Skip to main content
Code42 Support

Reconfigure incorrect port settings with network redirection

Applies to:
  • CrashPlan PROe

Overview

This tutorial explains how to use the internal firewall of an enterprise server in order to restore CrashPlan app or SharePlan app connectivity when the port number of the primary or secondary network address, or both, was entered incorrectly. However, this workaround only works in certain cases, as discussed below.

Considerations

You will sometimes need to make network configuration changes to an enterprise server that is already functioning in a working Code42 environment. If an incorrect network address is entered in the administration console, endpoint devices can be cut off from communication with the enterprise server. This tutorial explains how to modify the internal firewall settings of an enterprise server in order to restore CrashPlan app or SharePlan app connectivity when the following conditions are met:

  • The primary and/or secondary network addresses were entered incorrectly in the administration console
  • The incorrect settings prevents some or all CrashPlan apps and/or SharePlan apps from connecting to the master server for backups, restores, or syncing
  • The incorrect information is restricted to the port number, but the IP address or hostname itself is correct (or a DNS change can redirect endpoint devices to the master server)

Before you begin

You will need administrative access to your enterprise server in order to complete this task.

Be sure you understand the exact cause of the connectivity issues you are trying to solve before attempting this task. If you input further incorrect information, these steps have the potential to strand even more CrashPlan apps or SharePlan apps.

Redirecting ports on a Linux Enterprise Server

Before you begin

This process uses the built-in Linux firewall application iptables. Iptables is usually installed by default on most Linux distributions. You should have some familiarity with the Linux command line and iptables before undertaking this process.

You can easily determine whether or not your enterprise server has iptables installed by entering the following command on the Linux command line: iptables

If iptables is installed, you should see output similar to:

iptables v1.4.14: no command specified
Try `iptables -h' or 'iptables --help' for more information.

If iptables is not installed, please follow the procedure for your Linux distribution in order to install iptables.

Older versions of Linux
You may need to modify the instructions below to suit your individual environment. Less recent versions of Linux may lack modules or components referenced here.

Steps

Step 1: Sign in to Enterprise Server

Sign in to the enterprise server using ssh, in order to gain command-line access. You will need root permissions to modify the firewall rules.

Step 2: Redirect relevant ports using iptables

You will now need to redirect the port that your CrashPlan apps are trying to use based on the wrong primary and/or secondary network addresses to the correct address. For this example, we are making the following assumptions:

  • the devices running the CrashPlan app are trying to connect to port 5282
  • the enterprise server is actually listening on port 4282 (the standard port)

Replace the port number (5282) with the actual mistyped port number from your primary and/or secondary network address settings.

The actual steps for redirecting the ports using iptables:

  1. In your command-line terminal, enter the command: iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 5282 -j REDIRECT --to-port 4282
  2. Confirm that the new firewall rule is in effect with the command: iptables -t nat -L -n -v
    • The output of the last command should contain the following:
    • Chain PREROUTING (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination 2 120 REDIRECT tcp -- eth0 * 0.0.0.0/0 0.0.0.0/0 tcp dpt:5282 redir ports 4282

Step 3: Confirm that CrashPlan apps are now able to connect

After you have updated the iptables rules on the enterprise server, devices that are attempting to connect should be able to contact the enterprise server automatically.

Simply sign in to the administration console, and confirm that devices are reconnecting:

Console Showing That Clients Are Online

Step 4: Correct the mistyped network address/port number in the Enterprise Server Administration console

  1. Sign in to the administration console on your enterprise server.
  2. Go to Settings > Server, and enter the correct values for the primary and/or secondary network addresses.

Step 5: Push the network changes to the CrashPlan apps

In order to push the corrected network configuration changes to the endpoint devices, follow these steps to push the settings out to the devices:

  1. Go to Settings>Device, and push any of the settings using the push button.
    You do not have to actually change a setting before pushing the settings.
  2. You will be presented with a confirmation pop-up. Click the confirmation check-box, then click the Push button:

Pushing Settings To Clients With The Console

Step 6: Confirm that devices have received network changes

From a device, go to Settings > Account, then confirm that the primary and secondary network addresses show the corrected values.

Step 7: Delete firewall port redirection rule using iptables (optional)

Once you are certain that the affected user devices have received the corrected changes, you may delete the firewall rule that redirects CrashPlan apps and SharePlan apps to the correct port.

  • The simplest way to do this is to reboot the enterprise server, as the operating system will not preserve the firewall rule change from above without further steps.
  • You may also delete the firewall rule from the Linux command line.
    1. Enter the following command (be sure to replace the example port of 5282 with the actual "bad" port number from your environment):
      iptables -t nat -D PREROUTING -i eth0 -p tcp --dport 5282 -j REDIRECT --to-port 4282
    2. Confirm that the port redirection rule was deleted with the command:
      iptables -t nat -L -n -v
    3. The output should show that the port redirection rule is now absent.

Redirecting ports on a Windows Enterprise Server

Before you begin

This solution requires the use of the Windows command prompt, and the netsh.exe command. You should be familiar with using the Windows command prompt and netsh.exe. You will need to run the command prompt with administrative privileges. To do this, right-click the command prompt icon from the Windows menu and choose "Run as administrator".

Steps

Step 1: Sign in to Enterprise Server

You will need administrative access to the Windows server running the enterprise server.

Step 2: Redirect relevant ports using netsh

You will now need to redirect the port that your CrashPlan apps are trying to use based on the wrong primary and/or secondary network addresses to the correct address. For this example, we are making the following assumptions:

  • the devices running the CrashPlan app are trying to connect to port 5282
  • the enterprise server is actually listening on port 4282 (the standard port)

Replace the port number (5282) with the actual mistyped port number from your primary and/or secondary network address settings.

From a Windows command prompt, enter the following command:

netsh interface portproxy add v4tov4 listenport=5282 listenaddress=172.16.206.130 connectport=4282 connectaddress=172.16.206.130

Step 3: Confirm that CrashPlan apps are now able to connect

After you have used netsh on the enterprise server, devices that are attempting to connect should be able to contact the enterprise server automatically.

Simply sign in to the administration console, and confirm that devices are reconnecting:

Console Showing That Clients Are Online

Step 4: Correct the mistyped network address/port number in the Enterprise Server Administration console

  1. Sign in to the administration console on your enterprise server.
  2. Go to Settings > Server, and enter the correct values for the primary and/or secondary network addresses.

Step 5: Push the network changes to the CrashPlan apps

In order to push the corrected network configuration changes to the endpoint devices, follow these steps to push the settings out to the devices:

  1. Go to Settings>Device, and push any of the settings using the push button.
    You do not have to actually change a setting before pushing the settings.
  2. You will be presented with a confirmation pop-up. Click the confirmation check-box, then click the Push button:

Pushing Settings To Clients With The Console

Step 6: Confirm that devices have received network changes

From a device, go to Settings > Account, then confirm that the primary and secondary network addresses show the corrected values.

There is currently no setting that can be checked from the SharePlan app to verify the corrected change.

Step 7: Delete firewall port redirection rule using netsh (optional)

Once you are certain that the affected user devices have received the corrected changes, you may delete the firewall rule that redirects CrashPlan apps and SharePlan apps to the correct port.

Using the Windows command prompt, enter the following command (replace the port and IP values below with the actual values from your environment):
netsh interface portproxy delete v4tov4 listenport=5282 listenaddress=192.0.2.10

External resources