernel: nf_conntrack: table full, dropping packet.
Jun  7 09:52:23 localhost kernel: nf_conntrack: table full, dropping packet.
Jun  7 09:52:23 localhost kernel: nf_conntrack: table full, dropping packet.
Jun  7 09:52:23 localhost kernel: nf_conntrack: table full, dropping packet.
Jun  7 09:52:23 localhost kernel: nf_conntrack: table full, dropping packet.
Jun  7 09:52:23 localhost kernel: nf_conntrack: table full, dropping packet.
Jun  7 09:52:23 localhost kernel: nf_conntrack: table full, dropping packet.
Jun  7 09:52:23 localhost kernel: nf_conntrack: table full, dropping packet.
Jun  7 09:52:23 localhost kernel: nf_conntrack: table full, dropping packet.
Jun  7 09:52:23 localhost kernel: nf_conntrack: table full, dropping packet.
Jun  7 09:52:23 localhost kernel: nf_conntrack: table full, dropping packet.
Jun  7 09:52:30 localhost kernel: nf_conntrack: table full, dropping packet.
Jun  7 09:52:30 localhost kernel: nf_conntrack: table full, dropping packet.
Jun  7 09:52:30 localhost kernel: nf_conntrack: table full, dropping packet.
Jun  7 09:52:30 localhost kernel: nf_conntrack: table full, dropping packet.
Jun  7 09:52:30 localhost kernel: nf_conntrack: table full, dropping packet.
Jun  7 09:52:30 localhost kernel: nf_conntrack: table full, dropping packet.
Jun  7 09:52:30 localhost kernel: nf_conntrack: table full, dropping packet.
Jun  7 09:52:30 localhost kernel: nf_conntrack: table full, dropping packet.
Jun  7 09:52:30 localhost kernel: nf_conntrack: table full, dropping packet.
Jun  7 09:52:30 localhost kernel: nf_conntrack: table full, dropping packet.
解决办法：
vi /etc/sysctl.conf
加入：
net.nf_conntrack_max = 655350
net.netfilter.nf_conntrack_tcp_timeout_established = 1200
CENTOS 6.1或以上版本使用：
net.netfilter.nf_conntrack_max = 655350
net.netfilter.nf_conntrack_tcp_timeout_established = 1200
保存后执行 sysctl -p 使之生效，然后观察该错误是不是没有了。