修改linux端口范围 ip_local_port_range

tags: ip_local_port_range 端口范围 sysctl

Linux中有限定端口的使用范围，如果我要为我的程序预留某些端口，那么我需要控制这个端口范围，

本文主要描述如何去修改端口范围。

1 2

/proc/sys/net/ipv4/ip_local_port_range的原文解释： The /proc/sys/net/ipv4/ip_local_port_range defines the local port range that is used by TCP and UDP traffic to choose the local port. You will see in the parameters of this file two numbers: The first number is the first local port allowed for TCP and UDP traffic on the server, the second is the last local port number. For high-usage systems you may change its default parameters to 32768-61000 -first-last.

/proc/sys/net/ipv4/ip_local_port_range定义了本地tcp/udp的端口范围。可以理解为系统中的程序会选择这个范围内的端口来连接到目的端口（目的端口当然是用户指定的）。

1 2	[root@localhost ~]# cat /proc/sys/net/ipv4/ip_local_port_range 32768   61000

可以看到，现在定义的范围是32768-61000.

如果想修改这个范围，可以使用sysctl工具，sysctl的配置文件位于/etc/sysctl.conf 。

先看一下man中的描述

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61

[root@kedacom mcu]# man sysctl SYSCTL(8)                                                            SYSCTL(8)   NAME        sysctl - configure kernel parameters at runtime   SYNOPSIS        sysctl [-n] [-e] variable ... SYSCTL(8)                                                            SYSCTL(8)   NAME        sysctl - configure kernel parameters at runtime   SYNOPSIS        sysctl [-n] [-e] variable ...        sysctl [-n] [-e] [-q] -w variable=value ...        sysctl [-n] [-e] [-q] -p <filename>        sysctl [-n] [-e] -a        sysctl [-n] [-e] -A   DESCRIPTION        sysctl  is used to modify kernel parameters at runtime.  The parameters available are those listed under /proc/sys/.  Procfs is required for sysctl(8) support in Linux.  You        can use sysctl(8) to both read and write sysctl data.   PARAMETERS        variable               The name of a key to read from.  An example is kernel.ostype.  The ??separator is also accepted in place of a ??          variable=value               To set a key, use the form variable=value, where variable is the key and value is the value to set it to.  If the value contains quotes or characters which are parsed               by the shell, you may need to enclose the value in double quotes.  This requires the -w parameter to use.          -n     Use this option to disable printing of the key name when printing values.          -e     Use this option to ignore errors about unknown keys.          -N     Use this option to only print the names. It may be useful with shells that have programmable completion.          -q     Use this option to not display the values set to stdout.          -w     Use this option when you want to change a sysctl setting.          -p     Load in sysctl settings from the file specified or /etc/sysctl.conf if none given.  Specifying - as filename means reading data from standard input.          -a     Display all values currently available.          -A     Same as -a   EXAMPLES        /sbin/sysctl -a          /sbin/sysctl -n kernel.hostname          /sbin/sysctl -w kernel.domainname="example.com"          /sbin/sysctl -p /etc/sysctl.conf   NOTES        Please  note  that  modules loaded after sysctl is run may override the settings (example: sunrpc.* settings are overridden when the sunrpc module is loaded). This may cause        some confusion during boot when the settings in sysctl.conf may be overriden. To prevent such a situation, sysctl must be run after the particular module  is  loaded  (e.g.,        from /etc/rc.d/rc.local or by using the install directive in modprobe.conf)

配置文件中也许没有定于范围，那么可以在文件中加上，见最后的#test段：

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39

[root@localhost ~]# vim /etc/sysctl.conf # Kernel sysctl configuration file for Red Hat Linux # # For binary values, 0 is disabled, 1 is enabled.  See sysctl(8) and # sysctl.conf(5) for more details.   # Controls IP packet forwarding net.ipv4.ip_forward = 0   # Controls source route verification net.ipv4.conf.default.rp_filter = 1   # Do not accept source routing net.ipv4.conf.default.accept_source_route = 0   # Controls the System Request debugging functionality of the kernel kernel.sysrq = 0   # Controls whether core dumps will append the PID to the core filename # Useful for debugging multi-threaded applications kernel.core_uses_pid = 1   # Controls the use of TCP syncookies net.ipv4.tcp_syncookies = 1   # Controls the maximum size of a message, in bytes kernel.msgmnb = 65536   # Controls the default maxmimum size of a mesage queue kernel.msgmax = 65536   # Controls the maximum shared segment size, in bytes kernel.shmmax = 68719476736   # Controls the maximum number of shared memory segments, in pages kernel.shmall = 4294967296   #test net.ipv4.ip_local_port_range = 32768 59000

修改后，可以使用以下命令重新加载

1 2 3 4 5 6 7 8 9 10 11 12

[root@localhost ~]# sysctl -p /etc/sysctl.conf net.ipv4.ip_forward = 0 net.ipv4.conf.default.rp_filter = 1 net.ipv4.conf.default.accept_source_route = 0 kernel.sysrq = 0 kernel.core_uses_pid = 1 net.ipv4.tcp_syncookies = 1 kernel.msgmnb = 65536 kernel.msgmax = 65536 kernel.shmmax = 68719476736 kernel.shmall = 4294967296 net.ipv4.ip_local_port_range = 32768 59000

再次查看，发现端口范围已经修改了。

1 2	[root@localhost ~]# cat /proc/sys/net/ipv4/ip_local_port_range 32768   59000