===== How to fix “nf_conntrack: table full, dropping packet.” issue =====
during high traffic time, web site become much slower while low traffic is ok. a typical case is a download server, when there are many concurrent connections to download, many or all users feel much slower. one cause may be the linux conntrack table is full.

==== Check ====
  #dmesg | tail
  nf_conntrack: table full, dropping packet.
  nf_conntrack: table full, dropping packet.
  nf_conntrack: table full, dropping packet.

if you see above, then the issue of conntrack table full is confirmed.

  #sysctl -a | grep conntrack
  ...
  net.netfilter.nf_conntrack_max = 65536
  net.netfilter.nf_conntrack_count = 68999
  net.netfilter.nf_conntrack_buckets = 16384
  ...
  
  #cat /sys/module/nf_conntrack/parameters/hashsize
  16384

if nf_conntrack_count is close to nf_conntrack_max or even larger, the problem will occur.

==== Action ====
  #sysctl -w net.netfilter.nf_conntrack_max=655360
  net.netfilter.nf_conntrack_max = 655360
  #echo 163840 > /sys/module/nf_conntrack/parameters/hashsize

==== Permanent Change ====
edit /etc/sysctl.conf, add following line:
  net.netfilter.nf_conntrack_max=655360
edit /etc/rc.local, add following line:
  echo 163840 > /sys/module/nf_conntrack/parameters/hashsize