Linux increase ip_local_port_range TCP port range

Profile image of Mattias Geniar

Mattias Geniar, November 02, 2015

Follow me on Twitter as @mattiasgeniar

For heavy traffic network servers, like proxy servers or load balancers, you may need to increase the networking port range.

On Linux, there is a sysctl parameter called ip_local_port_range that defines the minimum and maximum port a networking connection can use as its source (local) port. This applies to both TCP and UDP connections.

To find out the current IP range, use the following commands:

$ cat /proc/sys/net/ipv4/ip_local_port_range
32768	61000

or:

$ sysctl net.ipv4.ip_local_port_range
net.ipv4.ip_local_port_range = 32768	61000

The value is shown as “minimum maximum” value, so the local port for new connections will be between 32.768 and 61.000, by default that’s a 28.232 range of ports. Sounds plenty, but heavy traffic servers can easily reach this limit.

For heavy traffic servers, you can increase the total port range like this.

$ sysctl -w net.ipv4.ip_local_port_range="15000 64000"
net.ipv4.ip_local_port_range = 15000 64000

Or, by using echo to pass a value directly into /proc.

$ echo 15000 64000 > /proc/sys/net/ipv4/ip_local_port_range

To make the changes persistent on boot, save your config in either /etc/sysctl.conf or in a custom file that gets included in your main configs.

$ cat /etc/sysctl.d/net.ipv4.ip_local_port_range.conf
net.ipv4.ip_local_port_range = 15000 65000

To find out how many sessions your server is currently handling, use the following commands:

$ ss -s
Total: 2933 (kernel 3131)
TCP:   43915 (estab 2655, closed 41080, orphaned 159, synrecv 0, timewait 41080/0), ports 30347

Transport Total     IP        IPv6
*	  3131      -         -
RAW	  0         0         0
UDP	  17        11        6
TCP	  2835      2832      3
INET	  2852      2843      9
FRAG	  0         0         0

$ netstat -anp | more
...
tcp        0      0 10.50.1.6:41205        10.50.1.10:80           TIME_WAIT   -
tcp        0      0 10.50.1.6:42515        10.50.1.10:80           TIME_WAIT   -
tcp        0      0 10.50.1.6:59845        10.50.1.10:80           TIME_WAIT   -

Please be careful with increasing the TCP port range though, there are limits!



Want to subscribe to the cron.weekly newsletter?

I write a weekly-ish newsletter on Linux, open source & webdevelopment called cron.weekly.

It features the latest news, guides & tutorials and new open source projects. You can sign up via email below.

No spam. Just some good, practical Linux & open source content.