tags: ip_local_port_range 端口范围 sysctl

Linux中有限定端口的使用范围,如果我要为我的程序预留某些端口,那么我需要控制这个端口范围,

本文主要描述如何去修改端口范围。

1
2
/proc/sys/net/ipv4/ip_local_port_range的原文解释:
The /proc/sys/net/ipv4/ip_local_port_range defines the local port range that is used by TCP and UDP traffic to choose the local port. You will see in the parameters of this file two numbers: The first number is the first local port allowed for TCP and UDP traffic on the server, the second is the last local port number. For high-usage systems you may change its default parameters to 32768-61000 -first-last.

/proc/sys/net/ipv4/ip_local_port_range定义了本地tcp/udp的端口范围。可以理解为系统中的程序会选择这个范围内的端口来连接到目的端口(目的端口当然是用户指定的)。

1
2
[root@localhost ~]# cat /proc/sys/net/ipv4/ip_local_port_range
32768   61000

可以看到,现在定义的范围是32768-61000.

如果想修改这个范围,可以使用sysctl工具,sysctl的配置文件位于/etc/sysctl.conf 。

先看一下man中的描述

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
[root@kedacom mcu]# man sysctl
SYSCTL(8)                                                            SYSCTL(8)
 
NAME
       sysctl - configure kernel parameters at runtime
 
SYNOPSIS
       sysctl [-n] [-e] variable ...
SYSCTL(8)                                                            SYSCTL(8)
 
NAME
       sysctl - configure kernel parameters at runtime
 
SYNOPSIS
       sysctl [-n] [-e] variable ...
       sysctl [-n] [-e] [-q] -w variable=value ...
       sysctl [-n] [-e] [-q] -p <filename>
       sysctl [-n] [-e] -a
       sysctl [-n] [-e] -A
 
DESCRIPTION
       sysctl  is used to modify kernel parameters at runtime.  The parameters available are those listed under /proc/sys/.  Procfs is required for sysctl(8) support in Linux.  You
       can use sysctl(8) to both read and write sysctl data.
 
PARAMETERS
       variable
              The name of a key to read from.  An example is kernel.ostype.  The ??separator is also accepted in place of a ??
 
       variable=value
              To set a key, use the form variable=value, where variable is the key and value is the value to set it to.  If the value contains quotes or characters which are parsed
              by the shell, you may need to enclose the value in double quotes.  This requires the -w parameter to use.
 
       -n     Use this option to disable printing of the key name when printing values.
 
       -e     Use this option to ignore errors about unknown keys.
 
       -N     Use this option to only print the names. It may be useful with shells that have programmable completion.
 
       -q     Use this option to not display the values set to stdout.
 
       -w     Use this option when you want to change a sysctl setting.
 
       -p     Load in sysctl settings from the file specified or /etc/sysctl.conf if none given.  Specifying - as filename means reading data from standard input.
 
       -a     Display all values currently available.
 
       -A     Same as -a
 
EXAMPLES
       /sbin/sysctl -a
 
       /sbin/sysctl -n kernel.hostname
 
       /sbin/sysctl -w kernel.domainname="example.com"
 
       /sbin/sysctl -p /etc/sysctl.conf
 
NOTES
       Please  note  that  modules loaded after sysctl is run may override the settings (example: sunrpc.* settings are overridden when the sunrpc module is loaded). This may cause
       some confusion during boot when the settings in sysctl.conf may be overriden. To prevent such a situation, sysctl must be run after the particular module  is  loaded  (e.g.,
       from /etc/rc.d/rc.local or by using the install directive in modprobe.conf)

配置文件中也许没有定于范围,那么可以在文件中加上,见最后的#test段:

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
[root@localhost ~]# vim /etc/sysctl.conf
# Kernel sysctl configuration file for Red Hat Linux
#
# For binary values, 0 is disabled, 1 is enabled.  See sysctl(8) and
# sysctl.conf(5) for more details.
 
# Controls IP packet forwarding
net.ipv4.ip_forward = 0
 
# Controls source route verification
net.ipv4.conf.default.rp_filter = 1
 
# Do not accept source routing
net.ipv4.conf.default.accept_source_route = 0
 
# Controls the System Request debugging functionality of the kernel
kernel.sysrq = 0
 
# Controls whether core dumps will append the PID to the core filename
# Useful for debugging multi-threaded applications
kernel.core_uses_pid = 1
 
# Controls the use of TCP syncookies
net.ipv4.tcp_syncookies = 1
 
# Controls the maximum size of a message, in bytes
kernel.msgmnb = 65536
 
# Controls the default maxmimum size of a mesage queue
kernel.msgmax = 65536
 
# Controls the maximum shared segment size, in bytes
kernel.shmmax = 68719476736
 
# Controls the maximum number of shared memory segments, in pages
kernel.shmall = 4294967296
 
#test
net.ipv4.ip_local_port_range = 32768 59000

修改后,可以使用以下命令重新加载

1
2
3
4
5
6
7
8
9
10
11
12
[root@localhost ~]# sysctl -p /etc/sysctl.conf
net.ipv4.ip_forward = 0
net.ipv4.conf.default.rp_filter = 1
net.ipv4.conf.default.accept_source_route = 0
kernel.sysrq = 0
kernel.core_uses_pid = 1
net.ipv4.tcp_syncookies = 1
kernel.msgmnb = 65536
kernel.msgmax = 65536
kernel.shmmax = 68719476736
kernel.shmall = 4294967296
net.ipv4.ip_local_port_range = 32768 59000

再次查看,发现端口范围已经修改了。

1
2
[root@localhost ~]# cat /proc/sys/net/ipv4/ip_local_port_range
32768   59000

修改linux端口范围 ip_local_port_range的更多相关文章

  1. Linux修改SSH端口和禁止Root远程登陆

    Linux修改ssh端口22 vi /etc/ssh/ssh_config vi /etc/ssh/sshd_config 然后修改为port 8888 以root身份service sshd res ...

  2. 【转】Linux修改SSH端口和禁止Root远程登陆

    Linux修改ssh端口22 vi /etc/ssh/ssh_config vi /etc/ssh/sshd_config 然后修改为port 8888 以root身份service sshd res ...

  3. Linux 修改linux的SSH的默认端口

    修改linux的SSH的默认端口 by:授客 QQ:1033553122 安装完linux后,默认的情况下ssh是开放的,容易造到黑客攻击,简单有效的操作之一就是修改默认端口号   步骤一:修改/et ...

  4. 修改Linux SSH连接端口和禁用IP,安装DDoS deflate

    测试系统:centos7 修改连接端口 修改配置文件 vi /etc/ssh/sshd_config 去掉port 22的注释,添加新的端口配置 port your_port_num 自定义端口选择建 ...

  5. linux系统中 redis 保存数据的5种形式 linux后端模式启动 jedis无法通过IP地址和端口号访问如何修改linux防火墙

    vim修改redis.conf配置文件(我的已经复制到虚拟机的/usr/local/redis/bin目录下)为daemonize yes, 以后端模式启动 ./redis-server redis. ...

  6. 在Linux上安装多Jboss个需要修改的端口

    如果在一台机器上部署了多个jboss server,需要修改相关端口以避免端口冲突.目前确认需要修改的配置如下一.vi $JBOSS_HOME/server/default/conf/jboss-se ...

  7. linux修改ssh端口 以及禁止root远程登录 (实验机 CentOs)

    把ssh默认远程连接端口修改为3333 1.编辑防火墙配置: vi /etc/sysconfig/iptables 防火墙新增端口3333,方法如下: -A INPUT -m state --stat ...

  8. Linux 环境 搭建Git 服务器,并且修改SSH端口使用

    1.环境配置说明 服务器 CentOS 7 + git(git version 1.8.3.1) 客户端 Windows10 + SourceTree 2.安装 Git 服务器端安装: sudo yu ...

  9. 修改Linux内核参数提高Nginx服务器并发性能

    当linux下Nginx达到并发数很高,TCP TIME_WAIT套接字数量经常达到两.三万,这样服务器很容易被拖死.事实上,我们可以简单的通过修改Linux内核参数,可以减少Nginx服务器 的TI ...

随机推荐

  1. python函数基础以及函数参数简解

    python中函数分为函数.内置函数Python所有的内置函数 自定义函数要使用def语句,依次写出函数名.括号.括号中的参数和冒号:,然后,在缩进块中编写函数体,函数的返回值用return语句返回. ...

  2. [设计模式 3] 用设计模式的眼光看MVC框架

    导读:之前一直在区分MVC和设计模式的区别,但是,既然有些人认为MVC是一种设计模式,那么它们之间肯定是有共通之处的.所以,本篇博客,就用设计模式的眼光来看MVC框架.仅是本人对于MVC的粗鄙看法,还 ...

  3. Dede后台验证码不显示解决方法详解(dedecms 5.7)

    今天朋友问我他本地与服务器上安装了dedecms5.7无法显示验证码,一般这种情况很少见,一般情况就是服务器设置问题,还有临时目录的权限问题 Dede后台验证码不显示或不正常分三种情况,下面来逐一分析 ...

  4. CSS3 圆形时钟式网页进度条

    <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/ ...

  5. android studio首次运行出错

    转载2015-10-24 16:28:15 标签:androidstudioandroidstudio无法启androidstudio1.4无法 Internal error. Please repo ...

  6. Android OptionMenu

    1.Java package com.fish.helloworld; import android.app.Activity; import android.content.Context; imp ...

  7. js设计模式(11)---命令模式

    0.前言 早上好,早晨的时光总是美好的,坐在空调屋里,看着外边的蓝天白云,不停地敲击着键盘,多么美好地享受,也许屌丝就是如此容易满足. 1.什么是命令模式? 用于将一个请求封装为一个对象,从而可用不同 ...

  8. 在Linux命令行窗口中,怎么向上翻页?

    解决方法:本机环境:vmware linux Redhat9.0版本 使用:Shift + PageUp 和 Shift + PageDown向上和向下翻页

  9. Mysql连接测试代码

    <?php $link=mysql_connect('localhost','root','htuidc'); if($link) echo "success"; ?>

  10. 在peopletools里面测试文件上传

    Using the PeopleTools Test Utilities Page Select selectPeopleTools, then selectUtilities, then selec ...