If your Linux server is opening lots of outgoing network connection, you need to increase local port range. By default range is small. For example squid proxy server can come under fire if it runs out of ports.
You can use sysctl command to to modify kernel parameters at runtime. The parameters available are those listed under /proc/sys/. Please note that this hack is only useful for high bandwidth, busy Linux servers or large scale grid servers.
To find current range type
$ sysctl net.ipv4.ip_local_port_range
Output:
net.ipv4.ip_local_port_range = 32768 61000
Set new local port range
You can set the range with the following command:
# echo 1024 65535 > /proc/sys/net/ipv4/ip_local_port_range
OR
$ sudo sysctl -w net.ipv4.ip_local_port_range="1024 64000"
You may need to edit /etc/sysctl.conf file, to make changes to /proc filesystem permanently i.e. append the following to your /etc/sysctl.conf file:
# increase system IP port limits
net.ipv4.ip_local_port_range = 1024 65535
Featured Articles:
- 20 Linux System Monitoring Tools Every SysAdmin Should Know
- 20 Linux Server Hardening Security Tips
- Linux: 20 Iptables Examples For New SysAdmins
- My 10 UNIX Command Line Mistakes
- 25 PHP Security Best Practices For Sys Admins
- The Novice Guide To Buying A Linux Laptop
- Top 5 Email Client For Linux, Mac OS X, and Windows Users
- Top 20 OpenSSH Server Best Security Practices
- Top 10 Open Source Web-Based Project Management Software
Facebook it - Tweet it - Print it -
We're here to help you make the most of sysadmin work. So, subscribe!
{ 3 comments… read them below or add one }
Great walk through. This should help a lot of people.
worth mentioning…
when adding ip_local_port_range to your sysctl.conf file, i had to use a tab between the 2 values or else the 2nd value was not being read correctly.
centos5.2 w/ 2.6.18 vanilla.
ciao.
Hi,
But it is possible to set port range per application basis?
regards.