There is a possibility that on a highly loaded server, such as a proxy or router, with a very large number of connections, free ports in the allocated range may run out, so you need to look at the current number used and, if necessary, increase the net.ipv4.ip_local_port_range value.
Let’s see how many ports are allowed to be used, the default value is “32768 60999” (usually this is enough):
cat /proc/sys/net/ipv4/ip_local_port_range
sysctl net.ipv4.ip_local_port_range
Let’s see how much is used at the moment:
ss -s
I will give an example of what was displayed on one of my servers:
Total: 11444 (kernel 36151)
TCP: 44 (estab 3, closed 30, orphaned 0, synrecv 0, timewait 30/0), ports 0
Transport Total IP IPv6
* 36151 - -
RAW 193 0 193
UDP 10708 10696 12
TCP 14 12 2
INET 10915 10708 207
FRAG 34 34 0
More examples of viewing statistics:
apt install net-tools
netstat -s | more
netstat -su #udp
netstat -st #tcp
netstat -sw #raw
netstat -nap
netstat -naptu | more
I will give examples of increasing the range:
echo "16384 65535" > /proc/sys/net/ipv4/ip_local_port_range
sysctl -w net.ipv4.ip_local_port_range="1024 65535"
To prevent the change from being reset after restarting the operating system, open the /etc/sysctl.conf file in a text editor:
nano /etc/sysctl.conf
And let’s say:
net.ipv4.ip_local_port_range = 1024 65535
You can also apply the new content in the /etc/sysctl.conf file with the command below:
sysctl -p
See also my articles:
Tuning nf_conntrack
Preparing a Linux server before installing Accel-ppp