修改linux端口範圍 ip_local_port_range

tags: ip_local_port_range 端口範圍 sysctl 

 

Linux中有限定端口的使用範圍，若是我要爲個人程序預留某些端口，那麼我須要控制這個端口範圍，

本文主要描述如何去修改端口範圍。

 

1 2

/proc/sys/net/ipv4/ip_local_port_range的原文解釋： The /proc/sys/net/ipv4/ip_local_port_range defines the local port range that is used by TCP and UDP traffic to choose the local port. You will see in the parameters of this file two numbers: The first number is the first local port allowed for TCP and UDP traffic on the server, the second is the last local port number. For high-usage systems you may change its default parameters to 32768-61000 -first-last.

 

/proc/sys/net/ipv4/ip_local_port_range定義了本地tcp/udp的端口範圍。能夠理解爲系統中的程序會選擇這個範圍內的端口來鏈接到目的端口（目的端口固然是用戶指定的）。

 

1 2	[root@localhost ~]# cat /proc/sys/net/ipv4/ip_local_port_range 32768   61000

 

能夠看到，如今定義的範圍是32768-61000.

 

若是想修改這個範圍，能夠使用sysctl工具，sysctl的配置文件位於/etc/sysctl.conf 。

先看一下man中的描述

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61

[root@kedacom mcu]# man sysctl SYSCTL( 8 )                                                            SYSCTL( 8 )   NAME         sysctl - configure kernel parameters at runtime   SYNOPSIS         sysctl [-n] [-e] var iable ... SYSCTL( 8 )                                                            SYSCTL( 8 )   NAME         sysctl - configure kernel parameters at runtime   SYNOPSIS         sysctl [-n] [-e] var iable ...         sysctl [-n] [-e] [-q] -w var iable=value ...         sysctl [-n] [-e] [-q] -p <filename>         sysctl [-n] [-e] -a         sysctl [-n] [-e] -A   DESCRIPTION         sysctl  is used to modify kernel parameters at runtime.  The parameters available are those listed under /proc/sys/.  Procfs is required for sysctl( 8 ) support in Linux.  You         can use sysctl( 8 ) to both read and write sysctl data.   PARAMETERS         var iable                The name of a key to read from.  An example is kernel.ostype.  The ??separator is also accepted in place of a ??           var iable=value                To set a key, use the form var iable=value, where var iable is the key and value is the value to set it to.  If the value contains quotes or characters which are parsed                by the shell, you may need to enclose the value in double quotes.  This requires the -w parameter to use .           -n     Use this option to disable printing of the key name when printing values.           -e     Use this option to ignore errors about unknown keys.           -N     Use this option to only print the names. It may be useful with shells that have programmable completion.           -q     Use this option to not display the values set to stdout.           -w     Use this option when you want to change a sysctl setting.           -p     Load in sysctl settings from the file specified or /etc/sysctl.conf if none given.  Specifying - as filename means reading data from standard input.           -a     Display all values currently available.           -A     Same as -a   EXAMPLES         /sbin/sysctl -a           /sbin/sysctl -n kernel.hostname           /sbin/sysctl -w kernel.domainname= "example.com"           /sbin/sysctl -p /etc/sysctl.conf   NOTES         Please  note  that  modules loaded after sysctl is run may override the settings (example: sunrpc.* settings are overridden when the sunrpc module is loaded). This may cause         some confusion during boot when the settings in sysctl.conf may be overriden. To prevent such a situation, sysctl must be run after the particular module  is  loaded  (e.g.,         from /etc/rc.d/rc.local or by using the install directive in modprobe.conf)

 

 

配置文件中也許沒有定於範圍，那麼能夠在文件中加上，見最後的#test段：

 

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39

[root@localhost ~]# vim /etc/sysctl.conf # Kernel sysctl configuration file for Red Hat Linux # # For binary values, 0 is disabled, 1 is enabled.  See sysctl( 8 ) and # sysctl.conf( 5 ) for more details.   # Controls IP packet forwarding net.ipv4.ip_forward = 0   # Controls source route verification net.ipv4.conf. default .rp_filter = 1   # Do not accept source routing net.ipv4.conf. default .accept_source_route = 0   # Controls the System Request debugging functionality of the kernel kernel.sysrq = 0   # Controls whether core dumps will append the PID to the core filename # Useful for debugging multi-threaded applications kernel.core_uses_pid = 1   # Controls the use of TCP syncookies net.ipv4.tcp_syncookies = 1   # Controls the maximum size of a message, in bytes kernel.msgmnb = 65536   # Controls the default maxmimum size of a mesage queue kernel.msgmax = 65536   # Controls the maximum shared segment size, in bytes kernel.shmmax = 68719476736   # Controls the maximum number of shared memory segments, in pages kernel.shmall = 4294967296   #test net.ipv4.ip_local_port_range = 32768 59000

 

 

修改後，能夠使用如下命令從新加載

1 2 3 4 5 6 7 8 9 10 11 12

[root@localhost ~]# sysctl -p /etc/sysctl.conf net.ipv4.ip_forward = 0 net.ipv4.conf. default .rp_filter = 1 net.ipv4.conf. default .accept_source_route = 0 kernel.sysrq = 0 kernel.core_uses_pid = 1 net.ipv4.tcp_syncookies = 1 kernel.msgmnb = 65536 kernel.msgmax = 65536 kernel.shmmax = 68719476736 kernel.shmall = 4294967296 net.ipv4.ip_local_port_range = 32768 59000

再次查看，發現端口範圍已經修改了。

1 2	[root@localhost ~]# cat /proc/sys/net/ipv4/ip_local_port_range 32768   59000