≡ Menu

Linux Increase Local Port Range with net.ipv4.ip_local_port_range Kernel Parameter

Linux Local Port Range
If your Linux server is opening lots of outgoing network connections, you need to increase local port range. By default range is small. For example a squid proxy server can come under fire if it runs out of ports.

You can use the sysctl command to to modify kernel parameters at runtime. The parameters available are those listed under /proc/sys/. Please note that this hack is only useful for high bandwidth, busy Linux servers or large scale grid servers.

How to find current port range type

Type the following command
$ sysctl net.ipv4.ip_local_port_range
Sample outputs:

net.ipv4.ip_local_port_range = 32768    61000

Set new local port range

You can set the range with any one of the following command. You must be root user:
# echo 1024 65535 > /proc/sys/net/ipv4/ip_local_port_range
OR
$ sudo sysctl -w net.ipv4.ip_local_port_range="1024 64000"

Finally, edit /etc/sysctl.conf file, to make changes to /proc filesystem permanently i.e. append the following line to your /etc/sysctl.conf file:
# increase system IP port limits
net.ipv4.ip_local_port_range = 1024 65535

Tweet itFacebook itGoogle+ itPDF itFound an error/typo on this page?

{ 11 comments… add one }

  • evilaim February 24, 2009, 8:07 pm

    Great walk through. This should help a lot of people.

  • tom3k August 5, 2009, 10:12 am

    worth mentioning…

    when adding ip_local_port_range to your sysctl.conf file, i had to use a tab between the 2 values or else the 2nd value was not being read correctly.

    centos5.2 w/ 2.6.18 vanilla.

    ciao.

  • JSmith December 9, 2009, 9:36 pm

    Hi,

    But it is possible to set port range per application basis?

    regards.

  • pshankland January 16, 2013, 10:01 pm

    When I run ‘echo 1024 65535 > /proc/sys/net/ipv4/ip_local_port_range’ I keep getting:

    -bash: /proc/sys/net/ipv4/ip_local_port_range: Permission denied

    Any ideas?

    • nixCraft January 18, 2013, 10:52 am

      Run as root user.

      • kellogs April 11, 2013, 11:40 pm

        awful advice

        • CanadaDry August 1, 2013, 6:39 pm

          @kellogs
          idiot, pull up your big boy pants and use root when necessary.

          root gestapo stoppers unite

        • Drew November 22, 2013, 1:18 pm

          Uh how else would you write to this file?

  • Naidu June 7, 2013, 8:21 am

    What is the equivalent for QNX?

  • Samuel Antwi June 21, 2014, 3:53 pm

    pshanklandlogin as root and run it

  • sysadmin December 31, 2014, 2:46 pm

    Thanks!

    I have succeeded to get rid of “haproxy Connect() failed for backend adsapp: no free ports” error mesages using info in this article.

Leave a Comment