Increase the port range net.ipv4.ip_local_port_range

There is a possibility that on a highly loaded server, such as a proxy or router, with a very large number of connections, free ports in the allocated range may run out, so you need to look at the current number used and, if necessary, increase the net.ipv4.ip_local_port_range value.

Let’s see how many ports are allowed to be used, the default value is “32768 60999” (usually this is enough):

cat /proc/sys/net/ipv4/ip_local_port_range
sysctl net.ipv4.ip_local_port_range

Let’s see how much is used at the moment:

ss -s

I will give an example of what was displayed on one of my servers:

Total: 11444 (kernel 36151)
TCP:   44 (estab 3, closed 30, orphaned 0, synrecv 0, timewait 30/0), ports 0

Transport Total     IP        IPv6
*         36151     -         -
RAW       193       0         193
UDP       10708     10696     12
TCP       14        12        2
INET      10915     10708     207
FRAG      34        34        0

More examples of viewing statistics:

apt install net-tools
netstat -s | more
netstat -su #udp
netstat -st #tcp
netstat -sw #raw
netstat -nap
netstat -naptu | more

I will give examples of increasing the range:

echo "16384 65535" > /proc/sys/net/ipv4/ip_local_port_range
sysctl -w net.ipv4.ip_local_port_range="1024 65535"

To prevent the change from being reset after restarting the operating system, open the /etc/sysctl.conf file in a text editor:

nano /etc/sysctl.conf

And let’s say:

net.ipv4.ip_local_port_range = 1024 65535

You can also apply the new content in the /etc/sysctl.conf file with the command below:

sysctl -p

See also my articles:
Tuning nf_conntrack
Preparing a Linux server before installing Accel-ppp

Leave a comment

Leave a Reply

Discover more from IT Blog

Subscribe now to keep reading and get access to the full archive.

Continue reading