Linux increase ip_local_port_range TCP port range

Oh Dear! monitors your entire site, not just the homepage. We crawl and search for broken pages and mixed content, send alerts when your site is down and notify you on expiring SSL certificates.

Start your free 10 day trial! »

Image of Mattias Geniar

Mattias Geniar, November 02, 2015

Follow me on Twitter as @mattiasgeniar

For heavy traffic network servers, like proxy servers or load balancers, you may need to increase the networking port range.

On Linux, there is a sysctl parameter called ip_local_port_range that defines the minimum and maximum port a networking connection can use as its source (local) port. This applies to both TCP and UDP connections.

To find out the current IP range, use the following commands:

$ cat /proc/sys/net/ipv4/ip_local_port_range
32768   61000

or:

$ sysctl net.ipv4.ip_local_port_range
net.ipv4.ip_local_port_range = 32768    61000

The value is shown as “minimum maximum” value, so the local port for new connections will be between 32.768 and 61.000, by default that’s a 28.232 range of ports. Sounds plenty, but heavy traffic servers can easily reach this limit.

For heavy traffic servers, you can increase the total port range like this.

$ sysctl -w net.ipv4.ip_local_port_range="15000 64000"
net.ipv4.ip_local_port_range = 15000 64000

Or, by using echo to pass a value directly into /proc.

$ echo 15000 64000 > /proc/sys/net/ipv4/ip_local_port_range

To make the changes persistent on boot, save your config in either /etc/sysctl.conf or in a custom file that gets included in your main configs.

$ cat /etc/sysctl.d/net.ipv4.ip_local_port_range.conf
net.ipv4.ip_local_port_range = 15000 65000

To find out how many sessions your server is currently handling, use the following commands:

$ ss -s
Total: 2933 (kernel 3131)
TCP:   43915 (estab 2655, closed 41080, orphaned 159, synrecv 0, timewait 41080/0), ports 30347

Transport Total     IP        IPv6
*     3131      -         -
RAW   0         0         0
UDP   17        11        6
TCP   2835      2832      3
INET      2852      2843      9
FRAG      0         0         0

$ netstat -anp | more
...
tcp        0      0 10.50.1.6:41205        10.50.1.10:80           TIME_WAIT   -
tcp        0      0 10.50.1.6:42515        10.50.1.10:80           TIME_WAIT   -
tcp        0      0 10.50.1.6:59845        10.50.1.10:80           TIME_WAIT   -

Please be careful with increasing the TCP port range though, there are limits!

Will you help me share this post?

It would mean a lot to me if you could help share this post on social media. 🤗