Linux Increase TCP Port Range with net.ipv4.ip_local_port_range Kernel Parameter
Author: Vivek Gite Last updated: September 23, 2017
Linux Local Port Range
If your Linux server is opening lots of outgoing network connections, you need to increase local port range. By default range is small. For example a squid proxy server can come under fire if it runs out of ports. Other example includes heavy traffic network servers, like nginx load balancers, LXD vm and more.
You can use the sysctl command to to modify kernel parameters at runtime. The parameters available are those listed under /proc/sys/. Please note that this hack is only useful for high bandwidth, busy Linux servers or large scale grid servers.
How to find current port range type
Type the following cat command:
$ cat /proc/sys/net/ipv4/ip_local_port_rangeOR use the sysctl command:
$ sysctl net.ipv4.ip_local_port_rangeSample outputs:
net.ipv4.ip_local_port_range = 32768 61000Set new local port range
You can set the range with any one of the following command. You must be root user:
# echo 1024 65535 > /proc/sys/net/ipv4/ip_local_port_rangeOR
$ sudo sysctl -w net.ipv4.ip_local_port_range="1024 65535"The above defines the local port range that is used by TCP and UDP choose the local port. The first number is the first, the second the last local port number. If possible, it is better these numbers have different parity i.e. one even and one odd values. The default values are 32768 and 60999 respectively or whatever set by your distro or sysadmin. In this example, 1024 is not odd number and 65535 is odd number. Otherwise you will get an warning that read as follows:
ip_local_port_range: prefer different parity for start/end values.
Linux increase ip_local_port_range TCP port range using sysctl.conf
Finally, edit /etc/sysctl.conf file, to make changes to /proc filesystem permanently i.e. append the following line to your /etc/sysctl.conf file:
# increase system IP port limits
net.ipv4.ip_local_port_range = 1024 65535How do I see all tcp/udp/ip session info
Use the ss command/netstat command
$ netstat -s | more
$ netstat -st #tcp
$ netstat -su #udp
$ netstat -sw #raw
$ netstat -nap
$ netstat -naptu | moreSample outputs:
Active Internet connections (servers and established)
Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
tcp 0 0 172.16.3.1:11211 172.16.3.4:49806 TIME_WAIT -
tcp 0 0 172.16.3.1:11211 172.16.3.4:49796 TIME_WAIT -
tcp 0 0 172.16.3.1:11211 172.16.3.3:57004 TIME_WAIT -
tcp 0 0 172.16.3.1:11211 10.105.28.42:50818 TIME_WAIT -
tcp 0 0 172.16.3.1:11211 172.16.3.2:40514 TIME_WAIT -
tcp 0 0 172.16.3.1:3306 10.105.28.44:37984 TIME_WAIT -
tcp 0 0 172.16.3.1:11211 172.16.3.3:57008 TIME_WAIT -
tcp 0 0 172.16.3.1:11211 172.16.3.2:40508 TIME_WAIT -
tcp 0 0 172.16.3.1:3306 10.105.28.44:38080 TIME_WAIT -
tcp 0 0 172.16.3.1:11211 172.16.3.2:40500 TIME_WAIT -
tcp 0 0 172.16.3.1:11211 172.16.3.4:49774 TIME_WAIT -
tcp 0 0 172.16.3.1:11211 172.16.3.2:40462 TIME_WAIT -
tcp 0 0 172.16.3.1:3306 172.16.3.2:40806 TIME_WAIT -
tcp 0 0 172.16.3.1:11211 172.16.3.2:40518 TIME_WAIT -
tcp 0 0 172.16.3.1:11211 172.16.3.2:40472 TIME_WAIT -
tcp 0 0 172.16.3.1:11211 172.16.3.2:40442 TIME_WAIT -
tcp 0 0 172.16.3.1:11211 172.16.3.2:40414 TIME_WAIT -
tcp 0 0 172.16.3.1:3306 10.105.28.44:38066 TIME_WAIT -
tcp 0 0 172.16.3.1:11211 172.16.3.2:40432 TIME_WAIT -
...
..Or use the ss command:
$ ss -sSample outputs:
Total: 923 (kernel 39850)
TCP: 439 (estab 6, closed 423, orphaned 0, synrecv 0, timewait 370/0), ports 0
Transport Total IP IPv6
* 39850 - -
RAW 0 0 0
UDP 7 6 1
TCP 16 15 1
INET 23 21 2
FRAG 0 0 0For more info read the following man pages:
$ man sysctl
$ man 5 sysctl.conf
$ man ss
$ man netstat转自https://www.cyberciti.biz/tips/linux-increase-outgoing-network-sockets-range.html
本作品采用 知识共享署名-相同方式共享 4.0 国际许可协议 进行许可。