Sometimes the server were blocking connections and from about 10 time requesting the sites on the server one of them would show the site hosted on that server or in the midle of serving a connection time out would occure.
In this situations I would went ahead to restart all of the services including apache mysql and all the rest but they wouldn’t do any good unless I restarted the iptables
I checked the logs to see what has been loged that by restarting the iptables it would become stable
I noticed this loged
ip_conntrack: table full, dropping packet
in /var/log/messages
if this messages has been loged in syslog means that conntrack database didn’t have enough entries for that current number of connections to monitor.connection tracking by default handles only certain amount of simultaneous connections.

deppending on the memory that you have available that is simply the amount of RAM that you have available .
You can easily increase the number of maximal tracked connections, but be aware that each tracked connection eats about 350 bytes of non-swappable kernel memory!
To print current limit type:

sysctl net.ipv4.netfilter.ip_conntrack_max

To increase this limit to e.g. 12000, type:

sysctl -w net.ipv4.netfilter.ip_conntrack_max=2000000

Alternatively, add the following line to /etc/sysctl.conf file:

net.ipv4.netfilter.ip_conntrack_max=2000000

The following will tell you how many sessions are open right now:

wc -l /proc/net/ip_conntrack

Output:
87001 /proc/net/ip_conntrack
THanks
Voshka Niknam

LEAVE A REPLY

Please enter your comment!
Please enter your name here

This site uses Akismet to reduce spam. Learn how your comment data is processed.