Linux Increase TCP Port Range with net.ipv4.ip_local_port_range Kernel Parameter 2025-04-12 linux 暂无评论 219 次阅读 Author: Vivek Gite Last updated: September 23, 2017  Linux Local Port Range If your Linux server is opening lots of outgoing network connections, you need to increase local port range. By default range is small. For example a squid proxy server can come under fire if it runs out of ports. Other example includes heavy traffic network servers, like nginx load balancers, LXD vm and more. You can use the sysctl command to to modify kernel parameters at runtime. The parameters available are those listed under /proc/sys/. Please note that this hack is only useful for high bandwidth, busy Linux servers or large scale grid servers. #How to find current port range type Type the following cat command: ``` $ cat /proc/sys/net/ipv4/ip_local_port_range ``` OR use the sysctl command: ``` $ sysctl net.ipv4.ip_local_port_range ``` Sample outputs: ``` net.ipv4.ip_local_port_range = 32768 61000 ``` #Set new local port range You can set the range with any one of the following command. You must be root user: ``` # echo 1024 65535 > /proc/sys/net/ipv4/ip_local_port_range ``` OR ``` $ sudo sysctl -w net.ipv4.ip_local_port_range="1024 65535" ``` The above defines the local port range that is used by TCP and UDP choose the local port. The first number is the first, the second the last local port number. If possible, it is better these numbers have different parity i.e. one even and one odd values. The default values are 32768 and 60999 respectively or whatever set by your distro or sysadmin. In this example, 1024 is not odd number and 65535 is odd number. Otherwise you will get an warning that read as follows: > ip_local_port_range: prefer different parity for start/end values. #Linux increase ip_local_port_range TCP port range using sysctl.conf Finally, edit /etc/sysctl.conf file, to make changes to /proc filesystem permanently i.e. append the following line to your /etc/sysctl.conf file: ``` # increase system IP port limits net.ipv4.ip_local_port_range = 1024 65535 ``` #How do I see all tcp/udp/ip session info Use the ss command/netstat command ``` $ netstat -s | more $ netstat -st #tcp $ netstat -su #udp $ netstat -sw #raw $ netstat -nap $ netstat -naptu | more ``` Sample outputs: ``` Active Internet connections (servers and established) Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name tcp 0 0 172.16.3.1:11211 172.16.3.4:49806 TIME_WAIT - tcp 0 0 172.16.3.1:11211 172.16.3.4:49796 TIME_WAIT - tcp 0 0 172.16.3.1:11211 172.16.3.3:57004 TIME_WAIT - tcp 0 0 172.16.3.1:11211 10.105.28.42:50818 TIME_WAIT - tcp 0 0 172.16.3.1:11211 172.16.3.2:40514 TIME_WAIT - tcp 0 0 172.16.3.1:3306 10.105.28.44:37984 TIME_WAIT - tcp 0 0 172.16.3.1:11211 172.16.3.3:57008 TIME_WAIT - tcp 0 0 172.16.3.1:11211 172.16.3.2:40508 TIME_WAIT - tcp 0 0 172.16.3.1:3306 10.105.28.44:38080 TIME_WAIT - tcp 0 0 172.16.3.1:11211 172.16.3.2:40500 TIME_WAIT - tcp 0 0 172.16.3.1:11211 172.16.3.4:49774 TIME_WAIT - tcp 0 0 172.16.3.1:11211 172.16.3.2:40462 TIME_WAIT - tcp 0 0 172.16.3.1:3306 172.16.3.2:40806 TIME_WAIT - tcp 0 0 172.16.3.1:11211 172.16.3.2:40518 TIME_WAIT - tcp 0 0 172.16.3.1:11211 172.16.3.2:40472 TIME_WAIT - tcp 0 0 172.16.3.1:11211 172.16.3.2:40442 TIME_WAIT - tcp 0 0 172.16.3.1:11211 172.16.3.2:40414 TIME_WAIT - tcp 0 0 172.16.3.1:3306 10.105.28.44:38066 TIME_WAIT - tcp 0 0 172.16.3.1:11211 172.16.3.2:40432 TIME_WAIT - ... .. ``` Or use the ss command: ``` $ ss -s ``` Sample outputs: ``` Total: 923 (kernel 39850) TCP: 439 (estab 6, closed 423, orphaned 0, synrecv 0, timewait 370/0), ports 0 Transport Total IP IPv6 * 39850 - - RAW 0 0 0 UDP 7 6 1 TCP 16 15 1 INET 23 21 2 FRAG 0 0 0 ``` For more info read the following man pages: ``` $ man sysctl $ man 5 sysctl.conf $ man ss $ man netstat ``` 转自https://www.cyberciti.biz/tips/linux-increase-outgoing-network-sockets-range.html 标签: port 本作品采用 知识共享署名-相同方式共享 4.0 国际许可协议 进行许可。