ip_conntrack and dropped packets

For busy servers, ip_conntrack can fill up quickly and must be monitored or you will get intermittent packet drops. Check var/log/messages for these error messages. Couple values can be adjusted to the kernel:

more /proc/sys/net/ipv4/netfilter/ip_conntrack_count
more /proc/sys/net/ipv4/netfilter/ip_conntrack_max
=> count should be less than max, if it's near the maximum value, increase max

more /proc/sys/net/ipv4/netfilter/ip_conntrack_tcp_timeout_established
=> default 5 days, might want to lower it

echo 0 > /proc/sys/net/ipv4/netfilter/ip_conntrack_tcp_loose