tags: ip_local_port_range 端口范圍 sysctl
Linux中有限定端口的使用范圍,如果我要為我的程序預留某些端口,那么我需要控制這個端口范圍,
本文主要描述如何去修改端口范圍。
|
1
2
|
/proc/sys/net/ipv4/ip_local_port_range的原文解釋:
The /proc/sys/net/ipv4/ip_local_port_range defines the local port range that is used by TCP and UDP traffic to choose the local port. You will see in the parameters of
this
file two numbers: The first number is the first local port allowed
for
TCP and UDP traffic on the server, the second is the last local port number. For high-usage systems you may change its
default
parameters to 32768-61000 -first-last.
|
/proc/sys/net/ipv4/ip_local_port_range定義了本地tcp/udp的端口范圍。可以理解為系統中的程序會選擇這個范圍內的端口來連接到目的端口(目的端口當然是用戶指定的)。
|
1
2
|
[root@localhost ~]# cat /proc/sys/net/ipv4/ip_local_port_range
32768
61000
|
可以看到,現在定義的范圍是32768-61000.
如果想修改這個范圍,可以使用sysctl工具,sysctl的配置文件位於/etc/sysctl.conf 。
先看一下man中的描述
|
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
|
[root@kedacom mcu]# man sysctl
SYSCTL(
8
) SYSCTL(
8
)
NAME
sysctl - configure kernel parameters at runtime
SYNOPSIS
sysctl [-n] [-e]
var
iable ...
SYSCTL(
8
) SYSCTL(
8
)
NAME
sysctl - configure kernel parameters at runtime
SYNOPSIS
sysctl [-n] [-e]
var
iable ...
sysctl [-n] [-e] [-q] -w
var
iable=value ...
sysctl [-n] [-e] [-q] -p <filename>
sysctl [-n] [-e] -a
sysctl [-n] [-e] -A
DESCRIPTION
sysctl
is
used to modify kernel parameters at runtime. The parameters available are those listed under /proc/sys/. Procfs
is
required
for
sysctl(
8
) support
in
Linux. You
can
use
sysctl(
8
) to both read and write sysctl data.
PARAMETERS
var
iable
The name of a key to read from. An example
is
kernel.ostype. The ??separator
is
also accepted
in
place of a ??
var
iable=value
To
set
a key,
use
the form
var
iable=value, where
var
iable
is
the key and value
is
the value to
set
it to. If the value contains quotes or characters which are parsed
by the shell, you may need to enclose the value
in
double quotes. This requires the -w parameter to
use
.
-n Use
this
option to disable printing of the key name when printing values.
-e Use
this
option to ignore errors about unknown keys.
-N Use
this
option to only print the names. It may be useful
with
shells that have programmable completion.
-q Use
this
option to not display the values
set
to stdout.
-w Use
this
option when you want to change a sysctl setting.
-p Load
in
sysctl settings from the file specified or /etc/sysctl.conf
if
none given. Specifying -
as
filename means reading data from standard input.
-a Display all values currently available.
-A Same
as
-a
EXAMPLES
/sbin/sysctl -a
/sbin/sysctl -n kernel.hostname
/sbin/sysctl -w kernel.domainname=
"example.com"
/sbin/sysctl -p /etc/sysctl.conf
NOTES
Please note that modules loaded after sysctl
is
run may
override
the settings (example: sunrpc.* settings are overridden when the sunrpc module
is
loaded). This may cause
some confusion during boot when the settings
in
sysctl.conf may be overriden. To prevent such a situation, sysctl must be run after the particular module
is
loaded (e.g.,
from /etc/rc.d/rc.local or by using the install directive
in
modprobe.conf)
|
配置文件中也許沒有定於范圍,那么可以在文件中加上,見最后的#test段:
|
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
|
[root@localhost ~]# vim /etc/sysctl.conf
# Kernel sysctl configuration file
for
Red Hat Linux
#
# For binary values,
0
is
disabled,
1
is
enabled. See sysctl(
8
) and
# sysctl.conf(
5
)
for
more details.
# Controls IP packet forwarding
net.ipv4.ip_forward =
0
# Controls source route verification
net.ipv4.conf.
default
.rp_filter =
1
# Do not accept source routing
net.ipv4.conf.
default
.accept_source_route =
0
# Controls the System Request debugging functionality of the kernel
kernel.sysrq =
0
# Controls whether core dumps will append the PID to the core filename
# Useful
for
debugging multi-threaded applications
kernel.core_uses_pid =
1
# Controls the
use
of TCP syncookies
net.ipv4.tcp_syncookies =
1
# Controls the maximum size of a message,
in
bytes
kernel.msgmnb =
65536
# Controls the
default
maxmimum size of a mesage queue
kernel.msgmax =
65536
# Controls the maximum shared segment size,
in
bytes
kernel.shmmax =
68719476736
# Controls the maximum number of shared memory segments,
in
pages
kernel.shmall =
4294967296
#test
net.ipv4.ip_local_port_range =
32768
59000
|
修改后,可以使用以下命令重新加載
|
1
2
3
4
5
6
7
8
9
10
11
12
|
[root@localhost ~]# sysctl -p /etc/sysctl.conf
net.ipv4.ip_forward =
0
net.ipv4.conf.
default
.rp_filter =
1
net.ipv4.conf.
default
.accept_source_route =
0
kernel.sysrq =
0
kernel.core_uses_pid =
1
net.ipv4.tcp_syncookies =
1
kernel.msgmnb =
65536
kernel.msgmax =
65536
kernel.shmmax =
68719476736
kernel.shmall =
4294967296
net.ipv4.ip_local_port_range =
32768
59000
|
再次查看,發現端口范圍已經修改了。
|
1
2
|
[root@localhost ~]# cat /proc/sys/net/ipv4/ip_local_port_range
32768
59000
|